Permission denied when running as non-root

[tbouron]

I'm trying to using this Docker image to build all Apache Brooklyn sub repos. However, I do have an issue when building this one: https://github.com/apache/brooklyn-server. Some of the tests within that repo fail to create folders/files, even though the docker container is ran with the uid and gid of the folder owner (based on these instructions: https://github.com/carlossg/docker-maven#running-as-non-root)

To reproduce:

1. git clone https://github.com/apache/brooklyn-server
2. cd brooklyn-server
3. docker build -t brooklyn:server .
4. docker run --rm -i --name brooklyn-server -u $(id -u ${whoami}):$(id -g ${whoami}) -v ${HOME}/.m2:/var/maven/.m2 -v ${PWD}:/usr/build -w /usr/build -e MAVEN_CONFIG=/var/maven/.m2 brooklyn:server mvn clean install -Duser.home=/var/maven

This will fail with multiple

ERROR: Unable to create cache directory: /var/maven/.brooklyn/osgi/cache/WRq4Oi2C
ERROR: Error creating bundle cache.
java.lang.RuntimeException: Unable to create cache directory.

An ls -la on the host machine and within the brooklyn-server folder shows that the owner is the user I run the docker container with:

$> whoami
thomasbouron

$> id -u ${whoami}
501

$> id -g ${whoami}
20

$> ls -la
total 368
drwxr-xr-x  29 thomasbouron  staff     928 27 Jul 15:39 .
drwxr-xr-x  26 thomasbouron  staff     832 27 Jul 15:00 ..
-rw-r--r--   1 thomasbouron  staff      40  6 Oct  2017 .git
-rw-r--r--   1 thomasbouron  staff     172  6 Oct  2017 .gitattributes
-rw-r--r--   1 thomasbouron  staff     279  6 Oct  2017 .gitignore
drwxr-xr-x   3 thomasbouron  staff      96 15 Feb 10:26 .mvn
-rw-r--r--   1 thomasbouron  staff     897 15 Feb 10:26 Dockerfile
-rw-r--r--   1 thomasbouron  staff  130032 27 Jul 15:00 LICENSE
-rw-r--r--   1 thomasbouron  staff   19135 27 Jul 15:00 NOTICE
-rw-r--r--   1 thomasbouron  staff     855 15 Feb 10:26 README.md
drwxr-xr-x   6 thomasbouron  staff     192 27 Jul 15:08 api
-rw-r--r--   1 thomasbouron  staff     574  6 Oct  2017 brooklyn-server.iml
drwxr-xr-x   9 thomasbouron  staff     288 27 Jul 15:09 camp
drwxr-xr-x   7 thomasbouron  staff     224 27 Jul 15:47 core
drwxr-xr-x  11 thomasbouron  staff     352 27 Jul 09:12 karaf
drwxr-xr-x   6 thomasbouron  staff     192 27 Jul 15:00 launcher
drwxr-xr-x   6 thomasbouron  staff     192 27 Jul 09:23 launcher-common
drwxr-xr-x   4 thomasbouron  staff     128  6 Oct  2017 locations
drwxr-xr-x   4 thomasbouron  staff     128  6 Oct  2017 logging
drwxr-xr-x   5 thomasbouron  staff     160 27 Jul 15:04 parent
drwxr-xr-x   6 thomasbouron  staff     192 27 Jul 09:22 policy
-rw-r--r--   1 thomasbouron  staff   11827 18 Jul 13:11 pom.xml
drwxr-xr-x   5 thomasbouron  staff     160  6 Oct  2017 rest
drwxr-xr-x   9 thomasbouron  staff     288 27 Jul 15:00 server-cli
drwxr-xr-x   4 thomasbouron  staff     128  6 Oct  2017 software
drwxr-xr-x   4 thomasbouron  staff     128 27 Jul 15:04 target
drwxr-xr-x   6 thomasbouron  staff     192 27 Jul 09:23 test-framework
drwxr-xr-x   6 thomasbouron  staff     192 27 Jul 15:09 test-support
drwxr-xr-x   8 thomasbouron  staff     256  6 Oct  2017 utils

$> docker run --rm -i --name brooklyn-server -u $(id -u ${whoami}):$(id -g ${whoami}) -v ${HOME}/.m2:/var/maven/.m2 -v ${PWD}:/usr/build -w /usr/build -e MAVEN_CONFIG=/var/maven/.m2 brooklyn:server ls -la .
total 188
drwxr-xr-x   29 501      dialout        928 Jul 27 14:39 .
drwxr-xr-x    1 root     root          4096 Jul 27 15:03 ..
-rw-r--r--    1 501      dialout         40 Oct  6  2017 .git
-rw-r--r--    1 501      dialout        172 Oct  6  2017 .gitattributes
-rw-r--r--    1 501      dialout        279 Oct  6  2017 .gitignore
drwxr-xr-x    3 501      dialout         96 Feb 15 10:26 .mvn
-rw-r--r--    1 501      dialout        897 Feb 15 10:26 Dockerfile
-rw-r--r--    1 501      dialout     130032 Jul 27 14:00 LICENSE
-rw-r--r--    1 501      dialout      19135 Jul 27 14:00 NOTICE
-rw-r--r--    1 501      dialout        855 Feb 15 10:26 README.md
drwxr-xr-x    6 501      dialout        192 Jul 27 14:08 api
-rw-r--r--    1 501      dialout        574 Oct  6  2017 brooklyn-server.iml
drwxr-xr-x    9 501      dialout        288 Jul 27 14:09 camp
drwxr-xr-x    7 501      dialout        224 Jul 27 14:47 core
drwxr-xr-x   11 501      dialout        352 Jul 27 08:12 karaf
drwxr-xr-x    6 501      dialout        192 Jul 27 14:00 launcher
drwxr-xr-x    6 501      dialout        192 Jul 27 08:23 launcher-common
drwxr-xr-x    4 501      dialout        128 Oct  6  2017 locations
drwxr-xr-x    4 501      dialout        128 Oct  6  2017 logging
drwxr-xr-x    5 501      dialout        160 Jul 27 14:04 parent
drwxr-xr-x    6 501      dialout        192 Jul 27 08:22 policy
-rw-r--r--    1 501      dialout      11827 Jul 18 12:11 pom.xml
drwxr-xr-x    5 501      dialout        160 Oct  6  2017 rest
drwxr-xr-x    9 501      dialout        288 Jul 27 14:00 server-cli
drwxr-xr-x    4 501      dialout        128 Oct  6  2017 software
drwxr-xr-x    4 501      dialout        128 Jul 27 14:04 target
drwxr-xr-x    6 501      dialout        192 Jul 27 08:23 test-framework
drwxr-xr-x    6 501      dialout        192 Jul 27 14:09 test-support
drwxr-xr-x    8 501      dialout        256 Oct  6  2017 utils

What is very strange is that other subrepos like https://github.com/apache/brooklyn-library works perfectly fine with the same config. In any case, the code is actually compiled properly in each target folder . It seems that there is an issue when the file/folder to be created is at the root of the build folder.
It definitely looks similar to #83.

[slachiewicz]

You try to map ${HOME}/.m2 to container's /var/maven/.m2
please check if you have ${HOME}/.m2 directory already created and owned by 501:20 before trying to run container. If You try to run container and directory not exists, it will be created by Docker as root.

[tbouron]

Ooops sorry I forgot to reply. Indeed it was a permission issue so everything is fine :)