I’m running a Node-RED container on my MikroTik RB5009 RouterOS 7.18.2.
I’m trying to install the node-red-contrib-modbus package inside the container, but I’m encountering a strange issue:
With a mounted volume: I get a “permission denied” error during the installation of the package.
Without a mounted volume: The installation completes without any issues.
This Issue occurs every time I create a new container and use a mounted volume as storage, so it’s consistently reproducible.
Is there a way to fix this problem, or could this be a bug?
Any advice or suggestions would be greatly appreciated!
How did you create the nodered1 directory on the attached USB drive? If you used RouterOS’s buildin /file commands, then the created directory has the 644 mode. Note lack of the “execute” flag. That may be the cause.
I have created 3 folders.
Folder one (nodered-mount) i haven´t created myself, i just added the path on /container/mount and let it create the folder. Permissions=775
Folder two (nodered-routeros) i created with /files. Permissions=644
Folder three (nodered-sftp) i created with sftp. Permissions=700
With Folder one the container starts, but i can not install the addon.
With Folder two and three the container does not start (Permissions to create a setting file denied)
I have tried to change the folder permissions with sftp but it does not let me. The permissions stay the same as before.
Is there any other way to change file permissions?
Check also directory ownership, if you have for example directory with 755 permission owned by root, but node red process is running with different user it will still not able to write into it.
Thank you for the suggested solutions.
Here’s what I’ve tried so far:
Changed the folder owner and permissions on the USB stick using my PC – no change
In the /container/shell, I ran chown -R node-red:node-red /data – no change.
Also tried chmod -R 777 /data in the shell – no change.
Created a new container with user=0 – still no change.
I can now see via SFTP that the Mount Point has correctly adopted the 777 permissions.
However, as soon as I use a mount for /data, I get a “Permission denied” error when trying to install the addon.
Could be same issue as this. I think (could not check now while writing this) that on ROS mounted dirs for container doesn’t have exec permission (mount noexec flag, which denies exec even if file has exec permission), but node red (by running npm) wants to run shell script from it while installing package and it fails because of it. You can check this using mount command from container shell.
If that is the case, not sure if you can workaround this without performing install while this dir is not mounted and when is installed (install all needed packages) temporary copy its content into other dir and put it back when mounted, make sure that copy process from/to preserves ownerships and permissions (tar archive can also be used for this). This also complicates packages upgrade, you can file feature request to Mikrotik to add option (some boolean property) in ROS for mounts to have exec permission.
Edit:
Checked, noexec is probable cause of the issue, example from one of my container mount: /dev/sda on /config type ext4 (rw,nosuid,nodev,noexec,relatime). Since such directories cannot be remounted inside container shell to enable exec using mount -o remount,exec <mount_point> as I see only way to workaround this issue is as described above.
You’re right. I also checked using the mount command inside the container shell and I can confirm the noexec flag is set:
/dev/sda on /data type btrfs (rw,nosuid,nodev,noexec,relatime,space_cache=v2,subvolid=5,subvol=/container/appdata/nodered)
As far as I understand, only MikroTik itself can change the noexec flag, so I’ll go ahead and submit a feature request. In the meantime, I’ll try out your workaround. Thanks for the help!
