Podman Installation - Permissions Issue

General
1

I am trying to install nodered using rootless Podman (which should be compatible with Docker) with Bind Mount, but I am running into some permission issues where the converter crashes/exits at startup.

This is my compose.yml

version: "3.7"

services:
  node-red:
    container_name: node-red
    image: nodered/node-red:latest
    environment:
      - TZ=Europe/Copenhagen
#    ports:
#      - "1880:1880"
    networks:
      - traefik
    volumes:
      - ~/data/node-red:/data
    user: node-red # Tried podman:node-red, podman, ... 
    labels:
      - "traefik.enable=true"
      - "traefik.http.routers.node-red.rule=Host(`node-red.MYDOMAIN.TLD`)"
      - "traefik.http.services.node-red.loadbalancer.server.port=1880"
      - "traefik.docker.network=traefik"

networks:
  traefik:
    external: true

And this is the error I get from podman logs node-red

node:internal/fs/utils:347
    throw err;
    ^

Error: EACCES: permission denied, copyfile '/usr/src/node-red/node_modules/node-red/settings.js' -> '/data/settings.js'
    at Object.copyFileSync (node:fs:2847:3)
    at copyFile (/usr/src/node-red/node_modules/fs-extra/lib/copy/copy-sync.js:64:6)
    at onFile (/usr/src/node-red/node_modules/fs-extra/lib/copy/copy-sync.js:50:25)
    at getStats (/usr/src/node-red/node_modules/fs-extra/lib/copy/copy-sync.js:42:44)
    at Object.copySync (/usr/src/node-red/node_modules/fs-extra/lib/copy/copy-sync.js:32:10)
    at Object.<anonymous> (/usr/src/node-red/node_modules/node-red/red.js:129:20)
    at Module._compile (node:internal/modules/cjs/loader:1198:14)
    at Object.Module._extensions..js (node:internal/modules/cjs/loader:1252:10)
    at Module.load (node:internal/modules/cjs/loader:1076:32)
    at Function.Module._load (node:internal/modules/cjs/loader:911:12) {
  errno: -13,
  syscall: 'copyfile',
  code: 'EACCES',
  path: '/usr/src/node-red/node_modules/node-red/settings.js',
  dest: '/data/settings.js'
}
node:internal/fs/utils:347
    throw err;
    ^

Error: EACCES: permission denied, copyfile '/usr/src/node-red/node_modules/node-red/settings.js' -> '/data/settings.js'
    at Object.copyFileSync (node:fs:2847:3)
    at copyFile (/usr/src/node-red/node_modules/fs-extra/lib/copy/copy-sync.js:64:6)
    at onFile (/usr/src/node-red/node_modules/fs-extra/lib/copy/copy-sync.js:50:25)
    at getStats (/usr/src/node-red/node_modules/fs-extra/lib/copy/copy-sync.js:42:44)
    at Object.copySync (/usr/src/node-red/node_modules/fs-extra/lib/copy/copy-sync.js:32:10)
    at Object.<anonymous> (/usr/src/node-red/node_modules/node-red/red.js:129:20)
    at Module._compile (node:internal/modules/cjs/loader:1198:14)
    at Object.Module._extensions..js (node:internal/modules/cjs/loader:1252:10)
    at Module.load (node:internal/modules/cjs/loader:1076:32)
    at Function.Module._load (node:internal/modules/cjs/loader:911:12) {
  errno: -13,
  syscall: 'copyfile',
  code: 'EACCES',
  path: '/usr/src/node-red/node_modules/node-red/settings.js',
  dest: '/data/settings.js'
}

I read Running under Docker : Node-RED, but I still cannot understand what's so "special" about node-red that causes so many permissions issues with Bind Mounts. I am running several containers and either they run as "podman" (my Podman user) or a subuid/subgid of it configured in /etc/subuid and /etc/subgid.

What is so different that the nodered container cannot handle this kind of permissions for Bind mounts ?

2

I tried to run whoami inside various containers ...

For instance

podman exec -it homeassistant /bin/sh
whoami
root

Apparently every other container seems to be running as root.

Looking at node-red Dockerfile, after the initial installation, it seems it's run as user node-red.

That's probably the cause of the different behavior.

3

This topic was automatically closed 90 days after the last reply. New replies are no longer allowed.