search

pgadmin-org / pgadmin4

pgAdmin is the most popular and feature rich Open Source administration and development platform for PostgreSQL, the most advanced Open Source database in the world.
https://www.pgadmin.org
Other
2.44k stars 638 forks source link

Docker folder permissions changed #7103

Open 100lv opened 8 months ago

100lv commented 8 months ago

Hi, I'm using PGAdmin to manage my postgres databases and just discovered a bit strange behavior - every time when container is recreated (due to upgrade) or docker service is restarted (this is really interesting) - permissions of the folder are "Reseted". This is an issue because I want to backup the folder of docker and as I'm running containers without root access - this is an issue. Workaround that I tried to perform is after initial creation of container - to add additional ACLs that grant read / write permissions to docker use - and then - my backup SW (running again in container) can backup data and when it's necessary - to restore it. The problem is that every time when docker service is restarted - permissions are restored and backup is not working. Also it will be very good if it's possible to run container with "custom" user.

khushboovashi commented 8 months ago

Hi @100lv,

Are you talking about which folders? In case of data directory (storage directory), it should not happen on docker restart. You can also mount an external volume for storage to avoid this from occurring.

Thanks.

100lv commented 8 months ago

Hi @khushboovashi, So situation is following - I have a docker container with volume defined as follow: volumes:

(this is Docker compose notation).

I have a docker user with ID and GID - 1000 / 995. All other containers (including backup SW) are running with this user.

To grant them access to folder I'm using following commands:

# sudo setfacl -Rm user:docker:rwx ./pgadmin

# sudo setfacl -Rmd user:docker:rwx ./pgadmin

When I check the permissions:

getfacl pgadmin4.db

# file: pgadmin4.db

# owner: 5050

# group: root

user::rw-

user:docker:rwx

group::rwx

group:docker:rwx

mask::rwx

other::---

If I restart docker service, after the restart permissions are changed as follow:

sudo systemctl restart docker.service

check what is the situation:

getfacl pgadmin4.db

# file: pgadmin4.db

# owner: 5050

# group: root

user::rw-

user:docker:rwx #effective:---

group::rwx #effective:---

group:docker:rwx #effective:---

mask::---

other::---

Same happens if I recreate the container (stop / rm / up ) This doesn't happen if container is restarted by "docker compose restart pgadmin"

I don't have similar issues with any other container so I expect that may be there is a problem with this container. If you need more details - please ask me and if it's necessary - I can provide you with remote access.