Write permission denied (docker)

Error: EACCES: permission denied, open 'test.json'

So, this is the message returned by “Write Binary File” node.
I followed the Server Setup, I am using docker compose just for up n8n (the postgres is on separated server) so, the lines are:

n8n:
image: n8nio/n8n
restart: always
ports:
- “5678:5678”
environment:
- DB_TYPE=postgresdb
- DB_POSTGRESDB_HOST=${POSTGRES_HOST}
- DB_POSTGRESDB_PORT=${POSTGRES_PORT}
- DB_POSTGRESDB_DATABASE=${POSTGRES_DB}
- DB_POSTGRESDB_USER=${POSTGRES_NON_ROOT_USER}
- DB_POSTGRESDB_PASSWORD=${POSTGRES_NON_ROOT_PASSWORD}
- N8N_BASIC_AUTH_ACTIVE=true
- N8N_BASIC_AUTH_USER
- N8N_BASIC_AUTH_PASSWORD
- N8N_PORT=5678
- NODE_ENV=production
- GENERIC_TIMEZONE=${GENERIC_TIMEZONE}
volumes:
- ${DATA_FOLDER}/.n8n:/home/node/.n8n
- /home/node/n8n-local-files:/files

Yes, I created a user called “node” and it is the owner of “/home/node/n8n-local-files”. This user is also member of docker group so, I run docker-compose without sudo.
What I am doing wrong?

Server setup:

  • Docker version 20.10.12, build e91ed57
  • Docker Compose v2.2.2
  • Ubuntu 20.04 LTS
  • Latest version on n8n

Ah, one more thing: another server (a replica), just the root user (all the paths presented above were corrected obviously) and the same behavior.

Hey @powerPT, I am sorry to hear you’re having trouble here.

I’ve just set up a fresh Ubuntu server, installed docker & compose and then configured n8n in the way you have described. I didn’t run into any trouble with writing a file in the /files folder though:

Workflow used for this test
{
  "nodes": [
    {
      "parameters": {},
      "name": "Start",
      "type": "n8n-nodes-base.start",
      "typeVersion": 1,
      "position": [
        240,
        300
      ]
    },
    {
      "parameters": {
        "fileName": "/files/test.json"
      },
      "name": "Write Binary File",
      "type": "n8n-nodes-base.writeBinaryFile",
      "typeVersion": 1,
      "position": [
        900,
        300
      ]
    },
    {
      "parameters": {
        "values": {
          "string": [
            {
              "name": "foo",
              "value": "bar"
            }
          ]
        },
        "options": {}
      },
      "name": "Set",
      "type": "n8n-nodes-base.set",
      "typeVersion": 1,
      "position": [
        460,
        300
      ]
    },
    {
      "parameters": {
        "mode": "jsonToBinary",
        "options": {
          "fileName": "test.json"
        }
      },
      "name": "Move Binary Data",
      "type": "n8n-nodes-base.moveBinaryData",
      "typeVersion": 1,
      "position": [
        680,
        300
      ]
    }
  ],
  "connections": {
    "Start": {
      "main": [
        [
          {
            "node": "Set",
            "type": "main",
            "index": 0
          }
        ]
      ]
    },
    "Set": {
      "main": [
        [
          {
            "node": "Move Binary Data",
            "type": "main",
            "index": 0
          }
        ]
      ]
    },
    "Move Binary Data": {
      "main": [
        [
          {
            "node": "Write Binary File",
            "type": "main",
            "index": 0
          }
        ]
      ]
    }
  }
}

So to make sure I am not missing anything here, maybe you can share some additional details?

Are you running docker with your host node user? Which permissions does the /home/node/n8n-local-files directory on your host (/files in your container) have? And does a file (possibly with more restrictive) permissions possibly exist already in your folder?

And lastly, could you share your workflow?

Weird thing!
The folder is empty, the permissions of /home/node/n8n-local-files are 777 (just for the case).

I am using this workflow:https://n8n.io/workflows/101

{
  "nodes": [
    {
      "name": "Write Binary File",
      "type": "n8n-nodes-base.writeBinaryFile",
      "position": [
        800,
        350
      ],
      "parameters": {
        "fileName": "test.json"
      },
      "typeVersion": 1
    },
    {
      "name": "Make Binary",
      "type": "n8n-nodes-base.function",
      "position": [
        600,
        350
      ],
      "parameters": {
        "functionCode": "items[0].binary = {\n  data: {\n    data: new Buffer(JSON.stringify(items[0].json, null, 2)).toString('base64')\n  }\n};\nreturn items;"
      },
      "typeVersion": 1
    },
    {
      "name": "Create Example Data",
      "type": "n8n-nodes-base.function",
      "position": [
        390,
        350
      ],
      "parameters": {
        "functionCode": "items[0].json = {\n  \"text\": \"asdf\",\n  \"number\": 1\n};\nreturn items;"
      },
      "typeVersion": 1
    }
  ],
  "connections": {
    "Make Binary": {
      "main": [
        [
          {
            "node": "Write Binary File",
            "type": "main",
            "index": 0
          }
        ]
      ]
    },
    "Create Example Data": {
      "main": [
        [
          {
            "node": "Make Binary",
            "type": "main",
            "index": 0
          }
        ]
      ]
    }
  }
}

Oh, now it is working. The folder permissions wasn’t 777.
So, now I am running n8n as root, the folder is inside /root/n8n-local-files and with 755 I am not be able to write, now with 777 it can!
n8n is running weird

As I can see of the file properties, the uid and gid are 1000.

Docker n8n runs with uid and gid of 1000.

I had the same problem. The thing is in my VPS the 1000 uid gid is assigned to mysql user. The directories i created with root user didn’t let n8n write files there. You have to chown the folders to that of user 1000.

I had also open a topic but nothing happened. I think in the future they must provide an option to select the uid and gid in docker like many other projects do.

Docker owner of volume - Questions - n8n

1 Like

Many thanks for sharing these additional details here @Mulen and glad to hear you found a working approach @powerPT!

1 Like

@MutedJam The solution isn’t elegant.

Shal i open a feature request for that? For example if you use docker compose, to assign in the environment option something like that.


environment:
- PUID=1001
- PGID=1001

2 Likes

Seeing there are two people already for whom this has caused a slight irritation, I think this could be a good feature request indeed.

1 Like