Open JacobOkanta opened 3 years ago
The user is mysql, with user id 100 and group id 101.
mysql:x:100:101:mysql:/var/lib/mysql:/sbin/nologin
This is the default, to change the user would require amending the Dockerfile as the mysql user chowns the /run/mysqld & /var/lib/mysql directories.
You would probably have to rebuild the container, and amend to your liking. Maybe the Mariadb documentation has some more info for you https://mariadb.com/kb/en/documentation/
Hi @dominictayloruk , i need to reopen this issue. I stumpled upon this exact same problem. I was looking around the mysql and mariadb image which seems to support user change as per README on the docker hub https://hub.docker.com/_/mysql:
If there is any way to implement user change on docker-compose for this image this would help many setups in many ways and would much be appreciated. I really want to avoid setting up buildbots for changing that if there is any chance to implement this directly.
I also found this issue:
To clarify why this is needed here are the log-lines:
Whats the underlying storage setup?
Hey @dominictayloruk thanks for trying to help with this :+1:
I am using Docker on a Synology NAS and trying to set up nextcloud with alpine images.
So here are some details how my setup will look like:
I created a user (UID:1052 GID:100) that is used for all apps that will run docker containers. This user has full control of the folders and subfolders he is attached to including perm-changes.
This is the compose file part of mariadb i am using.
Note: I hardened the privileges for more security with no-new-privileges:true
version: '3.9'
services:
mariadb:
image: yobasystems/alpine-mariadb:latest
container_name: Nextcloud-DB
env_file: /volume1/NextCloud/credentials/credentials.env
security_opt:
- no-new-privileges:true
user: 1052:100
command: --user 1052:100 --transaction-isolation=READ-COMMITTED --log-bin=mariadb-binlog --binlog-format=ROW --innodb-read-only-compressed=OFF
volumes:
- /volume1/NextCloud/database:/var/lib/mysql:rw
environment:
- MYSQL_DATABASE=nextcloud
- MYSQL_USER=nextcloud
# - MYSQL_PASSWORD=credentials.env
# - MYSQL_ROOT_PASSWORD=credentials.env
- MYSQL_CHARSET=utf8mb4
- MYSQL_COLLATION=utf8mb4_general_ci
- TZ=Europe/Berlin
restart: on-failure:5
sysctls:
net.core.somaxconn: 65535
These are the permissions set on the host system beforehand:
700 /volume1/NextCloud/config 1052 33 directory
700 /volume1/NextCloud/credentials 1052 100 directory
700 /volume1/NextCloud/customapps 1052 33 directory
700 /volume1//NextCloud/database 1052 100 directory
700 /volume1/NextCloud/main 1052 33 directory
700 /volume1NextCloud/redis 1052 33 directory
700 /volume1/NextCloud/themes 1052 33 directory
Using btrfs and the synology kernel 3.10 with DSM 7.2 on synology braswell (Intel cpu) 716+ and the synology reverse proxy for ssl
Looking through the PR that fixed the issue in the original image tianon seems to have fixed it in this line 35 from here :
Im not sure if and how it could be translated to alpine linux as my knowledge is a bit off here i think. Looking further through the fix i think he is using gosu for it which seems to be available to alpine also from a fast google search.
I've been trying to change all of my containers to use a specific user on the host system, using the "user" config option in compose if the container doesn't support UID by default. This container seems to fail to start with that even if the ownership of directories are correct. This line seems most relevant but I'll link the full log "/usr/bin/mysqld: One can only use the --user switch if running as root" https://pastebin.com/53WYt41t Is this something that won't work with this container or am I doing just missing something?