Closed o-alquimista closed 3 years ago
With the user specified, the entrypoint no longer has the permissions to change the ownership of the volume (https://github.com/MariaDB/mariadb-docker/blob/master/docker-entrypoint.sh#L163). If you change the ownership of the top level directory in the volume to 100000:100000 before starting it should start correctly.
Remember that issue I opened a few months ago about permission errors?
Now I'm running the container with --user set to an arbitrary user. This results in data and socket directories that are owned by this user. I find it surprising because I didn't expect that would work out of the box.
That's exactly what I'm trying to do, but using Windows instead of GNU/Linux, and Docker instead of Podman. Maybe it's due to differences between the two OSes, or differences between Docker and Podman?
The previous issue only executes a permission change if the user if uid=0. This is already a mapped user in podman and isn't a privileged user. What is the motivation for using user
for you?
Testing your case with podman GNU/Linux:
$ podman volume create database
database
# using your Dockerfile
$ buildah bud --tag mariadb-docker:382 .
STEP 1: FROM mariadb:10.5
$ podman run -i --user=100000:100000 -v database:/var/lib/mysql mariadb-docker:382
Error: lchown /home/dan/.local/share/containers/storage/volumes/database/_data: invalid argument
$ podman run -i --user=example:example -v database:/var/lib/mysql mariadb-docker:382
Error: OCI runtime error: cannot setresgid to 100000: Invalid argument
(so number is probably high into the uid mappings)
(changing 100000 -> 10000 and rebuilding)
$ buildah bud --tag mariadb-docker:382 .
STEP 1: FROM mariadb:10.5
STEP 2: ENV MARIADB_ROOT_PASSWORD="example"
STEP 3: ENV MARIADB_USER="example"
STEP 4: ENV MARIADB_PASSWORD="example"
STEP 5: ENV MARIADB_ROOT_HOST="localhost"
STEP 6: RUN groupadd --gid 10000 example && adduser --no-create-home --uid 10000 --ingroup example --disabled-login --disabled-password --gecos "Example" example
Adding user `example' ...
$ podman run -i --user=example:example -v database:/var/lib/mysql mariadb-docker:382
2021-07-12 03:23:27+00:00 [Note] [Entrypoint]: Entrypoint script for MariaDB Server 1:10.5.11+maria~focal started.
2021-07-12 03:23:27+00:00 [Note] [Entrypoint]: Initializing database files
....
2021-07-12 3:23:31 0 [Note] Reading of all Master_info entries succeeded
2021-07-12 3:23:31 0 [Note] Added new Master_info '' to hash table
2021-07-12 3:23:31 0 [Note] mysqld: ready for connections.
Version: '10.5.11-MariaDB-1:10.5.11+maria~focal' socket: '/run/mysqld/mysqld.sock' port: 3306 mariadb.org binary distribution
As we see above podman is changing the ownership on the volume when the container is started.
So it seems that the Windows Docker Compose isn't changing the permissions on the volume. As the container is started as example
it won't have the needed permissions to change the ownership on any non-example directory. So it cannot be fixed with any change to the mariadb container.
If there is any guidance that could help when you seek help on https://github.com/docker/for-win please let me know.
What is the motivation for using user for you?
It's not so important, really. I can keep using the default mysql
user. It works for me.
Maybe this issue will be helpful to future visitors who rely more on this Windows/Docker setup. I mostly use Podman and Linux.
Context
I have been successfully running this MariaDB container as an arbitrary user on GNU/Linux. On Windows 10, for some reason, it only works if I keep using the default
mysql
user.Setup
Docker Compose service definition (relevant line is
user:
):MariaDB image build:
Logs
Am I doing something wrong?