"Permission denied" on file when running a docker container

Question

I have a file that I can't edit but needs to run on in a docker container. Because the file doesn't have an extension, I have to use chmod for setting the file executable. But after I build the docker image from the docker file I always get a "permission denied" error

My docker file:

FROM alpine

COPY . /home/guestuser/bin/gateway

RUN apk add libressl-dev
RUN apk add libffi-dev

RUN pwd

WORKDIR /home/guestuser/bin/.
RUN ["chmod", "+x", "gateway"]

RUN pwd

CMD ["/home/guestuser/bin/gateway"]


EXPOSE 11878

I alwas get this error:

docker: Error response from daemon: OCI runtime create failed: container_linux.go:349: starting container process caused "exec: \"/home/guestuser/bin/gateway\": permission denied": unknown.

As I already mentioned, I am not able to edit the file I want to execute. What am I doing wrong?

Answer 1

You may try this simple one.

FROM alpine
COPY . /home/guestuser/bin/gateway
RUN apk add libressl-dev
RUN apk add libffi-dev
WORKDIR /home/guestuser/bin/
RUN chmod -R 755 /home/guestuser
CMD ["/bin/bash", "/home/guestuser/bin/gateway"]

Otherwise, run sleep command login to container and see your commands works manually

Answer 2

It looks like you are using the exec form of CMD, as shown here

There are two ways to use CMD. The first is the way you are already doing it, in exec form:

CMD ["/home/guestuser/bin/gateway"]

Or you could use shell form:

CMD /home/guestuser/bin/gateway

If you need a shell you could also explicitly call one in exec form, which is what Ganesh was trying to suggest.

CMD ["sh", "/home/guestuser/bin/gateway"]

But if that syntax is correct, why didn't it work?

Well, because this is assuming that gateway is a file. The issue is... it probably isn't.

When you run this command:

COPY . /home/guestuser/bin/gateway

From the reference:

Multiple resources may be specified but the paths of files and directories will be interpreted as relative to the source of the context of the build.

You are copying the entire contents of the build context into the directory /home/guestuser/bin/gateway. If you want to copy a specific file, you should name it explicitly rather than using . The COPY command's syntax is source first, then destination, as shown here.

So when you are trying to execute gateway, you are probably "executing" a directory named gateway. So long as there is more than one file in the build context, gateway will be a directory. That can include the Dockerfile itself, so even if the build context is a folder with just the Dockerfile and the script you want to run, you'll still pull in both files, which turns gateway itself into a directory.

Tests you can try

As proof that your Dockerfile CMD syntax is correct, try changing that CMD to something like this:

CMD ["top"]

Similarly, you can remove the CMD and just run the container in interactive mode. It will drop you in your WORKDIR, which is empty except for the gateway directory, complete with the contents of whatever directory structure was pulled in during the build process.

So, to make this work, change your COPY line to name the script you want:

COPY somescript /home/guestuser/bin/gateway

Other notes:

• your default user here is root, so you don't need to chmod gateway
• RUN pwd will only show the first time you build the container