I have a Flask Python application which creates an application.log file in the /app folder. I have granted write permissions to that folder via my Dockerfile however I still see that error. I don’t see it when the file is created in the /opt/docker location. What could be the issue?
Here’s what my Dockerfile looks like:
FROM nexus.company.com/docker-private/company-base:1.4.0
LABEL team="Team"
LABEL maintainer=team@company.com
USER root
# Create directory for logs - kubernetes logging sidecar reads logs from this location
RUN mkdir -p /opt/docker/logs
# Grant write permission
RUN chown -R daemon:daemon /opt/docker
# Install required packages tools
RUN apt-get update -y && apt-get install -y python3-pip \
# wget and zlib1g-dev to help with python3.6 installation
&& apt-get install -y wget && apt-get install -y zlib1g-dev \
# The following line installs the ssl module required by pip3 to install requirements
&& apt-get install -y libssl-dev \
# The following line installs the bz2 module required for pandas to install correctly
&& apt-get install -y libbz2-dev
WORKDIR /opt
# Download and install Python 3.6
RUN wget https://www.python.org/ftp/python/3.6.3/Python-3.6.3.tgz && tar -xvf Python-3.6.3.tgz
RUN cd Python-3.6.3 && ./configure && make && make install
# We copy just the requirements.txt first to leverage Docker cache
COPY ./requirements.txt /app/requirements.txt
# Permission for local application.log if running locally
RUN chown -R daemon:daemon /app
WORKDIR /app
RUN pip3 install --upgrade pip && pip3 install -r requirements.txt
# Copy all files to /app folder - we will run our application from here
COPY . /app
USER daemon
# Run flask app with uwsgi
ENTRYPOINT uwsgi --wsgi-file src/app.py --http-socket :9000 --callable app --ini app.ini
And here’s the error trace:
Traceback (most recent call last):
File "src/app.py", line 9, in <module>
app = create_app()
File "./src/__init__.py", line 41, in create_app
setup_logging(app)
File "./src/__init__.py", line 51, in setup_logging
handler = logging.FileHandler(app.container.config.get("app.LOG_FILE"))
File "/usr/local/lib/python3.6/logging/__init__.py", line 1030, in __init__
StreamHandler.__init__(self, self._open())
File "/usr/local/lib/python3.6/logging/__init__.py", line 1059, in _open
return open(self.baseFilename, self.mode, encoding=self.encoding)
PermissionError: [Errno 13] Permission denied: '/app/application.log'
unable to load app 0 (mountpoint='') (callable not found or import error)
*** no app loaded. GAME OVER ***
I have granted permissions with this line:
# Permission for local application.log if running locally
RUN chown -R daemon:daemon /app
Should I be doing something else?
>Solution :
You need to run chown after you copy the files into that directory. Alternatively, you can use the --chown flag to COPY. Otherwise they’ll be copied in as owned by the root user, leading to the permissions error.
COPY . /app
RUN chown daemon:daemon -R /app
Or using the --chown flag (linux only):
COPY --chown=daemon:daemon . /app