Error: EACCES: permission denied

[ShixiangWang]

[root@localhost ~]# docker run -t -p 127.0.0.1:8443:8443 -v "${PWD}:/root/project" codercom/code-server code-server --allow-http --no-auth
Unable to find image 'codercom/code-server:latest' locally
Trying to pull repository docker.io/codercom/code-server ... 
latest: Pulling from docker.io/codercom/code-server
e58ad9fd24ca: Pull complete 
0a4c669d2dea: Pull complete 
ab60767ef52b: Pull complete 
8cc3b738fbea: Pull complete 
4a49f00acafc: Pull complete 
15aff5fdd28f: Pull complete 
1a344d81f432: Pull complete 
f079d5b4236e: Pull complete 
Digest: sha256:d96615907185d67fcc75655eef3eee28399efb968aaa5e1dc319fa064db3fb08
Status: Downloaded newer image for docker.io/codercom/code-server:latest
ERROR { Error: EACCES: permission denied, mkdir '/root/project/code-server'
  [stack]: 'Error: EACCES: permission denied, mkdir \'/root/project/code-server\'',
  [message]: 'EACCES: permission denied, mkdir \'/root/project/code-server\'',
  errno: -13,
  code: 'EACCES',
  syscall: 'mkdir',
  path: '/root/project/code-server' }
free(): invalid pointer

[windhamwong]

It is related to docker usage actually. Did you try to change another directory? Maybe trying /tmp first?

[ShixiangWang]

I take a try

[root@localhost tmp]# docker run -t -p 127.0.0.1:8443:8443 -v "${PWD}:/root/project" codercom/code-server code-server --allow-http --no-auth
ERROR { Error: EACCES: permission denied, mkdir '/root/project/code-server'
  [stack]: 'Error: EACCES: permission denied, mkdir \'/root/project/code-server\'',
  [message]: 'EACCES: permission denied, mkdir \'/root/project/code-server\'',
  errno: -13,
  code: 'EACCES',
  syscall: 'mkdir',
  path: '/root/project/code-server' }
free(): invalid pointer

&

[root@localhost tmp]# docker run -t -p 127.0.0.1:8443:8443 -v "${PWD}:/tmp" codercom/code-server code-server --allow-http --no-auth
INFO  code-server development
INFO  Additional documentation: http://github.com/codercom/code-server
INFO  Initializing {"data-dir":"/root/.local/share/code-server","working-dir":"/root/project/code-server","log-dir":"/root/.cache/code-server/logs/20190402085348839"}
INFO  Starting shared process [1/5]...
fs.js:646
  return binding.open(pathModule._makeLong(path), stringToFlags(flags), mode);
                 ^

Error: EACCES: permission denied, open '/tmp/0ea6128b8fb8eb3e8e921145492454a32475d574'
    at fs.openSync (fs.js:646:18)
    at n (nbin.js:1:6441)
    at Object.n.(anonymous function).e [as openSync] (nbin.js:1:6627)
    at Object.fs.writeFileSync (fs.js:1299:33)
    at m (/src/packages/server/out/cli.js:244:3192)
    at Object.exec (/src/packages/server/out/cli.js:244:3539)
    at y (/src/packages/server/out/cli.js:489:8224)
    at /src/packages/server/out/cli.js:489:8464
    at /src/packages/server/out/cli.js:489:6054
    at /src/packages/server/out/cli.js:489:6070
    at r (/src/packages/server/out/cli.js:160:11150)
    at Object.e.exports.deleteTempFiles (/src/packages/server/out/cli.js:160:11289)
    at /src/packages/server/out/cli.js:489:5994
    at /src/packages/server/out/cli.js:244:3779
    at /src/packages/server/out/cli.js:244:3281
    at r (/src/packages/server/out/cli.js:160:11150)
    at Object.e.exports.deleteTempFiles (/src/packages/server/out/cli.js:160:11289)
    at /src/packages/server/out/cli.js:244:3251
    at d (/src/packages/server/out/cli.js:244:2721)
    at ChildProcess.<anonymous> (/src/packages/server/out/cli.js:244:2910)
    at emitTwo (events.js:126:13)
    at ChildProcess.emit (events.js:214:7)
    at maybeClose (internal/child_process.js:915:16)
    at Process.ChildProcess._handle.onexit (internal/child_process.js:209:5)

It is okay to run hello world

[root@localhost tmp]# docker run hello-world

Hello from Docker!
This message shows that your installation appears to be working correctly.

To generate this message, Docker took the following steps:
 1. The Docker client contacted the Docker daemon.
 2. The Docker daemon pulled the "hello-world" image from the Docker Hub.
    (amd64)
 3. The Docker daemon created a new container from that image which runs the
    executable that produces the output you are currently reading.
 4. The Docker daemon streamed that output to the Docker client, which sent it
    to your terminal.

To try something more ambitious, you can run an Ubuntu container with:
 $ docker run -it ubuntu bash

Share images, automate workflows, and more with a free Docker ID:
 https://hub.docker.com/

For more examples and ideas, visit:
 https://docs.docker.com/get-started/

[nol166]

@code-asher suggested trying to mkdir /tmp/test if you haven't already

[utsavjain1408]

I was also getting the same error for certain directories. However, I manually creates a 'code-server' directory and ran the docker commands again. It now works just fine.

[root@localhost ~]# docker run -t -p 127.0.0.1:8443:8443 -v "${PWD}:/root/project" codercom/code-server code-server --allow-http --no-auth
Unable to find image 'codercom/code-server:latest' locally
Trying to pull repository docker.io/codercom/code-server ... 
latest: Pulling from docker.io/codercom/code-server
e58ad9fd24ca: Pull complete 
0a4c669d2dea: Pull complete 
ab60767ef52b: Pull complete 
8cc3b738fbea: Pull complete 
4a49f00acafc: Pull complete 
15aff5fdd28f: Pull complete 
1a344d81f432: Pull complete 
f079d5b4236e: Pull complete 
Digest: sha256:d96615907185d67fcc75655eef3eee28399efb968aaa5e1dc319fa064db3fb08
Status: Downloaded newer image for docker.io/codercom/code-server:latest
ERROR { Error: EACCES: permission denied, mkdir '/root/project/code-server'
  [stack]: 'Error: EACCES: permission denied, mkdir \'/root/project/code-server\'',
  [message]: 'EACCES: permission denied, mkdir \'/root/project/code-server\'',
  errno: -13,
  code: 'EACCES',
  syscall: 'mkdir',
  path: '/root/project/code-server' }
free(): invalid pointer

[honzapospi]

I have the seme problem and nothing help. Any progress?

[mavidser]

Yeah, I too still get this error. When running with -v /path:/home/coder/project, project dir is root while the program runs as coder.

coder@5761f068cc4c:~/project$ ll ..
total 32
drwxr-xr-x 1 coder coder 4096 Nov  5 05:43 ./
drwxr-xr-x 1 root  root  4096 Nov  4 23:25 ../
-rw-r--r-- 1 coder coder  220 Nov  4 23:25 .bash_logout
-rw-r--r-- 1 coder coder 3771 Nov  4 23:25 .bashrc
drwxr-xr-x 3 coder coder 4096 Nov  5 05:43 .local/
-rw-r--r-- 1 coder coder  807 Nov  4 23:25 .profile
drwxr-xr-x 2 root  root  4096 Nov  5 05:29 project/

[BirkhoffLee]

Same here.

[humansinstitute]

Hi Guys, i had the same issue and edited the docker run string to be a different destination...

${HOME}/.local/share/code-server:/home/code/docker/test/.local/share/code-server"

The segment in bold was a seperate path I'd set up locally. Previously it was /coder/ which didn't exist.

[midnightradio]

It seems that the container tries to create a mounting point on a host system with uid 0 (root) when such a directory not exist and causing the permission error on writing after the creation.

My suggestion as a workaround is, changing owner of the problematical directory after failing to run the container, than try to run the container again.

$ docker run -it -p 127.0.0.1:8080:8080 -v "${HOME}/.local/share/code-server:/home/coder/.local/share/code-server" -v "$PWD:/home/coder/project" codercom/code-server:v2
error EACCES: permission denied, mkdir '/home/coder/.local/share/code-server/extensions'  <-- permission error occured
$ ls -al ~/.local/share/code-server
total 16
drwxr-xr-x  2 root root  4096 12월  2 07:49 .  <-- owned by root
drwx------ 30 lyle lyle 12288 12월  2 07:49 ..
$ sudo chown lyle:lyle .
total 16
drwxr-xr-x  2 lyle lyle  4096 12월  2 07:49 .  <-- owner changed
drwx------ 30 lyle lyle 12288 12월  2 07:49 ..
$ docker run -it -p 127.0.0.1:8080:8080 -v "${HOME}/.local/share/code-server:/home/coder/.local/share/code-server" -v "$PWD:/home/coder/project" codercom/code-server:v2
info  Server listening on http://0.0.0.0:8080
info    - Password is 7d1110f0ad0735563f8fd151
info      - To use your own password, set the PASSWORD environment variable
info      - To disable use `--auth none`
info    - Not serving HTTPS

[plevold]

Ran into this problem when I was trying out code-server. Seems to me like the typical Docker problem of mismatch between host UID/GIDs and container UID/GIDs. I solved this by running the following commands instead of the one suggested in the readme:

mkdir -p ${HOME}/.local/share/code-server
docker run -it -p 127.0.0.1:8080:8080 --user $(id -u):$(id -g) -v "${HOME}/.local/share/code-server:/home/coder/.local/share/code-server" -v "$PWD:/home/coder/project" codercom/code-server:v2

In my (somewhat limited) experience, using --user $(id -u):$(id -g) seems to be the best way of handling bind mounts where files should be owned by the current user. It's not perfect though: Any files created by the user during docker build will have a different UID and GID which could cause new problems...

EDIT: It actually works fine for me without the --user flag as long as ${HOME}/.local/share/code-server exists, but any files created inside code-server will have the UID and GID of the user inside the container which may or may not be the same as the user on the host system that is executing the docker run command.

[sr229]

@plevold We've identified a fix for it as well so this might get fixed really soon.

[plevold]

@sr229 When I run the command suggested in https://github.com/edumgui/code-server/commit/5faddfa9bccf40296b4a43c7c7ddd4092cd1ff7b any new files created in code-server is owned by root which is not what I want in my case at least.

[sr229]

Looks like that's bad practice, don't worry we're working on a fix for user mode

I suggest against putting everything as UID0

[sr229]

Reopening this since we haven't slated a real fix, vetoing @nhooyr's close.

[sr229]

@deansheather and @code-asher said we can use fixuid to fix our problems with permissions, along with chmod permissions. We're slating the fix soon.

[ruanchaves]

The solution provided by @midnightradio is the only one that worked for me on AWS EC2 ( tested on Amazon Linux 2 and Ubuntu 16 free tier instances ).

[thoward27]

I had the same issue, @midnightradio was the solution that worked (changing ownership).

[nhooyr]

See #1307

[DVLP]

Don't run code-server as root and don't use /root directory. Use some other user and it's home directory. If you already have stuff in root here's how to move:

1. Create user i.e. "server" - give it access to docker group
   sudo usermod -a -G docker server
2. Folder will be automatically created /home/server , move your files there i.e. mv /root/project_folder /home/server/project_folder and transfer ownership chown server -R /home/server/project_folder
3. Log in as the new user and run your docker(when you're logged in as this user no need to specify user id in parameters)
   docker run -d --name="coder" -it -p 8080:8080 -v "/home/server:/home/coder/project" codercom/code-server

[jarbsonsantana]

You must give permissions to the group: coder

1. Enter the container docker exec -it app_name_1 bash
2. Run: chown coder:coder /home/coder/project -R
3. Try again.

[mirekphd]

It seems that the root cause of this issue is that code-server assumes it has write access to the folder specified with $HOME env. var, so if it points to a wrong folder, where the runtime user has no write access, you get the EACCES error when it tries to mkdir its .config subfolder there.

For instance, when I changed the name in a perfectly working container of the all-important env var HOME to VSC_HOME, and the container already had the HOME defined for another user (jovyan) in another folder (/home/jovyan), that wasn't writable by the runtime user (coder), I got this error at container startup:

[2023-01-08T09:53:49.123Z] error EACCES: permission denied, mkdir '/home/jovyan/.config/code-server'

Inspecting env on the failing containers reveals that code-server ignores the home folder assigned to the runtime user (here: coder and /home/coder folder), where it would have write access and goes for the hard-coded $HOME and its home folder:

docker run -it ... env | grep HOME
HOME=/home/jovyan
VSC_HOME=/home/coder

[mirekphd]

Similar hard-coded env var is used for web access credentials: code-server monitors only the PASSWORD env var and there is no argument to pass a new token value at startup other than that (unlike for a competing VS Code fork, openvscode-server, which has the --connection-token argument that can consume any env variable, including those named less conspicuously than PASSWORD). Moreover, code-server reveals to all unauthorized users this only acceptable hard-coded env variable name (PASSWORD) in the error message displayed on the startup screen...