Non-root user apps and `renv`

asadow · February 21, 2024, 11:15pm

Was anyone able to get renv to work successfully with an app whose Dockerfile changes the user to one that is not root?

Whenever I try to add renv set-up and commands, I get errors on start-up or renv starts downloading packages. E.g. after docker run -p 3838:3838 my-image,

R is a collaborative project with many contributors.
Type 'contributors()' for more information and
'citation()' on how to cite R or R packages in publications.

Type 'demo()' for some demos, 'help()' for on-line help, or
'help.start()' for an HTML browser interface to help.
Type 'q()' to quit R.

# Bootstrapping renv 1.0.2 [sha: 464e042] ------------------------------------
- Downloading renv ... OK
- Installing renv  ... ^COK

Dockerfile:

FROM rocker/shiny-verse:4.2.2

## For igraph from dm (GH issue: may become Suggested)
RUN apt-get -y update && apt-get -y install \
    libglpk-dev \
    libgmp3-dev \
    libxml2-dev \
    && apt-get clean \
    && rm -rf /var/lib/apt/lists/

RUN R -e "install.packages('renv', repos = c(CRAN = 'https://cloud.r-project.org'))"

RUN echo "local(options(shiny.port = 3838, shiny.host = '0.0.0.0'))" > /usr/local/lib/R/etc/Rprofile.site

RUN mkdir /home/app
WORKDIR /home/app
## Copy application code
COPY shiny .
## Install dependencies
RUN Rscript -e 'renv::restore()'

## Set up non-root user
RUN addgroup --system app \
    && adduser --system --ingroup app app
RUN chown app:app -R .
USER app

EXPOSE 3838

CMD ["R", "-e", "shiny::runApp('/home/app/')"]

kramerrs · March 1, 2024, 5:22pm

R and renv have complicated search paths for libraries. I use renv in a Dockerfile, as root it just seems to just work, but I am not sure where the libraries are getting installed in this instance. I suspect they are in the /home/root/… path prefix.

There are different options for renv. The one comes to mind would be to activate a local library prior to restoring, then run the command from that project. renv::activate() then renv::restore().

I would be interested in what you find. I haven’t found a good way to have renv directly install packages into the system directory, though it is possible to create a library with the above activate/restore methodology and copy/link into the system directory. That works for sure.