rshiny running with shiny user: Permission denied

[jproberson]

Container image name

rocker/shiny

Container image digest

rocker/shiny@sha256:42dfd31b5fe3f4affb2e20be8c04ccfde212566a55ae7f3826a4e318dece75ef

What operating system are you seeing the problem on?

Windows

System information

• Docker version: 4.18.0 (104112)
• Windows version: 10.0.22621 Build 22621

Bug description

I am aware of the previously closed threads suggesting this is a non-issue with updated S6 changes.
However, I can't seem to understand what I would be doing incorrectly for such a simple test running with a shiny user.
Running with the latest rocker/shiny image.

docker run --name shiny --user shiny -p 3838:3838 rocker/shiny

[s6-init] making user provided files available at /var/run/s6/etc...exited 0.
[s6-init] ensuring user provided files have correct perms...s6-chown: fatal: unable to chown /var/run/s6/etc/cont-init.d/01_set_env: Operation not permitted
s6-chmod: fatal: unable to change mode of /var/run/s6/etc/cont-init.d/01_set_env: Operation not permitted
s6-chown: fatal: unable to chown /var/run/s6/etc/services.d/shiny-server/run: Operation not permitted
s6-chmod: fatal: unable to change mode of /var/run/s6/etc/services.d/shiny-server/run: Operation not permitted
exited 0.
[fix-attrs.d] applying ownership & permissions fixes...
[fix-attrs.d] done.
[cont-init.d] executing container initialization scripts...
[cont-init.d] 01_set_env: executing...
sed: couldn't open temporary file /usr/local/lib/R/etc/sedSOcjEn: Permission denied
skipping /var/run/s6/container_environment/CRAN
/var/run/s6/etc/cont-init.d/01_set_env: line 9: /usr/local/lib/R/etc/Renviron.site: Permission denied
sed: couldn't open temporary file /usr/local/lib/R/etc/sedLLcyh2: Permission denied
skipping /var/run/s6/container_environment/CWD
/var/run/s6/etc/cont-init.d/01_set_env: line 9: /usr/local/lib/R/etc/Renviron.site: Permission denied
sed: couldn't open temporary file /usr/local/lib/R/etc/sedt2D0nl: Permission denied
skipping /var/run/s6/container_environment/HOME
sed: couldn't open temporary file /usr/local/lib/R/etc/sed8kAasx: Permission denied
/var/run/s6/etc/cont-init.d/01_set_env: line 9: /usr/local/lib/R/etc/Renviron.site: Permission denied
skipping /var/run/s6/container_environment/HOSTNAME
sed: couldn't open temporary file /usr/local/lib/R/etc/sedno3tx8: Permission denied
skipping /var/run/s6/container_environment/LANG
/var/run/s6/etc/cont-init.d/01_set_env: line 9: /usr/local/lib/R/etc/Renviron.site: Permission denied
sed: couldn't open temporary file /usr/local/lib/R/etc/sedCYALvy: Permission denied
skipping /var/run/s6/container_environment/PANDOC_VERSION
/var/run/s6/etc/cont-init.d/01_set_env: line 9: /usr/local/lib/R/etc/Renviron.site: Permission denied
sed: couldn't open temporary file /usr/local/lib/R/etc/sedYzA3u5: Permission denied
skipping /var/run/s6/container_environment/PATH
/var/run/s6/etc/cont-init.d/01_set_env: line 9: /usr/local/lib/R/etc/Renviron.site: Permission denied
sed: couldn't open temporary file /usr/local/lib/R/etc/seduy4Vi2: Permission denied
skipping /var/run/s6/container_environment/R_HOME
/var/run/s6/etc/cont-init.d/01_set_env: line 9: /usr/local/lib/R/etc/Renviron.site: Permission denied
sed: couldn't open temporary file /usr/local/lib/R/etc/sedK2qbxl: Permission denied
/var/run/s6/etc/cont-init.d/01_set_env: line 9: /usr/local/lib/R/etc/Renviron.site: Permission denied
skipping /var/run/s6/container_environment/R_VERSION
sed: couldn't open temporary file /usr/local/lib/R/etc/sedYH3NSl: Permission denied
/var/run/s6/etc/cont-init.d/01_set_env: line 9: /usr/local/lib/R/etc/Renviron.site: Permission denied
skipping /var/run/s6/container_environment/S6_VERSION
sed: couldn't open temporary file /usr/local/lib/R/etc/sedtsDR7l: Permission denied
skipping /var/run/s6/container_environment/SHINY_SERVER_VERSION
/var/run/s6/etc/cont-init.d/01_set_env: line 9: /usr/local/lib/R/etc/Renviron.site: Permission denied
sed: couldn't open temporary file /usr/local/lib/R/etc/sedZJ86q8: Permission denied
/var/run/s6/etc/cont-init.d/01_set_env: line 9: /usr/local/lib/R/etc/Renviron.site: Permission denied
skipping /var/run/s6/container_environment/TZ
[cont-init.d] 01_set_env: exited 0.
[cont-init.d] done.
[services.d] starting services
[services.d] done.

Is there something I am missing to just run a simple shiny server?

How to reproduce this bug?

docker run --name shiny --user shiny -p 3838:3838 rocker/shiny

[eitsupi]

Could you please explain the problem in more detail? Are those errors preventing Shiny Server from working?

[jproberson]

@eitsupi
Technically it seems to still run, however, I know it isn't passing along env variables when ran in a docker-compose file. Which seems related to the error messages. I am unsure if there are other things not mapped over correctly via the permission denied.

If I don't run with a shiny user, and instead with the root user my env vars come through just fine. (and no extra error logs)

Are these logs expected behavior when not running at root?

[eitsupi]

Thank you for your reply.
If my understanding is correct, that is currently the expected behavior.

In other words, Shiny Server normally does not read the host machine's environment variables, so it needs to write the vars to the Renviron file, and the init scripts tries to write it to the root user's file, so running the init script as a non-root user will result in an error.
I think the workaround is to have a separate writable Renviron file and write the environment variables to it.

[jproberson]

Interesting, thank you for the information!

I ended up managing to get it to work by giving shiny ownership of the following:
RUN chown -R shiny:shiny /usr/local/lib/R/etc

S6 logs still don't play nice, but the env variable came through.
Not 100% sure if it'll cause me to not have anything important from the ./init