I run my django app in Docker. I recently tried running collecstatic and instead was given this error code:
>docker-compose exec web python manage.py collectstatic
Traceback (most recent call last):
File "/code/manage.py", line 22, in <module>
main()
File "/code/manage.py", line 18, in main
execute_from_command_line(sys.argv)
File "/usr/local/lib/python3.11/site-packages/django/core/management/__init__.py", line 442, in execute_from_command_line
utility.execute()
...
PermissionError: [Errno 13] Permission denied: '/code/static/admin/img/tooltag-arrowright.bbfb788a849e.svg.gz'
I added a USER at the end of my Dockerfile so that the USER isn’t root which I know is a security vulnerability. Here is my Dockerfile:
# Pull base image
FROM python:3.11.4-slim-bullseye
# Set environment variables
ENV PIP_NO_CACHE_DIR off
ENV PIP_DISABLE_PIP_VERSION_CHECK 1
ENV PYTHONUNBUFFERED 1
ENV PYTHONDONTWRITEBYTECODE 1
ENV COLUMNS 80
#install Debian and other dependencies that are required to run python apps(eg. git, python-magic).
RUN apt-get update
&& apt-get install -y --force-yes python3-pip ffmpeg git libmagic-dev libpq-dev gcc
&& rm -rf /var/lib/apt/lists/*
# Set working directory for Docker image
WORKDIR /code/
# Install dependencies
COPY requirements.txt .
RUN pip install -r requirements.txt
# Copy project
COPY . .
# Create a custom non-root user
RUN useradd -m example-user
# Grant necessary permissions to write directories and to user 'example-user'
RUN mkdir -p /code/media /code/static &&
chown -R example-user:example-user
1. List item
/code/media /code/static
# Change permissions of /code directory
RUN chmod -R 755 /code
# Switch to the non-root user. All this avoids running Celery with root/superuser priviledges which is a security risk
USER example-user
And my docker-compose-yml file:
#version: "3.9"
services:
web:
build: .
#command: python /code/manage.py runserver 0.0.0.0:8000
command: gunicorn mysite.wsgi -b 0.0.0.0:8000 --reload
volumes:
- .:/code
ports:
- 8000:8000
depends_on:
- db
- redis
- celery
environment:
- "DJANGO_SECRET_KEY=scret_key"
- "DJANGO_DEBUG=True"
- "DJANGO_SECURE_SSL_REDIRECT=False"
- "DJANGO_SECURE_HSTS_SECONDS=0"
- "DJANGO_SECURE_HSTS_INCLUDE_SUBDOMAINS=False"
- "DJANGO_SECURE_HSTS_PRELOAD=False"
- "DJANGO_SESSION_COOKIE_SECURE=False" # new
- "ACCESS_KEY_ID=scret_id"
- "SECRET_ACCESS_KEY=scret_key"
- "STORAGE_BUCKET_NAME=bucket"
- "S3_CUSTOM_DOMAIN=domain"
- CELERY_BROKER_URL=redis://redis:6379/0
- CELERY_RESULT_BACKEND=redis://redis:6379/0
user: example-user
db:
image: postgres:13
volumes:
- postgres_data:/var/lib/postgresql/data/
environment:
- "POSTGRES_HOST_AUTH_METHOD=trust"
redis:
image: redis:6
ports:
- 6379:6379
celery:
build: .
command: celery -A mysite worker --loglevel=info
volumes:
- .:/code
depends_on:
- redis
- db
environment:
- "DJANGO_SECRET_KEY=scret_key"
- "DJANGO_DEBUG=True"
- "DJANGO_SECURE_SSL_REDIRECT=False"
- "DJANGO_SECURE_HSTS_SECONDS=0"
- "DJANGO_SECURE_HSTS_INCLUDE_SUBDOMAINS=False"
- "DJANGO_SECURE_HSTS_PRELOAD=False"
- "DJANGO_SESSION_COOKIE_SECURE=False" # new
- "ACCESS_KEY_ID=scret_id"
- "SECRET_ACCESS_KEY=scret_key"
- "STORAGE_BUCKET_NAME=name"
- "S3_CUSTOM_DOMAIN=domain"
- CELERY_BROKER_URL=redis://redis:6379/0
- CELERY_RESULT_BACKEND=redis://redis:6379/0
user: example-user
volumes:
postgres_data:
I also added chmod -R 755 /code/media /code/static however it still did not work and the results are the same. When I run docker-compose exec web ls -l /code/static the results indicate that all files/folders are being run as root execpt staticfiles.json:
total 16
drwxrwxrwx 1 root root 4096 Apr 5 05:42 admin
drwxrwxrwx 1 root root 4096 Sep 21 22:36 css
drwxrwxrwx 1 root root 4096 Sep 21 22:36 human
drwxrwxrwx 1 root root 4096 Sep 18 18:42 img
-rw-r--r-- 1 user-mani user-mani 13091 Sep 21 22:36 staticfiles.json
drwxrwxrwx 1 root root 4096 Sep 21 22:36 transcribe