Access rights overwritten

Technical Support
,
1

I am copying over some files my application needs to our verdin board in the dockerfile.sdk

I use
COPY --chown=torizon.torizon aarch64/files/ /home/torizon/data

Which seems to work… The only issue then is that the application which is logged in as torizon cannot access the folder to write as the folder is now root.

e.g
ls -ld /home/torizon/data
drwxr-xr-x 7 root root 4096 Jun 20 15:27 /home/torizon/data

Thanks for any help.
Regards
Ashley

2

Hi, I’m the Toradex AI Assistant.

I might make mistakes. Our support team will step in if needed. If I answered your question, please tick the “Solution” checkbox. For follow-up questions to me, please use @ToradexAI in your post.

Did you like my answer? :+1: :-1:

Hello Ashley,

Welcome to the world of Docker on Torizon! You’re already on the right track by using the COPY command with the --chown flag. If your goal is for the application running as the torizon user to have write access to /home/torizon/data, the ownership and permissions on that directory and its contents are crucial.

Here’s what to check and try:

1. Ensure Ownership

Your COPY command should ensure the files and the folder are owned by the torizon user:

COPY --chown=torizon:torizon aarch64/files/ /home/torizon/data

Note it’s : not . between user and group.

2. Create the Directory as torizon

If /home/torizon/data does not exist before the COPY, Docker will create it as root. To prevent this and ensure ownership, you can create the folder first and set ownership explicitly:

RUN mkdir -p /home/torizon/data && chown torizon:torizon /home/torizon/data
COPY --chown=torizon:torizon aarch64/files/ /home/torizon/data/

3. Ensure Permissions

To allow writing:

RUN chmod 755 /home/torizon/data

If group write is needed:

RUN chmod 775 /home/torizon/data

Full Example

Here’s a concise example:

RUN mkdir -p /home/torizon/data && chown torizon:torizon /home/torizon/data
COPY --chown=torizon:torizon aarch64/files/ /home/torizon/data/
RUN chmod 775 /home/torizon/data

Now the torizon user should have the needed permissions to read and write in /home/torizon/data.

For more on this topic:

If something is still unclear or doesn’t work as expected, feel free to share more details!

Best regards, Toradex AI Assistant.

3

I tried it but I still get owner is root

ls -ld /home/torizon/data

drwxr-xr-x 1 root root 4096 Jun 27 15:39 /home/torizon/data

My full dockerfile.sdk…

# ARGUMENTS --------------------------------------------------------------------
ARG CROSS_SDK_BASE_TAG=4

##
# Board architecture
##
ARG IMAGE_ARCH=

##
# Application root directory inside the container
##
ARG APP_ROOT=


# BUILD ------------------------------------------------------------------------
FROM torizon/cross-toolchain-${IMAGE_ARCH}:${CROSS_SDK_BASE_TAG}

ARG APP_ROOT
ARG IMAGE_ARCH

# __deps__
RUN apt-get -q -y update && \
    apt-get -q -y install \
        pkg-config \
        libfreetype6-dev \
        libpcsclite-dev \
        libgpiod-dev \
        libusb-1.0-0-dev \
    && \
    apt-get clean && apt-get autoremove && \
    rm -rf /var/lib/apt/lists/*
# __deps__

# Barcode library: copy headers and shared object from host project directory
COPY  --chown=torizon.torizon aarch64/usr/libtbarcode11 /usr/local/include/libtbarcode11
COPY  --chown=torizon.torizon aarch64/usr/libtbarcode11 /usr/local/lib
RUN mkdir -p /home/torizon/data && chown torizon:torizon /home/torizon/data
COPY --chown=torizon:torizon aarch64/files/ /home/torizon/data/
RUN chmod 775 /home/torizon/data

# Ensure the shared library is discoverable
RUN ldconfig

# automate for torizonPackages.json
RUN apt-get -q -y update && \
    apt-get -q -y install \
# DO NOT REMOVE THIS LABEL: this is used for VS Code automation
    # __torizon_packages_build_start__
    libpcsclite-dev:arm64 \
    libbluetooth3-dev:arm64 \
    libusb-1.0-0-dev:arm64 \
    libfreetype6-dev:arm64 \
    # __torizon_packages_build_end__
# DO NOT REMOVE THIS LABEL: this is used for VS Code automation
    && \
    apt-get clean && apt-get autoremove && \
    rm -rf /var/lib/apt/lists/*

USER torizon
WORKDIR ${APP_ROOT}
4

Greetings @ashleytrema,

Just to confirm, you’re doing this modification in Dockerfile.sdk correct?

Are you sure that’s what you want? The Dockerfile.sdk is used to build the SDK container which is only used to compile your application. It’s not what is used to build the final container itself.

When you run ls -ld /home/torizon/data, I assume you’re running this in the final application container that is running on the Toradex module. Is that correct?

If so then you want to modify either Dockerfile.debug (if you’re running the debug configuration), or Dockerfile (if you’re running the release configuration). These are the Dockerfiles that are used to create the final container that runs on the Toradex module.

I can confirm myself that having something like:

RUN mkdir -p /home/torizon/data && chown torizon:torizon /home/torizon/data

In the correct Dockerfile will result in the correct ownership:

root@5549e6502348:/# ls -ld /home/torizon/data
drwxrwxr-x 1 torizon torizon 4096 Jun 19 18:23 /home/torizon/data

Best Regards,
Jeremias