in the docker-compse file should set user: uid:gid by id command get ,to avoid permission denied, mkdir error

[luojiyin1987]

Your Environment

• verdaccio version: 5.22.0
• node version 18.14.0:
• package manager: [npm@7, pnpm@6, yarn@2]
• os: [linux Ubuntu 22.04]
• platform: [docker 23.0.1, build a5ee5b1]

Describe the bug
when use local mirror , docker log

verdaccio  | info --- config file  - /verdaccio/conf/config.yaml
verdaccio  | info --- "crypt" algorithm is deprecated consider switch to "bcrypt". Read more: https://github.com/verdaccio/monorepo/pull/580
verdaccio  | info --- plugin successfully loaded: verdaccio-htpasswd
verdaccio  | info --- plugin successfully loaded: verdaccio-audit
verdaccio  | warn --- http address - http://0.0.0.0:4873/ - verdaccio/5.22.0
verdaccio  | info <-- 192.168.2.114 requested 'GET /create-next-app'
verdaccio  | info --- auth/allow_action: access granted to: undefined
verdaccio  | info --- allowed access for create-next-app
verdaccio  | http <-- 200, user: null(192.168.2.114), req: 'GET /create-next-app', bytes: 0/0
verdaccio  | info --- making request: 'GET https://registry.npmjs.org/create-next-app'
verdaccio  | http --- ERR, req: 'GET https://registry.npmjs.org/create-next-app', error: read ECONNRESET
verdaccio  | http <-- 503, user: null(192.168.2.114), req: 'GET /create-next-app', error: resource unavailable
verdaccio  | info <-- 192.168.2.114 requested 'GET /create-next-app'
verdaccio  | info --- auth/allow_action: access granted to: undefined
verdaccio  | info --- allowed access for create-next-app
verdaccio  | http <-- 200, user: null(192.168.2.114), req: 'GET /create-next-app', bytes: 0/0
verdaccio  | info --- making request: 'GET https://registry.npmjs.org/create-next-app'
verdaccio  | http --- 200, req: 'GET https://registry.npmjs.org/create-next-app' (streaming)
verdaccio  | http --- 200, req: 'GET https://registry.npmjs.org/create-next-app', bytes: 0/6657692
verdaccio  | error--- unexpected error: EACCES: permission denied, mkdir '/verdaccio/storage/create-next-app'
verdaccio  | Error: EACCES: permission denied, mkdir '/verdaccio/storage/create-next-app'
verdaccio  | http <-- 500, user: null(192.168.2.114), req: 'GET /create-next-app', error: internal server error
^CGracefully stopping... (press Ctrl+C again to force)

To Reproduce

Expected behavior

Screenshots, server logs, package manager log

Configuration File (cat ~/.config/verdaccio/config.yaml)

Environment information

Debugging output
Inspiration

before docker-compose file

version: '3.1'

services:
  verdaccio:
    image: verdaccio/verdaccio
    restart: always
    container_name: 'verdaccio'
    ports:
      - '4873:4873'
    volumes:
      - './storage:/storage'
      - './config:/verdaccio/conf'
      - './plugins:/plugins'
~                               

I change it to

version: '3.1'

services:
  verdaccio:
    image: verdaccio/verdaccio
    restart: always
    user: 1000:1000
    container_name: 'verdaccio'
    ports:
      - '4873:4873'
    volumes:
      - './storage:/storage'
      - './config:/verdaccio/conf'
      - './plugins:/plugins'                              

it work, no error!!!

I hope this is helpful to newbies。

this is my config file , it is in config folder。
├── config
│   └── config.yaml

#
# This is the default config file. It allows all users to do anything,
# so don't use it on production systems.
#
# Look here for more config file examples:
# https://github.com/verdaccio/verdaccio/tree/master/conf
#

# path to a directory with all packages
storage: /storage
# path to a directory with plugins to include
plugins: /plugins
# print logs
# logs: ./logs

web:
  title: Verdaccio
  # comment out to disable gravatar support
  # gravatar: false
  # by default packages are ordercer ascendant (asc|desc)
  # sort_packages: asc
  # convert your UI to the dark side
  # darkMode: true
  #  HTML tags injected after manifest <scripts/>
  # scriptsBodyAfter:
  #    - '<script type="text/javascript" src="https://my.company.com/customJS.min.js"></script>'
  #  HTML tags injected before ends </head>
  #  metaScripts:
  #    - '<script type="text/javascript" src="https://code.jquery.com/jquery-3.5.1.slim.min.js"></script>'
  #    - '<script type="text/javascript" src="https://browser.sentry-cdn.com/5.15.5/bundle.min.js"></script>'
  #    - '<meta name="robots" content="noindex" />'
  #  HTML tags injected first child at <body/>
  #  bodyBefore:
  #    - '<div id="myId">html before webpack scripts</div>'
  #  Public path for template manifest scripts (only manifest)
  #  publicPath: http://somedomain.org/
# translate your registry, api i18n not available yet
# i18n:
# list of the available translations https://github.com/verdaccio/ui/tree/master/i18n/translations
#   web: en-US

auth:
  htpasswd:
    file: ./htpasswd
    # Maximum amount of users allowed to register, defaults to "+inf".
    # You can set this to -1 to disable registration.
    # max_users: 1000

# a list of other known repositories we can talk to
uplinks:
  npmjs:
    url: https://registry.npmjs.org/

packages:
  '@*/*':
    # scoped packages
    access: $all
    publish: $authenticated
    unpublish: $authenticated
    proxy: npmjs

  '**':
    # allow all users (including non-authenticated users) to read and
    # publish all packages
    #
    # you can specify usernames/groupnames (depending on your auth plugin)
    # and three keywords: "$all", "$anonymous", "$authenticated"
    access: $all

    # allow all known users to publish/publish packages
    # (anyone can register by default, remember?)
    publish: $authenticated
    unpublish: $authenticated

    # if package is not available locally, proxy requests to 'npmjs' registry
    proxy: npmjs

server:
  # deprecated
  keepAliveTimeout: 60
#  rateLimit:
#    windowMs: 1000
#    max: 10000

middlewares:
  audit:
    enabled: true
listen: 0.0.0.0:4873

# log settings
logs:
  # Logger as STDOUT
  { type: stdout, format: pretty, level: http }
  # Logger as STDOUT as JSON
  # { type: stdout, format: json, level: http }
  # Logger as STDOUT as JSON
  # { type: stdout, format: pretty-timestamped, level: http }
  # Logger as STDOUT as custom prettifier
  # { type: stdout, plugin: { dest: '@verdaccio/logger-prettify' : options: { foo: 1, bar: 2}}, level: http }
  # Logger as file
  # { type: file, path: verdaccio.log, level: http}
  # FIXME: this should be documented
  # More info about log rotation https://github.com/pinojs/pino/blob/master/docs/help.md#log-rotation

# This affect the web and api (not developed yet)
i18n:
  web: en-US

Contribute to Verdaccio

• I'm willing to fix this bug 🥇

[juanpicado]

Go ahead, thanks for sharing that, I wasn't aware of that property 🙏

[luojiyin1987]

@juanpicado , I hope update the docment

[juanpicado]

@luojiyin1987 looks a great idea, if you need help where to add this info, just update this two files at this repo.

[luojiyin1987]

@juanpicado I create a PR. the docker-compose.yml should be :

version: '3.1'

services:
  verdaccio:
    image: verdaccio/verdaccio
    restart: always
    container_name: 'verdaccio'
    ports:
      - '4873:4873'
    volumes:
      - './storage:/storage'
      - './config:/conf'
      - './plugins:/plugins'     

I want to know who maintain the docker file , I have some confusion.

[luojiyin1987]

volumes set is no effect.
I create a VM , ubuntu 22.04 with sudo user.
I need

chown -R user:user  plugins  storage 

and add

user: 1000:1000

to docker-compose.yaml

---

other people use root run docker-compose file, no need to do anything.

[luojiyin1987]

I run docker history verdaccio/verdaccio

docker  history  verdaccio/verdaccio
IMAGE          CREATED       CREATED BY                                      SIZE      COMMENT
63638b3bfaa0   2 weeks ago   CMD ["/bin/sh" "-c" "verdaccio --config /ver…   0B        buildkit.dockerfile.v0
<missing>      2 weeks ago   ENTRYPOINT ["uid_entrypoint"]                   0B        buildkit.dockerfile.v0
<missing>      2 weeks ago   VOLUME [/verdaccio/storage]                     0B        buildkit.dockerfile.v0
<missing>      2 weeks ago   EXPOSE map[4873/tcp:{}]                         0B        buildkit.dockerfile.v0
<missing>      2 weeks ago   USER 10001                                      0B        buildkit.dockerfile.v0
<missing>      2 weeks ago   RUN /bin/sh -c adduser -u $VERDACCIO_USER_UI…   5.12kB    buildkit.dockerfile.v0
<missing>      2 weeks ago   ADD docker-bin /opt/verdaccio/docker-bin # b…   243B      buildkit.dockerfile.v0
<missing>      2 weeks ago   ADD conf/docker.yaml /verdaccio/conf/config.…   7.35kB    buildkit.dockerfile.v0
<missing>      2 weeks ago   RUN /bin/sh -c npm install -g $VERDACCIO_APP…   35.2MB    buildkit.dockerfile.v0
<missing>      2 weeks ago   USER root                                       0B        buildkit.dockerfile.v0
<missing>      2 weeks ago   COPY /opt/tarball . # buildkit                  688kB     buildkit.dockerfile.v0
<missing>      2 weeks ago   RUN /bin/sh -c mkdir -p /verdaccio/storage /…   0B        buildkit.dockerfile.v0
<missing>      2 weeks ago   RUN /bin/sh -c apk --no-cache add openssl du…   952kB     buildkit.dockerfile.v0
<missing>      2 weeks ago   WORKDIR /opt/verdaccio                          0B        buildkit.dockerfile.v0
<missing>      2 weeks ago   ENV PATH=/opt/verdaccio/docker-bin:/usr/loca…   0B        buildkit.dockerfile.v0
<missing>      2 weeks ago   ENV VERDACCIO_APPDIR=/opt/verdaccio VERDACCI…   0B        buildkit.dockerfile.v0
<missing>      2 weeks ago   LABEL maintainer=https://github.com/verdacci…   0B        buildkit.dockerfile.v0
<missing>      5 weeks ago   /bin/sh -c #(nop)  CMD ["node"]                 0B
<missing>      5 weeks ago   /bin/sh -c #(nop)  ENTRYPOINT ["docker-entry…   0B
<missing>      5 weeks ago   /bin/sh -c #(nop) COPY file:4d192565a7220e13…   388B
<missing>      5 weeks ago   /bin/sh -c apk add --no-cache --virtual .bui…   7.78MB
<missing>      5 weeks ago   /bin/sh -c #(nop)  ENV YARN_VERSION=1.22.19     0B
<missing>      5 weeks ago   /bin/sh -c addgroup -g 1000 node     && addu…   159MB
<missing>      5 weeks ago   /bin/sh -c #(nop)  ENV NODE_VERSION=18.14.0     0B
<missing>      5 weeks ago   /bin/sh -c #(nop)  CMD ["/bin/sh"]              0B
<missing>      5 weeks ago   /bin/sh -c #(nop) ADD file:40887ab7c06977737…   7.05MB

I find

<missing>      2 weeks ago   USER 10001                                      0B        buildkit.dockerfile.v0
```and
```shell
<missing>      2 weeks ago   USER root                                       0B        buildkit.dockerfile.v0

and

<missing>      5 weeks ago   /bin/sh -c addgroup -g 1000 node     && addu…   159MB

why use different user ？
why use use root user, not Non-privileged user status ?

[luojiyin1987]

I use hadolint tool

 docker  run --rm -i hadolint/hadolint hadolint  "$@" -  < Dockerfile
-:7 DL3018 warning: Pin versions in apk add. Instead of `apk add <package>` use `apk add <package>=<version>`
-:7 DL3019 info: Use the `--no-cache` switch to avoid the need to use `--update` and remove `/var/cache/apk/*` when done installing packages
-:37 DL3018 warning: Pin versions in apk add. Instead of `apk add <package>` use `apk add <package>=<version>`
-:39 DL3059 info: Multiple consecutive `RUN` instructions. Consider consolidation.
-:44 DL3020 error: Use COPY instead of ADD for files and folders
-:59 DL3025 warning: Use arguments JSON notation for CMD and ENTRYPOINT arguments

[luojiyin1987]

it is My finish docker-compose.yml

version: '3.1'

services:
  verdaccio:
    image: verdaccio/verdaccio
    restart: always
    user:  1000:1000
      #container_name: 'verdaccio'
    ports:
      - '4873:4873'
    volumes:
      - './storage:/verdaccio/storage'
      - './config:/verdaccio/conf'
      - './plugins:/plugins'

run the id on the host

id
uid=1000(node2) gid=1000(node2) groups=1000(node2),4(adm),24(cdrom),27(sudo),30(dip),46(plugdev),110(lxd),999(docker),1001(microk8s)

so add user set to docker-compose.yml file

user:  1000:1000

Based on what get from id command.
@juanpicado