About the Permission for docker container auto create directory [Bug]: [Docs]:

[dxkrs]

Is there an existing issue for this?

• I have searched the existing issues

OS/Web Information

• Web Browser: Chrome
• Local OS: macOS
• Remote OS:Centos7
• Remote Architecture: amd64
• code-server --version:codercom/code-server:4.4.0
• Docker Version:docker-ce 20.10.17

Steps to Reproduce

Follow the install manua for Docker ,my container run command:

docker run -it --name code-server -p 127.0.0.1:8080:8080 \
  -v /home/vsc/.config/code-server:/home/coder/.config/code-server \
  -v /home/vsc/myproject:/home/coder/project \
  -u 1001:1001 \
  -e DOCKER_USER=vsc \
  codercom/code-server:latest

Expected

I want to create or edit my code project file in /home/coder/project, but it will tips permission defined in Browser.

Actual

I have done some research for this promble.

The codercom/code-server:latest images not exists the directory /home/coder/project, docker will auto create this directory when the containter init, but the uid (and gid) isn't follow the env DOCKER_USER (or -u option ) which auto docker auto create, so these auto create directory or file only read on the code-server running.

The issue #4166 and #1191 look like the same problem, and the #1191 maybe is a way to fix, which is create the directory when the images build (use dockerfile). I'm not suer it is a good way because of the users maybe want to set other customer directory or file persistently, such as project directory, user-data-dir, extensions-dir.

Anyways, the install manual for Docker -v "$PWD:/home/coder/project" \ is not useful unless the images have the /home/coder/project.

During my research, I found the other images linuxserver/code-server,which is referenced in the install manua for Docker for arm32 support. This images is very different from the codercom/code-server, and the important is it has the /config directory, which is ready for the workspace directory ,user-data-dir, extensions-dir, and I can mount these path on the host machine. It is very useful and nice!

Finally, I found that any directory or file which I mount on the container from linuxserver/code-server, it will auto be changed for abc uid and abc gid, which is the default runing user for the container. I think maybe can do something on image buliding for learning this point?

Logs

No response

Screenshot/Video

No response

Does this issue happen in VS Code or GitHub Codespaces?

• I cannot reproduce this in VS Code.
• I cannot reproduce this in GitHub Codespaces.

Are you accessing code-server over HTTPS?

• I am using HTTPS.

Notes

No response

[jsjoeio]

Anyways, the install manual for Docker -v "$PWD:/home/coder/project" \ is not useful unless the images have the /home/coder/project.

Thanks for opening this. So do you think we should remove this from the docs?

[dxkrs]

I'm not sure if this will mislead users, and there's no way to persist a project directroy on the host machine because of the permission promble.

[jsjoeio]

Ahh okay. Hmm... I don't use code-server via Docker so I'm hesitant to recommend any specific changes. I guess we can leave this open for now until we decide on a solution (suggestions welcome).

[dxkrs]

Emm, I only see Docker is the best way to use Code-Server because of the file permission promble.

I try to install and use the code-server by the way of install.sh, finally, I can visit (or read) all system files on browser ! I feel that it is not what I want to see, even if I specify that the Code-Server can only write or execute some files or directories.

So, the Docker, which can isolate the system environment, I think it's the recommended way to use Code-Server. ( I guess not only a small number of Code-Server users think so :)

[yonixw]

What worked for me is (with inside docker support with sudo):

• create a folder to work in, and cd <name> into it,
• prepare mount folder by mkdir -p home/.config
• Run this command:

docker run \
  -it --name code-server  \
  -p 8080:8080 \
  -v /var/run/docker.sock:/var/run/docker.sock \
  -v "$(pwd)/home:/home/coder/" \
  -u "$(id -u):$(id -g)" \
  -e "DOCKER_USER=$USER" \
codercom/code-server:latest

[jsjoeio]

@yonixw thanks for posting your solution! Do you think we should update the docs?

[yonixw]

Just tried it again on a windows machine (WSL2+Docker Desktop) and worked, when before worked on an Ubuntu VM.

So I don't see why not, but I am not that familiar with the the rules here and if it's enough.

Here is the output I experienced (running + getting the password) for reference...

/tmp$ mkdir my-code-server

/tmp$ cd my-code-server/

/tmp/my-code-server$ mkdir -p home/.config

/tmp/my-code-server$ docker run \
>   -it --name code-server  \
>   -p 8080:8080 \
>   -v /var/run/docker.sock:/var/run/docker.sock \
>   -v "$(pwd)/home:/home/coder/" \
>   -u "$(id -u):$(id -g)" \
>   -e "DOCKER_USER=$USER" \
> codercom/code-server:latest
Unable to find image 'codercom/code-server:latest' locally
latest: Pulling from codercom/code-server
....
Digest: sha256:b87de935cbd1ec8dcc8b42af53ac37d68236137a02b743563383cb0da31d59d1
Status: Downloaded newer image for codercom/code-server:latest
[2022-08-22T16:43:18.424Z] info  Wrote default config file to ~/.config/code-server/config.yaml
[2022-08-22T16:43:18.711Z] info  code-server 4.6.0 6d3f9ca6a6df30a1bfad6f073f6fa33c0e63abdb
[2022-08-22T16:43:18.712Z] info  Using user-data-dir ~/.local/share/code-server
[2022-08-22T16:43:18.720Z] info  Using config file ~/.config/code-server/config.yaml
[2022-08-22T16:43:18.720Z] info  HTTP server listening on http://0.0.0.0:8080/
[2022-08-22T16:43:18.720Z] info    - Authentication is enabled
[2022-08-22T16:43:18.720Z] info      - Using password from ~/.config/code-server/config.yaml
[2022-08-22T16:43:18.720Z] info    - Not serving HTTPS
^Ctrl-C

/tmp/my-code-server$ cat home/.config/code-server/config.yaml
bind-addr: 127.0.0.1:8080
auth: password
password: <redacted>
cert: false
``

[jsjoeio]

These comments are probably enough then. If we get another report, we can update the docs. Thanks for your help!