search

flightstats / hub

fault tolerant, highly available service for data storage and distribution
http://www.flightstats.com
MIT License
103 stars 35 forks source link

Permission Issues with latest Docker Image #1281

Closed seanstaley closed 2 years ago

seanstaley commented 2 years ago

When trying to start up the latest Docker image, I encountered some permission issues in the logs. 

16:25:40,068 |-INFO in ch.qos.logback.classic.LoggerContext[default] - Found resource [/etc/hub/logback.xml] at [file:/etc/hub/logback.xml]
16:25:40,076 |-ERROR in ch.qos.logback.classic.joran.JoranConfigurator@f6c48ac - Could not open URL [file:/etc/hub/logback.xml]. java.io.FileNotFoundException: /etc/hub/logback.xml (Permission denied)
    at java.io.FileNotFoundException: /etc/hub/logback.xml (Permission denied)
    at  at java.io.FileInputStream.open0(Native Method)
    at  at java.io.FileInputStream.open(FileInputStream.java:195)
    at  at java.io.FileInputStream.<init>(FileInputStream.java:138)
    at  at java.io.FileInputStream.<init>(FileInputStream.java:93)
    at  at sun.net.www.protocol.file.FileURLConnection.connect(FileURLConnection.java:90)
    at  at sun.net.www.protocol.file.FileURLConnection.getInputStream(FileURLConnection.java:188)
    at  at ch.qos.logback.core.joran.GenericConfigurator.doConfigure(GenericConfigurator.java:52)
    at  at ch.qos.logback.classic.util.ContextInitializer.configureByResource(ContextInitializer.java:75)
    at  at ch.qos.logback.classic.util.ContextInitializer.autoConfig(ContextInitializer.java:150)
    at  at org.slf4j.impl.StaticLoggerBinder.init(StaticLoggerBinder.java:84)
    at  at org.slf4j.impl.StaticLoggerBinder.<clinit>(StaticLoggerBinder.java:55)
    at  at org.slf4j.LoggerFactory.bind(LoggerFactory.java:150)
    at  at org.slf4j.LoggerFactory.performInitialization(LoggerFactory.java:124)
    at  at org.slf4j.LoggerFactory.getILoggerFactory(LoggerFactory.java:412)
    at  at org.slf4j.LoggerFactory.getLogger(LoggerFactory.java:357)
    at  at org.slf4j.LoggerFactory.getLogger(LoggerFactory.java:383)
    at  at com.flightstats.hub.app.HubMain.<clinit>(HubMain.java:14)

Exception in thread "main" java.lang.RuntimeException: /etc/hub/hub.properties (Permission denied)
    at com.flightstats.hub.config.properties.PropertiesLoader.load(PropertiesLoader.java:71)
    at com.flightstats.hub.app.HubMain.main(HubMain.java:24)

It appears that the user that the user the image utilizes does not have all the permissions that it needs. This PR gives the user that the container chooses to use permissions to own these directories.

lkemmerer commented 2 years ago

@duffmanpdx and @Paul-Hess This PR looks good to me, but I'm confused about why we didn't need these lines for it to work in our dev/staging/prod clusters. Any ideas?

Paul-Hess commented 2 years ago

@duffmanpdx and @Paul-Hess This PR looks good to me, but I'm confused about why we didn't need these lines for it to work in our dev/staging/prod clusters. Any ideas?

first guess would be that our build system that creates the directories that these bind mount to already have the proper permissions for the user we use set as default, we made some changes to users and permissions to stop the hub from running as root that may have made this come up downstream