Unable to save extensions and other config on local host system

[ajsrk]

Description

I am trying to run the code-server docker container. I want to be able to persist my extensions and other configuration beyond the life of the container, so i mount the code-server directory as a volume like below --
docker run -it -p 127.0.0.1:8443:8443 -v "/home/vscode_cloud_ide/.local/share/code-server:/home/coder/.local/share/code-server" -v "/home/vscode_cloud_ide/projects:/home/coder/project" codercom/code-server --allow-http --no-auth

This gives me the error below ---
(node:6) [DEP0005] DeprecationWarning: Buffer() is deprecated due to security and usability issues. Please use the Buffer.alloc(), Buffer.allocUnsafe(), or Buffer.from() methods instead.
ERROR { [Error: EACCES: permission denied, mkdir '/home/coder/.local/share/code-server/extensions']
[stack]:
'Error: EACCES: permission denied, mkdir '/home/coder/.local/share/code-server/extensions'',
[message]:
'EACCES: permission denied, mkdir '/home/coder/.local/share/code-server/extensions'',
errno: -13,
code: 'EACCES',
syscall: 'mkdir',
path: '/home/coder/.local/share/code-server/extensions' }

I've looked at past issues, some seem to suggest that the user running the container must have the uid 1000, I checked for this and confirmed it to be so.
Can anybody tell me how to mount all the ide's config as volumes from the host system?

Related Issues

#703

[giddisey]

I'm hitting the same problem. My docker-compose has -

volumes:
  - ./workspace:/home/coder/project
  - ./extensions:/home/coder/.local/share/code-server/extensions

And I am getting the error -

[message]:
'EACCES: permission denied, open '/home/coder/.local/share/code-server/self-signed.key'',

Which puzzles me as I was only mounting the extensions folder not the whole code-server folder.

[code-asher]

I just updated the Docker image since we hadn't done that in a while, but I haven't been able to replicate this yet on any of the old images so I can't say whether the new version will fix this.

[kr1sp1n]

I could fix this by just mounting the data-dir instead of the extensions dir: docker run -it -p 127.0.0.1:8443:8443 -v "${PWD}:/home/coder/project" -v "${HOME}/.vscode:/home/coder/.local/share/code-server" codercom/code-server --allow-http --no-auth. Now it works as expected and the extensions are saved on the docker host as well.

[ffflorian]

I just updated the Docker image since we hadn't done that in a while, but I haven't been able to replicate this yet on any of the old images so I can't say whether the new version will fix this.

It's not fixed in the latest version, I have the same problem. @kr1sp1n's fix didn't work for me :/

I am trying to mount the volumes like this:

docker run \
       -d \
       --name "code-server" \
       -v "${HOME}/code-server/workspace:/home/coder/project" \
       -v "${HOME}/code-server/.vscode:/home/coder/.local/share/code-server" \
       -p 8443:8443 \
       codercom/code-server \
       --allow-http \
       --no-auth

And I am also getting the error

ERROR { [Error: EACCES: permission denied, mkdir '/home/coder/.local/share/code-server/extensions']
  [stack]:
   'Error: EACCES: permission denied, mkdir \'/home/coder/.local/share/code-server/extensions\'',
  [message]:
   'EACCES: permission denied, mkdir \'/home/coder/.local/share/code-server/extensions\'',
  errno: -13,
  code: 'EACCES',
  syscall: 'mkdir',
  path: '/home/coder/.local/share/code-server/extensions' 

[alevinetx]

I've been using this. While it works, survives new containers, and is shared across multiple containers.

I did some fighting with the Dockerfile some time back, trying to find the right timing to lay down or overwrite the ~coder directory, and finally gave up.

I may be playing with fire using the /tmp folder, but I recall having permissions problems trying to use any other location; granted, I didn't fight very long.

I'm using a docker volume, not a named host folder. And the related part is the --user-data-dir clause

docker run -d -p $1:8443 \
                -v /opt/java/latest:/usr/local/java:ro  \
                -v $MY_CODER_SETTINGS_VOLUME:/tmp/coder-settings \
                -v $2:/home/coder/project \
                --name $3 \
                codercom/code-server:latest --user-data-dir /tmp/coder-settings

[ajsrk]

I found that there was an issue in the way that I created the container that was causing my error.
Based on my findings, I can make the following suggestions --

• If the folders you are trying to mount as volumes are owned by the user id 1000 and group id 1000, you're in luck you can just mount those host folder locations directly using the docker run -v directive. This is because the coder user in the container has the UID - 1000 and GID - 1000, so any folders mounted with the same uid will be accessible by the coder user inside the container.

• If the above isn't the case, then using docker volumes as suggested by @alevinetx is the way to go. This is because when one mounts docker volumes, it assigns the same permissions to the volume as the mounting point, whereas if you mount a host directory docker assigns the host directory's permissions to the mounted point in the container.

One thing to keep in mind is that you need to make sure that the folders you are trying to mount exist on the host system with the uid 1000, if its not the case, docker creates folders with uid 0(which means owned by root) ; for e.g. say the folder ~/vscode_cloud_ide has the uid 1000 on the host system, and you run the command

docker run -it -p 127.0.0.1:8443:8443 \
-v "~/vscode_cloud_ide/local:/home/coder/.local" \
-v "~/vscode_cloud_ide/projects:/home/coder/project" \
-v "~/vscode_cloud_ide/cache:/home/coder/.cache" \
codercom/code-server --allow-http --no-auth

You have to make sure the folders local, projects and cache exist on the host system. Otherwise, docker will create them for you with uid 0, even though the parent folder is owned by 1000. This was the issue that I had, now that it is resolved, I am closing this question.

[midnightradio]

It seems that the container tries to create a mounting point on a host system with uid 0 (root) when such a directory not exist and causing the permission error on writing after the creation.

My suggestion as a workaround is, changing owner of the problematical directory after failing to run the container, than try to run the container again.

$ docker run -it -p 127.0.0.1:8080:8080 -v "${HOME}/.local/share/code-server:/home/coder/.local/share/code-server" -v "$PWD:/home/coder/project" codercom/code-server:v2
error EACCES: permission denied, mkdir '/home/coder/.local/share/code-server/extensions'  <-- permission error occured
$ ls -al ~/.local/share/code-server
total 16
drwxr-xr-x  2 root root  4096 12월  2 07:49 .  <-- owned by root
drwx------ 30 lyle lyle 12288 12월  2 07:49 ..
$ sudo chown lyle:lyle .
total 16
drwxr-xr-x  2 lyle lyle  4096 12월  2 07:49 .  <-- owner changed
drwx------ 30 lyle lyle 12288 12월  2 07:49 ..
$ docker run -it -p 127.0.0.1:8080:8080 -v "${HOME}/.local/share/code-server:/home/coder/.local/share/code-server" -v "$PWD:/home/coder/project" codercom/code-server:v2
info  Server listening on http://0.0.0.0:8080
info    - Password is 7d1110f0ad0735563f8fd151
info      - To use your own password, set the PASSWORD environment variable
info      - To disable use `--auth none`
info    - Not serving HTTPS

I think it is repetitive issue ( #403 )