Need mkdir permission for EC2 docker container

Question

I have a docker-compose which runs 3 containers:

1. selenium/hub

2. selenium/node-chrome

3. My own image of a java program that uses the 2 above containers to log into a website, navigate to a download page, click on a check-box, then click on a submit button, that will cause a file to be downloaded.

Everything runs fine on my pc, but on an EC2 instance the chrome node gets the error:

mkdir: cannot create directory '/home/selsuser'

and then other errors trying to create sub-directories.

How can I give a container mkdir permissions?

I would like to run this as an ECS-Fargate task, so I would also need to give a container mkdir permissions within that task.

Thanks

Answer 1

Well,

Thank you for the details. It seems indeed you need rights you do not have. What you can try is to create a user group and share it accross your container.

To do so,

• Create a groupe user with a GID that does not already exists (enter id on your terminal to see all the existing GID). We will assume 500 is not already used:

chown :500 Downloads

• Then, give the appropriate rights to your new group and make all the subfolders having the right of your created group:

chmod 665 Downloads && chmod g+s Downloads

(If you want to be at ease you can always give full permission, up to you)

• Then share the rights with a group created in the container thanks to a Dockerfile (replace <username> and <group_name> by whatever you want:

FROM selenium/node-chrome:3.141.59
RUN addgroup --gid 500 <group_name> &&\
adduser --disabled-password --gecos "" --force-badname --ingroup 500 <username>
USER <username>

Then of course don't forget to edit your docker-compose file:

selenium:
   build:
      context: <path_to_your_dockerfile>

Hoping it will work :)

---

(From the author of question)

I do have volume mapping, but I do not think there is any connection there to the problem I have. The problem is the selenium/node-chrome container wants to create the directory. On my pc, there are no problems, on EC2 it causes an error that it cannot create the directory. I assume on EC2 you need root privs to do anything on /home.

Here is the complete docker-compose file:

version: "3"
services:
  hub:
    image: selenium/hub:3.141.59
    ports:
      - "4444:4444" 
  chrome:
    image: selenium/node-chrome:3.141.59
    shm_size: '1gb'
    depends_on:
      - hub
    environment:
      - HUB_HOST=hub
    volumes:
      - ./Downloads:/home/seluser/Downloads     
  migros-module:
    image: freiburgbill/migros-docker
    depends_on:
        - chrome
    environment:
        - HUB_HOST=hub
        - BROWSER=chrome
    volumes:
        - ./migros-output:/usr/share/udemy/test-output
        - ./Downloads:/usr/share/udemy/Downloads 

Answer 2

Thanks again to Paul Barrie for your input and help to get me looking closer at permissions.

For running the docker-compose file that worked on my pc, but did not work on an EC2 instance, I created a /tmp/download directory and gave it full rights (sudo chmod -R 2775 /tmp/Downloads), then it ran without any problems!

For trying to do the same thing as an ECS-Fargate Task. I created an EFS, attached the EFS to an EC2 instance so I could go into it and set the permissions on the whole EFS (sudo chmod -R 777 /mnt/efs/fs1, where that is the default path connecting the EFS to the EC2). I then created ECS-Fargate Task attaching the EFS as a volume. Then everything worked!

So in summery, the host where the docker-compose is running has to have permissions for writing the file. With Fargate we cannot access the host, so an EFS has to be given permissions for writing the file.

I know there must be a better way of locking down the security to just what is needed, but the open permissions does work.

It would of been good if I could of changed the permissions of the Fargate temporary storage and used the bind mount, but I could not find a way to do that.