I have a Python package called mypackage that I want to install in a Docker image. I want to create a user called myuser in the image instead of just running things as root. Here is my Dockerfile.
# syntax=docker/dockerfile:1
FROM python:3
# Create a user.
RUN useradd --user-group --system --no-log-init --create-home myuser
RUN chown -R myuser:myuser /home/myuser
USER myuser
# Install the package.
RUN python -m pip install --upgrade pip
WORKDIR /home/myuser
COPY . ./mypackage
RUN pip install /home/myuser/mypackage && rm -rf /home/myuser/mypackage
This fails on the pip install because myuser does not have write permissions in the /home/myuser folder. If I build the image without the last step and then go look at the directory permissions everything is still owned by root.
$ ls -l
total 4
drwxr-xr-x 3 root root 4096 Aug 16 14:21 mypackage
I assume the mistake is with the chown statement, but I copied that logic from another Stack Overflow answer and it looks right to me.
What am I doing wrong?
Specify the user:group in the COPY command,
see https://docs.docker.com/engine/reference/builder/#copy
COPY [--chown=<user>:<group>] <src>... <dest>
COPY [--chown=<user>:<group>] ["<src>",... "<dest>"]
The fixed Dockerfile:
FROM python:3
# Create a user.
RUN useradd --user-group --system --no-log-init --create-home myuser
USER myuser
# Install the package.
RUN python -m pip install --upgrade pip
WORKDIR /home/myuser
COPY --chown=myuser:myuser . ./mypackage
RUN pip install /home/myuser/mypackage && rm -rf /home/myuser/mypackage
Related
I already have installed nvm for a different user, but I now want it also installed for www-data.
So I try the following:
su -s /bin/bash www-data
curl https://raw.githubusercontent.com/creationix/nvm/master/install.sh | bash
But I'm getting the following warning and nothing happens:
nvm is already installed in /home/user1/.nvm, trying to update using git
What can I do?
I have installed Kicad 5.15 on my computer and it works fine, and I have saved all the deb files downloaded during the last installation and put them in /var/cache/apt/archives, when I need to reinstall, I just need to execute these commands:
sudo add-apt-repository --yes ppa:js-reynaud/kicad-5.1
sudo apt update
sudo apt install --install-recommends kicad
The installation will start automatically, and because of the existence of the deb files, the installation process does not require an Internet connection and is very fast. However, this method does not work after the Kicad provide a latest version update, and the installation process will still access the network to download new files. I don't want to do this, one of the reasons is that I have a slow internet access and I'm not used to frequently updating software versions. So I made a local APT source according to the online materials, the method is as follows:
sudo apt install dpkg-dev
sudo mkdir /var/debs
sudo cp /var/cache/apt/archives/*.deb /var/debs/
sudo chmod 777 /var/debs
sudo cd /var/debs
sudo dpkg-scanpackages . /dev/null | gzip -9c > Packages.gz
Then I add a line in Sources.list file
deb file:/var/debs ./
I referenced this page How to create a local APT repository?
But this method does not work. When I run
sudo apt update
I got this:
sudo apt update
Get:1 file:/var/debs ./ InRelease
Ign:1 file:/var/debs ./ InRelease
Get:2 file:/var/debs ./ Release
Err:2 file:/var/debs ./ Release
File not found - /var/debs/./Release (2: No such file or directory)
Reading package lists... Done
E: The repository 'file:/var/debs ./ Release' does not have a Release file.
N: Updating from such a repository can't be done securely, and is therefore disabled by default.
N: See apt-secure(8) manpage for repository creation and user configuration details.
When I run the installation command, the prompt is as follows:
sudo apt install --install-recommends kicad
E: Malformed entry 76 in list file /etc/apt/sources.list (Suite)
E: The list of sources could not be read.
E: Malformed entry 76 in list file /etc/apt/sources.list (Suite)
E: The list of sources could not be read.
Did I miss something? What should I do to continue using the DEB files saved on my hard drive?
Just add [trusted=yes] to your sources.list file:
deb [trusted=yes] file:/var/debs ./
OK, So I've set up my docker container as I need it.
This is my current Dockerfile:
FROM ubuntu:16.04
RUN apt-get update
RUN apt-get upgrade -y
RUN apt-get install -y \
build-essential sudo software-properties-common \
libboost-dev libboost-filesystem-dev libboost-program-options-dev \
libboost-regex-dev libboost-system-dev libboost-thread-dev \
libicu-dev libtiff5-dev libfreetype6-dev libpng12-dev \
libxml2-dev libproj-dev libsqlite3-dev libgdal-dev \
libcairo-dev libharfbuzz-dev
RUN apt-get install -y postgresql postgresql-contrib
RUN apt-get install -y nodejs
RUN apt-get install -y python3-dev python-dev git python-pip \
python-setuptools python-wheel python3-setuptools \
python3-pip python3-wheel python-cairo-dev libboost-python-dev
RUN apt-get install -y ruby ruby-dev
RUN apt-get install -y wget curl
RUN pip install --upgrade pip
RUN pip install mapnik
RUN sudo gem install awesome_print colorize twitter_cldr \
nokogiri unidecoder
RUN apt-get -y install apache2 php-pear lynx-cur
ENV APACHE_RUN_USER www-data
ENV APACHE_RUN_GROUP www-data
ENV APACHE_LOG_DIR /var/log/apache2
ENV APACHE_LOCK_DIR /var/lock/apache2
ENV APACHE_PID_FILE /var/run/apache2.pid
EXPOSE 80
ADD apache-config.conf /etc/apache2/sites-enabled/000-default.conf
If I build it and run it with docker run -p 80:80 -it mycontainer, it runs fine. I can go via the terminal, do a /usr/bin/apache2ctl start, the server starts as usual and I can access it via localhost from my host's browser. Great!
Now, the idea is to simply put that /usr/bin/apache2ctl start command inside my Dockerfile, so that I don't have to write it every time the container starts.
However: if I put CMD ["/usr/sbin/apache2ctl", "start"] at the very end of my Dockerfile, build it and run it (with docker run -p 80:80 -it mycontainer), the container seems to start, outputs an Apache message and then it stops, no terminal, nothing. (nor does it run in the background).
What goes on? I just want to be able to start Apache automatically and keep the terminal live, so that I can do things there too.
Containers are a tool to isolate a running application, and they run until the application that was launched exits. If this application is a shell or command that launches a daemon in the background like you've done, when the shell or command returns, the container will promptly exit.
The solution is to run your application in the foreground. The steps to do this with Apache have already been done with the official images which I'd recommend using over building your own. You can see their Dockerfile here. And you can use their image on Dockerfile.
Here are the permissions to my /usr/local directory: drwxr-xr-x.
I did sudo chown -R $user /usr/local, then did brew update again. It didn't work. I tried quitting terminal and opening a new session and trying again and I got the same thing. When I try brew doctor or brew update, it tells me that this directory is not writable. What do I do? What else do I need to be checking?
When I try to brew update Tip me Error: / usr/local must be writable!
sudo chgrp -R admin /usr/local
sudo chmod -R g+w /usr/local
The above method solves my problem
You need to run sudo chown -R $(whoami):admin /usr/local. Also note that in the command you ran $user should be capitalized: $USER.
When I try to "brew link autoconf" in the terminal I keep getting this error.
Error: Could not symlink file: /usr/local/Cellar/autoconf/2.69/share/emacs/site-lisp
/usr/local/share/emacs is not writable. You should change its permissions.
Anyone have any ideas on how to fix this? Thanks!
You need to make sure that all the files and folders in /usr/local are writable by you. You can do this by typing the following command
chown -R yourusername /usr/local
chmod -R u+w /usr/local
You may have to use sudo for those commands to work.
After you do this, try linking again.
(sudo) chown -R yourusername /usr/local
I had to run
chmod -R u+w /usr/local
brew link --overwrite autoconf
brew install htop
I tried under /usr/local/share/emacs/
sudo chmod 777 site-lisp
and then
brew link autoconf
and problem solve!
mac#Anna_mac : /usr/local/share/emacs : brew link autoconf
Linking /usr/local/Cellar/autoconf/2.69... 22 symlinks created
I had to run the following commands
chown -R yourusername /usr/local
chmod -R u+w /usr/local
brew link --overwrite autoconf
You just need to change brew owned by root.
then you can use below command.
sudo brew link xxxx
Quote from github, this is not a bug, it is designed:
jacknagel commented on 4 Feb 2012
brew install will not work with root privileges unless brew itself is
owned by root. #jacknagel Collaborator jacknagel commented on 4 Feb
2012
(this is by design.)