"Permission denied" to a directory that I own, permissions seemingly correct

Question

Setting up a Docker image based on Debian 8, specifically the nginx image with uwsgi added. The web service in question will run via uwsgi as www-data. The service is copied in to the container with a COPY command in the Dockerfile.

Using nsenter, I'm able to connect to the container and debug as the www-data user, which has been super helpful, but I'm stuck.

The web service executable is copied to /var/www/service directory, and that's all good. Where it gets difficult is that it can't load a library in /var/www/service/database even though it's owned by www-data:

www-data@4b8d07cf75a3:~$ ls -la /var/www/service/
total 36
drwxr-xr-x 20 www-data www-data 4096 Jun  7 13:59 .
drwxr-xr-x  5 root     root     4096 Jun  7 13:49 ..
-rwxr--r--  1 www-data www-data 2682 Jun  6 02:45 app.py
drwxr-xr-x  2 www-data www-data 4096 Jun  7 13:59 database

www-data@4b8d07cf75a3:~$ ls -la /var/www/service/database/
ls: cannot open directory /var/www/service/database/: Permission denied

The app.py code starts, but can't access the database directory, and neither can I unless I'm root at the time.

I don't see anything like a file acl, so I'm out of ideas. Any help?

maybe is only the absolute path denied. have you try a relative path ? — mmm, Jun 07 '15 at 17:02
@jordanm - /database is a package directory; regular stuff. Access is denied if I address it absolutely or relative. — GraduateOfAcmeU, Jun 07 '15 at 21:48
@GraduateOfAcmeU what's the exact command you use to run the container? — jordanm, Jun 07 '15 at 23:50
@jordanm: docker run -it --rm --name app -p 0.0.0.0:80:80 app — GraduateOfAcmeU, Jun 08 '15 at 23:50
Turns out, switching from COPY to ADD in order to load my package to the image gives me usable directories. — GraduateOfAcmeU, Jun 12 '15 at 02:33

"Permission denied" to a directory that I own, permissions seemingly correct

0 Answers0