|
2 | 2 |
|
3 | 3 | This demo uses a fake web app called **Firebox** (sorry, Dropbox!) that allows you to upload files. The web app is written in Python using the Flask framework and runs in a Docker container. |
4 | 4 |
|
| 5 | +_As soon as the Firebox app was deployed in production, the devs cracked open a beer and began to celebrate. But quickly the app's users began to complain that they were unable to upload files._ |
| 6 | + |
| 7 | +_At first, the dev team thought it was just a minor bug that could be fixed quickly. But, as more and more users reported the same issue, it became clear that there was something much more serious going on...._ |
| 8 | + |
5 | 9 | ## To run |
6 | 10 |
|
| 11 | +Let's build and run the Firebox app: |
| 12 | + |
7 | 13 | ```shell |
8 | 14 | docker build -t file-permissions . |
9 | 15 |
|
@@ -114,12 +120,26 @@ drwxr-xr-x 1 root root 14 Dec 10 16:31 .. |
114 | 120 | -rw-r--r-- 1 filebox apps 2036567 Dec 10 16:32 henlobird.jpeg |
115 | 121 | ``` |
116 | 122 |
|
| 123 | +## Solution |
| 124 | + |
| 125 | +We found the cause of the problem. The app was trying to write to a folder that was owned by the `root` user. But the container was running as user `filebox`, and this user didn't have permission to write to the folder. |
| 126 | + |
| 127 | +So, we fixed the problem by correcting the permissions of the folder in the _Dockerfile_. |
| 128 | + |
| 129 | +> **Note** |
| 130 | +> It's good security practice to run your container as a non-root user. But when you do, you will often encounter some annoying permissions issues! So it's important to know how to debug these issues. |
| 131 | +
|
117 | 132 | ## Wrapping up |
118 | 133 |
|
119 | 134 | In this demo, we saw how to debug a file permissions issue in a container. |
120 | 135 |
|
121 | | -We saw that the problem was that the app was trying to write to a folder that was owned by the `root` user, and that the app's user (`filebox`) didn't have permission to write to the folder. We fixed the problem by changing the permissions of the folder in the _Dockerfile_. |
122 | | - |
123 | | -It's good security practice to run your container as a non-root user. But if you do, you can encounter some annoying permissions issues! So it's important to know how to debug these issues. |
| 136 | +Cool troubleshooting tools we used today: |
124 | 137 |
|
| 138 | +- `docker ps` to see all containers and their IDs |
| 139 | +- `docker logs <container-id>` to see the logs |
| 140 | +- `docker exec -it <container-id> sh` to start a shell inside the container |
| 141 | +- `ls -al` to list the contents of a folder and show the permissions |
| 142 | +- `whoami` to see which user you're running as |
| 143 | +- `id <username>` to see the user's UID and group |
| 144 | +- `chown -R <username>:<group> <folder>` to change the owner and group of a folder |
125 | 145 |
|
0 commit comments