ArchiveBox: Question: ... How to fix Permission denied: '/data'

I’m following the setup instructions using docker-compose.

When I run docker-compose run archivebox init I get

[i] [2020-11-16 13:38:31] ArchiveBox v0.4.21: archivebox init
    > /data

Traceback (most recent call last):
  File "/usr/local/bin/archivebox", line 33, in <module>
    sys.exit(load_entry_point('archivebox', 'console_scripts', 'archivebox')())
  File "/app/archivebox/cli/__init__.py", line 123, in main
    run_subcommand(
  File "/app/archivebox/cli/__init__.py", line 63, in run_subcommand
    module.main(args=subcommand_args, stdin=stdin, pwd=pwd)    # type: ignore
  File "/app/archivebox/cli/archivebox_init.py", line 33, in main
    init(
  File "/app/archivebox/util.py", line 113, in typechecked_function
    return func(*args, **kwargs)
  File "/app/archivebox/main.py", line 259, in init
    is_empty = not len(set(os.listdir(out_dir)) - ALLOWED_IN_OUTPUT_DIR)
PermissionError: [Errno 13] Permission denied: '/data'

Please how can I fix this?

About this issue

  • Original URL
  • State: closed
  • Created 4 years ago
  • Comments: 28 (7 by maintainers)

Most upvoted comments

sudo chmod -R 777 data

@Prn-Ice had that same issue. First delete existing data folder the create it again with mkdir data command 😃

I’m experiencing the same issue as @junpet on Ubuntu 18.04, latest docker-ce (20.10.2) and latest docker-compose.

I think that the underlying issue is that the docker entrypoint file https://github.com/ArchiveBox/ArchiveBox/blob/dev/bin/docker_entrypoint.sh tries to do some magic to drop privileges. But it probably gets something wrong and/or sharing the volumes between multiple containers does something bad to the permissions.

My workaround includes using POSIX ACLs, so you can retain access from the current user

id -u
docker run  -it archivebox/archivebox:latest /usr/bin/id -u

Annotate the two uids. They are 122 and 999 on my box, substitute as necessary.

mkdir data
setfacl -R -m u:122:rwx data
setfacl -d -m u:122:rwx data
setfacl -R -m u:999:rwx data
setfacl -d -m u:999:rwx data

Everything should work properly now.

I’m going to investigate changing the archivebox docker user in the Dockerfile to reduce problems like this with volume ownership. I’ve looked at how a few other projects do it and I think there’s a way to fix the UID/GID within docker to be the same as the external user at runtime.

@HeinWinToe I think this is an issue with the container changing permissions. I already chown’ed the directories, but recreating the container sets ownership to root:root

@pirate Great. If I have time I may look into it. For example, linuxserver.io has some custom scripts to ensure permissions. From the build repo for linuxserver/plex, for instance, they have a script to ensure correct permissions.

@bdelwood @junpet

You need to change owner.

Try it with sudo chown {uid}:{gid} -R data. You can find your UID and GID using id command.

same error nowadays, macOS Monterey 12.5, have tried everything mentioned in the post, but the problem persists.

I’ve already checked this post

https://github.com/ArchiveBox/ArchiveBox/issues/948

Sorry for late answer, I had no time. Just tried to spin up, and its working (well, I haven’t done anything, just running the container). Time to read the docs. Thanks your hard work!

This should be fixed now in the latest v0.5.4 release (including PGID/PUID support), please give it a try. Report back here if you have any problems and I can reopen the issue.

It might not be relevant, as I’m no expert. But I notice that the quickstart guide shows docker run -v $PWD:/data -it archivebox/archivebox init docker run -v $PWD:/data -it archivebox/archivebox --version

Which could be root, and if I run: docker run -v $PWD:/data --user 1000:1000 -it archivebox/archivebox init It fails to init. Is it possible that running the init as root, and then the main docker as user could have anything to do with this problem?

@HeinWinToe Still does not work. I set the correct owner and rights, I wrote above, but as @bdelwood mentioned, the container messes up everything and does not start.

[+] Initializing a new ArchiveBox collection in this folder...
    /data
------------------------------------------------------------------

[+] Building archive folder structure...
Traceback (most recent call last):
  File "/usr/local/bin/archivebox", line 33, in <module>
    sys.exit(load_entry_point('archivebox', 'console_scripts', 'archivebox')())
  File "/app/archivebox/cli/__init__.py", line 129, in main
    run_subcommand(
  File "/app/archivebox/cli/__init__.py", line 69, in run_subcommand
    module.main(args=subcommand_args, stdin=stdin, pwd=pwd)    # type: ignore
  File "/app/archivebox/cli/archivebox_init.py", line 33, in main
    init(
  File "/app/archivebox/util.py", line 112, in typechecked_function
    return func(*args, **kwargs)
  File "/app/archivebox/main.py", line 305, in init
    Path(SOURCES_DIR).mkdir(exist_ok=True)
  File "/usr/local/lib/python3.9/pathlib.py", line 1312, in mkdir
    self._accessor.mkdir(self, mode)
PermissionError: [Errno 13] Permission denied: '/data/sources'

Similar here. I set 777 to the volume folder, but I got:

> docker-compose run archivebox init
Creating archivebox_archivebox_run ... done
[i] [2020-11-27 10:20:48] ArchiveBox v0.4.24: archivebox init
    > /data

[+] Initializing a new ArchiveBox collection in this folder...
    /data
------------------------------------------------------------------

[+] Building archive folder structure...
Traceback (most recent call last):
  File "/usr/local/bin/archivebox", line 33, in <module>
    sys.exit(load_entry_point('archivebox', 'console_scripts', 'archivebox')())
  File "/app/archivebox/cli/__init__.py", line 123, in main
    run_subcommand(
  File "/app/archivebox/cli/__init__.py", line 63, in run_subcommand
    module.main(args=subcommand_args, stdin=stdin, pwd=pwd)    # type: ignore
  File "/app/archivebox/cli/archivebox_init.py", line 33, in main
    init(
  File "/app/archivebox/util.py", line 113, in typechecked_function
    return func(*args, **kwargs)
  File "/app/archivebox/main.py", line 295, in init
    Path(SOURCES_DIR).mkdir(exist_ok=True)
  File "/usr/local/lib/python3.8/pathlib.py", line 1287, in mkdir
    self._accessor.mkdir(self, mode)
PermissionError: [Errno 13] Permission denied: '/data/sources'

My docker-compose.yml. I’ve tried with and without OUTPUT_PERMISSIONS, no luck.

version: "3.8"

services:
  archivebox:
    image: archivebox/archivebox
    container_name: archivebox
    restart: always
    # security_opt:
    #   - no-new-privileges:true
    environment:
      - SUBMIT_ARCHIVE_DOT_ORG=False
      # - OUTPUT_PERMISSIONS=777
    volumes:
      - archivebox-data:/data
    networks:
      - traefik2-network
    labels:
      - "traefik.enable=true"
      ## HTTP Routers
      - "traefik.http.routers.archivebox-rtr.entrypoints=https"
      - "traefik.http.routers.archivebox-rtr.rule=Host(`ab.$CLOUDFLARE_DOMAINNAME`)"
      - "traefik.http.routers.archivebox-rtr.tls=true"
      ## Middlewares
      # - "traefik.http.routers.archivebox-rtr.middlewares=no-auth-chain@file" # No Authentication
      # - "traefik.http.routers.archivebox-rtr.middlewares=basic-auth-chain@file" # Basic Authentication
      - "traefik.http.routers.authelia-rtr.middlewares=authelia-chain@file" # Authelia SSO
      ## HTTP Services
      - "traefik.http.routers.archivebox-rtr.service=archivebox-svc"
      - "traefik.http.services.archivebox-svc.loadbalancer.server.port=8000"

volumes:
  archivebox-data:
    driver: local-persist
    driver_opts:
      mountpoint: ${DOCKER_VOLUMES}/archivebox

networks:
  traefik2-network:
    external: true

After setting 777. Edit (I’d like to clarify I did use -R):

sudo chmod -R 777 ${DOCKER_VOLUMES}/archivebox
drwxrwxrwx  2 root             root             4.0K Nov 27 06:01 archivebox

After running docker-compose run archivebox init

drwxr-xr-x  2 root             root             4.0K Nov 27 06:01 archivebox

I run with my user the docker-compose commands. Hope this helps.