cancel
Showing results for 
Search instead for 
Did you mean: 
richielky
Mission Specialist
Mission Specialist
  • 4,979 Views

Skopeo Permission on /run Directory

Any reason why skopeo login require /run to be permission?

What permission needed by skopeo to create container folder chmod 777?

Error of skopeo login to registry.redhat.io using # skopeo login registry.redhat.io

FATA[0011] mkdir /run/containers: permission denied

Labels (1)
Tags (1)
4 Replies
flozano
Moderator
Moderator
  • 4,956 Views

Tools such as skopeo use the /run folder to store transient, user-specific data. Every user should get a personal folder, named after their uid, automatically and you shouldn't try to "fix" that using chmod commands. If you do see errors now, they are probably related to some previous change in these folders.

To see which folder belongs to your user:

echo $XDG_RUNTIME_DIR

Another possibility: f you are using RHEL older than 8.2, some container tools will not work as expected in rootless mode.

0 Kudos
richielky
Mission Specialist
Mission Specialist
  • 4,931 Views

Thank for the explanation.

0 Kudos
sfusato
Mission Specialist
Mission Specialist
  • 4,764 Views

Hi,

I am currently sutdying Containers as well. I came across the same issue and I wanted to add some of the things I found.

When logging as root and substituing `user` using `su`, then this message occurs. Instead, directly logging to the system with a normal user (rootless mode) then the environment variable $XDG_RUNTIME_DIR will be properly set: 

----

Test 1: connected to the system as root then run `su student`. This test should fail because user inherits the $XDG_RUNTIME_DIR​ from root:

[user@local ~]$ ssh root@192.168.122.40
root@192.168.122.40's password:
Last login: Sat Aug 21 18:55:39 2021 from 192.168.122.1
[root@rhel8 ~]# su student
[student@rhel8 root]$ echo $XDG_RUNTIME_DIR​
/run/user/0​
[student@rhel8 root]$

[student@rhel8 root]$ skopeo login docker.io
FATA[0000] reading auth file: 1 error occurred:
* error reading JSON file "/run/user/0/containers/auth.json": open /run/user/0/containers/auth.json: permission denied

Test 2: connected to the system as root then run `su - student`. This test should fail because the $XDG_RUNTIME_DIR​ is not set.

[user@local ~]$ ssh root@192.168.122.40
root@192.168.122.40's password:
Last login: Sat Aug 21 19:09:17 2021
[root@rhel8 ~]# su - student
Last login: sáb ago 21 19:06:26 CEST 2021 on pts/1
[student@rhel8 ~]$ echo $XDG_RUNTIME_DIR​

[root@rhel8 ~]# echo $?
0

[student@rhel8 ~]$ skopeo login docker.io
Username: dockerusername
Password:
FATA[0011] 1 error occurred:
* mkdir /run/containers: permission denied

Test 3: Logging to the system directly with normal user. Skope login to registry should succeed.

[user@local ~]$ ssh student@192.168.122.40
student@192.168.122.40's password:
Last login: Sat Aug 21 19:15:21 2021

[student@rhel8 ~]$ echo $XDG_RUNTIME_DIR​
/run/user/1000​
[student@rhel8 user]$ ls -ld /run/user/1000/
drwx------. 6 student student 140 ago 21 03:39 /run/user/1000/

[student@rhel8 ~]$ skopeo login docker.io
Authenticating with existing credentials...
Existing credentials are valid. Already logged in to docker.io
[student@rhel8 ~]$

[student@rhel8 ~]$ cat /etc/redhat-release
Red Hat Enterprise Linux release 8.4 (Ootpa)

----

I'm wondering if this is working as designed. 

Thanks.

  • 3,231 Views

KB article "XDG_RUNTIME_DIR is not set and /run/user/<UID> does not exist when using su or sudo to switch user" [1] should be mentioned here and offers some further insights.

 

[1] https://access.redhat.com/solutions/6634751

0 Kudos
Join the discussion
You must log in to join this conversation.