search

docker-library / postgres

Docker Official Image packaging for Postgres
http://www.postgresql.org
MIT License
2.2k stars 1.14k forks source link

Can't run as arbitrary user #1270

Open tamis-laan opened 2 months ago

tamis-laan commented 2 months ago

Using the following docker compose configuration:

services:
  postgres:
    container_name: postgres
    image: postgres:16.4-alpine
    environment:
      POSTGRES_DB: defaultdb
      POSTGRES_USER: postgres
      POSTGRES_PASSWORD: postgres
    ports:
      - "5432:5432"  
    volumes:
      - ./data/postgresql:/var/lib/postgresql/data
      - /etc/passwd:/etc/passwd:ro
    user: "1000:1000"
    healthcheck:
      test: ["CMD", "pg_isready", "-U", "postgres"]
      interval: 2s
      timeout: 2s
      retries: 5
      start_period: 0s
    restart: always

postgresql returns:

postgres          | chmod: /var/lib/postgresql/data: Operation not permitted
postgres          | chmod: /var/run/postgresql: Operation not permitted
postgres          | The files belonging to this database system will be owned by user "tux".
postgres          | This user must also own the server process.
postgres          |
postgres          | The database cluster will be initialized with locale "en_US.utf8".
postgres          | The default database encoding has accordingly been set to "UTF8".
postgres          | The default text search configuration will be set to "english".
postgres          |
postgres          | Data page checksums are disabled.
postgres          |
postgres          | initdb: error: could not change permissions of directory "/var/lib/postgresql/data": Operation not permitted
postgres          | chmod: /var/lib/postgresql/data: Operation not permitted
postgres          | chmod: /var/run/postgresql: Operation not permitted
postgres          | fixing permissions on existing directory /var/lib/postgresql/data ... The files belonging to this database system will be owned by user "tux".
postgres          | This user must also own the server process.
postgres          |
postgres          | The database cluster will be initialized with locale "en_US.utf8".
postgres          | The default database encoding has accordingly been set to "UTF8".
postgres          | The default text search configuration will be set to "english".
postgres          |
postgres          | Data page checksums are disabled.
postgres          |
postgres          | initdb: error: could not change permissions of directory "/var/lib/postgresql/data": Operation not permitted
postgres          | chmod: /var/lib/postgresql/data: Operation not permitted
postgres          | chmod: /var/run/postgresql: Operation not permitted
postgres          | fixing permissions on existing directory /var/lib/postgresql/data ... The files belonging to this database system will be owned by user "tux".
postgres          | This user must also own the server process.
postgres          |
postgres          | The database cluster will be initialized with locale "en_US.utf8".
postgres          | The default database encoding has accordingly been set to "UTF8".
postgres          | The default text search configuration will be set to "english".
postgres          |
postgres          | Data page checksums are disabled.
postgres          |
postgres          | initdb: error: could not change permissions of directory "/var/lib/postgresql/data": Operation not permitted
postgres          | chmod: /var/lib/postgresql/data: Operation not permitted
postgres          | chmod: /var/run/postgresql: Operation not permitted
postgres          | fixing permissions on existing directory /var/lib/postgresql/data ... The files belonging to this database system will be owned by user "tux".
postgres          | This user must also own the server process.
postgres          |
postgres          | The database cluster will be initialized with locale "en_US.utf8".
postgres          | The default database encoding has accordingly been set to "UTF8".
postgres          | The default text search configuration will be set to "english".
postgres          |
postgres          | Data page checksums are disabled.
postgres          |
postgres          | initdb: error: could not change permissions of directory "/var/lib/postgresql/data": Operation not permitted
postgres          | chmod: /var/lib/postgresql/data: Operation not permitted
postgres          | chmod: /var/run/postgresql: Operation not permitted
postgres          | fixing permissions on existing directory /var/lib/postgresql/data ... The files belonging to this database system will be owned by user "tux".
postgres          | This user must also own the server process.
postgres          |
postgres          | The database cluster will be initialized with locale "en_US.utf8".
postgres          | The default database encoding has accordingly been set to "UTF8".
postgres          | The default text search configuration will be set to "english".
postgres          |
postgres          | Data page checksums are disabled.
postgres          |
postgres          | initdb: error: could not change permissions of directory "/var/lib/postgresql/data": Operation not permitted
postgres          | chmod: /var/lib/postgresql/data: Operation not permitted
postgres          | chmod: /var/run/postgresql: Operation not permitted
postgres          | fixing permissions on existing directory /var/lib/postgresql/data ... The files belonging to this database system will be owned by user "tux".
postgres          | This user must also own the server process.
postgres          |
postgres          | The database cluster will be initialized with locale "en_US.utf8".
postgres          | The default database encoding has accordingly been set to "UTF8".
postgres          | The default text search configuration will be set to "english".
postgres          |
postgres          | Data page checksums are disabled.
postgres          |
postgres          | initdb: error: could not change permissions of directory "/var/lib/postgresql/data": Operation not permitted
postgres          | chmod: /var/lib/postgresql/data: Operation not permitted
postgres          | chmod: /var/run/postgresql: Operation not permitted
postgres          | fixing permissions on existing directory /var/lib/postgresql/data ... The files belonging to this database system will be owned by user "tux".
postgres          | This user must also own the server process.
postgres          |
postgres          | The database cluster will be initialized with locale "en_US.utf8".
postgres          | The default database encoding has accordingly been set to "UTF8".
postgres          | The default text search configuration will be set to "english".
postgres          |
postgres          | Data page checksums are disabled.
postgres          |
postgres          | initdb: error: could not change permissions of directory "/var/lib/postgresql/data": Operation not permitted
postgres          | chmod: /var/lib/postgresql/data: Operation not permitted
postgres          | chmod: /var/run/postgresql: Operation not permitted
postgres          | fixing permissions on existing directory /var/lib/postgresql/data ... The files belonging to this database system will be owned by user "tux".
postgres          | This user must also own the server process.
postgres          |
postgres          | The database cluster will be initialized with locale "en_US.utf8".
postgres          | The default database encoding has accordingly been set to "UTF8".
postgres          | The default text search configuration will be set to "english".
postgres          |
postgres          | Data page checksums are disabled.
postgres          |
postgres          | initdb: error: could not change permissions of directory "/var/lib/postgresql/data": Operation not permitted
postgres          | chmod: /var/lib/postgresql/data: Operation not permitted
postgres          | chmod: /var/run/postgresql: Operation not permitted
postgres          | fixing permissions on existing directory /var/lib/postgresql/data ... The files belonging to this database system will be owned by user "tux".
postgres          | This user must also own the server process.
postgres          |
postgres          | The database cluster will be initialized with locale "en_US.utf8".
postgres          | The default database encoding has accordingly been set to "UTF8".
postgres          | The default text search configuration will be set to "english".
postgres          |
postgres          | Data page checksums are disabled.
postgres          |
postgres          | initdb: error: could not change permissions of directory "/var/lib/postgresql/data": Operation not permitted
postgres          | fixing permissions on existing directory /var/lib/postgresql/data ...

According to the container docs this should work https://hub.docker.com/_/postgres (see Arbitrary --user Notes at the bottom of the page).

tianon commented 2 months ago

The prerequisite to this working is "as long as the owner of /var/lib/postgresql/data matches" -- did you pre-create ./data/postgresql on your host with appropriate ownership before starting the container? (If not, Docker probably created it for you with 0:0 ownership instead :see_no_evil:)