chmod: changing permissions of 'myscript.sh' : Operation not permitted

Question

While running the following docker file I am getting "chmod: changing permissions of '/scripts/entrypoint.sh': Operation not permitted" error.

FROM sonarqube:7.7-community
ADD plugins/* /plugins/
ADD scripts/* /scripts/
ADD conf/* /conf/
ADD bin/* /bin/
RUN chmod -R a+X /scripts/myScript.sh
ENTRYPOINT ["/scripts/myScript.sh"]

But when I add USER root it is working. But I don't want to run it with root. Any way I can run it without root ?

You must check the execute permissions of the file `entrypoint.sh`. If you want to execute it by a specific user, this user should have execute permissions on this file — GeralexGR, May 16 '19 at 12:23
I am trying to execute with the system user (the user which I have logged in) and it has the proper permission. — JYOTI PRAKASH MALLICK, May 16 '19 at 12:28

score 18 · Accepted Answer · answered May 16 '19 at 13:30

18

Set the permissions before you build the image

chmod +x scripts/myScript.sh
docker build .

docker will keep the permissions when it copies the files.

answered May 16 '19 at 13:30

Gerald Schneider

23,274
8
57
89

score 18 · Answer 2 · answered May 16 '19 at 13:54

Changing permissions of files you do not own in Linux requires root access, and the COPY command is most likely copying the file as root. You can change back to the sonarqube user after fixing the permissions. Here's an example Dockerfile for that:

FROM sonarqube:7.7-community
COPY plugins/ /plugins/
COPY scripts/ /scripts/
COPY conf/ /conf/
COPY bin/ /bin/
USER root
RUN chmod 755 /scripts/myScript.sh
USER sonarqube
ENTRYPOINT ["/scripts/myScript.sh"]

Note I've also switched from ADD to COPY since you are not pulling remote URL's or extracting tar/zip files. The * is also implied when copying a directory. For a single script, you do not need the -R recursive option, and I'm explicit with the permissions since shell scripts also require read access by all users.

If you want the script to be owned by sonarqube instead, you could run:

COPY --chown=sonarqube:sonarqube scripts/ /scripts/

That should allow the user to change permissions on the script without a USER change, but may give that user more access than you desire to modify the script inside the container.

score 3 · Answer 3 · answered May 16 '19 at 13:08

3

Check permissions on the /scripts directory using ls -ld scripts. It might be that your user does not have write permission on this directory.

answered May 16 '19 at 13:08

macrokernel

31
3

1

I guess the only root has the access to this folder, `drwxr-xr-x 2 root root 4096 May 16 11:57 /scripts` – JYOTI PRAKASH MALLICK May 16 '19 at 13:11
Any way we can provide permission to any user? – JYOTI PRAKASH MALLICK May 16 '19 at 13:16

score 1 · Answer 4 · answered Dec 08 '19 at 10:36

1

use sudo chmod instead of just using chmod

answered Dec 08 '19 at 10:36

vishnu dk

27
1

3

You do not `sudo` from inside of containers. Allowing that would break the security of running commands as a non-root user. – BMitch Dec 08 '19 at 18:55
1

But the default user for a docker container is `root`. I will try with sudo as well. – JYOTI PRAKASH MALLICK Dec 09 '19 at 09:04

chmod: changing permissions of 'myscript.sh' : Operation not permitted

4 Answers4