Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Can't run as arbitrary user #1270

Open
tamis-laan opened this issue Sep 16, 2024 · 1 comment
Open

Can't run as arbitrary user #1270

tamis-laan opened this issue Sep 16, 2024 · 1 comment

Comments

@tamis-laan
Copy link

Using the following docker compose configuration:

services:
  postgres:
    container_name: postgres
    image: postgres:16.4-alpine
    environment:
      POSTGRES_DB: defaultdb
      POSTGRES_USER: postgres
      POSTGRES_PASSWORD: postgres
    ports:
      - "5432:5432"  
    volumes:
      - ./data/postgresql:/var/lib/postgresql/data
      - /etc/passwd:/etc/passwd:ro
    user: "1000:1000"
    healthcheck:
      test: ["CMD", "pg_isready", "-U", "postgres"]
      interval: 2s
      timeout: 2s
      retries: 5
      start_period: 0s
    restart: always

postgresql returns:

postgres          | chmod: /var/lib/postgresql/data: Operation not permitted
postgres          | chmod: /var/run/postgresql: Operation not permitted
postgres          | The files belonging to this database system will be owned by user "tux".
postgres          | This user must also own the server process.
postgres          |
postgres          | The database cluster will be initialized with locale "en_US.utf8".
postgres          | The default database encoding has accordingly been set to "UTF8".
postgres          | The default text search configuration will be set to "english".
postgres          |
postgres          | Data page checksums are disabled.
postgres          |
postgres          | initdb: error: could not change permissions of directory "/var/lib/postgresql/data": Operation not permitted
postgres          | chmod: /var/lib/postgresql/data: Operation not permitted
postgres          | chmod: /var/run/postgresql: Operation not permitted
postgres          | fixing permissions on existing directory /var/lib/postgresql/data ... The files belonging to this database system will be owned by user "tux".
postgres          | This user must also own the server process.
postgres          |
postgres          | The database cluster will be initialized with locale "en_US.utf8".
postgres          | The default database encoding has accordingly been set to "UTF8".
postgres          | The default text search configuration will be set to "english".
postgres          |
postgres          | Data page checksums are disabled.
postgres          |
postgres          | initdb: error: could not change permissions of directory "/var/lib/postgresql/data": Operation not permitted
postgres          | chmod: /var/lib/postgresql/data: Operation not permitted
postgres          | chmod: /var/run/postgresql: Operation not permitted
postgres          | fixing permissions on existing directory /var/lib/postgresql/data ... The files belonging to this database system will be owned by user "tux".
postgres          | This user must also own the server process.
postgres          |
postgres          | The database cluster will be initialized with locale "en_US.utf8".
postgres          | The default database encoding has accordingly been set to "UTF8".
postgres          | The default text search configuration will be set to "english".
postgres          |
postgres          | Data page checksums are disabled.
postgres          |
postgres          | initdb: error: could not change permissions of directory "/var/lib/postgresql/data": Operation not permitted
postgres          | chmod: /var/lib/postgresql/data: Operation not permitted
postgres          | chmod: /var/run/postgresql: Operation not permitted
postgres          | fixing permissions on existing directory /var/lib/postgresql/data ... The files belonging to this database system will be owned by user "tux".
postgres          | This user must also own the server process.
postgres          |
postgres          | The database cluster will be initialized with locale "en_US.utf8".
postgres          | The default database encoding has accordingly been set to "UTF8".
postgres          | The default text search configuration will be set to "english".
postgres          |
postgres          | Data page checksums are disabled.
postgres          |
postgres          | initdb: error: could not change permissions of directory "/var/lib/postgresql/data": Operation not permitted
postgres          | chmod: /var/lib/postgresql/data: Operation not permitted
postgres          | chmod: /var/run/postgresql: Operation not permitted
postgres          | fixing permissions on existing directory /var/lib/postgresql/data ... The files belonging to this database system will be owned by user "tux".
postgres          | This user must also own the server process.
postgres          |
postgres          | The database cluster will be initialized with locale "en_US.utf8".
postgres          | The default database encoding has accordingly been set to "UTF8".
postgres          | The default text search configuration will be set to "english".
postgres          |
postgres          | Data page checksums are disabled.
postgres          |
postgres          | initdb: error: could not change permissions of directory "/var/lib/postgresql/data": Operation not permitted
postgres          | chmod: /var/lib/postgresql/data: Operation not permitted
postgres          | chmod: /var/run/postgresql: Operation not permitted
postgres          | fixing permissions on existing directory /var/lib/postgresql/data ... The files belonging to this database system will be owned by user "tux".
postgres          | This user must also own the server process.
postgres          |
postgres          | The database cluster will be initialized with locale "en_US.utf8".
postgres          | The default database encoding has accordingly been set to "UTF8".
postgres          | The default text search configuration will be set to "english".
postgres          |
postgres          | Data page checksums are disabled.
postgres          |
postgres          | initdb: error: could not change permissions of directory "/var/lib/postgresql/data": Operation not permitted
postgres          | chmod: /var/lib/postgresql/data: Operation not permitted
postgres          | chmod: /var/run/postgresql: Operation not permitted
postgres          | fixing permissions on existing directory /var/lib/postgresql/data ... The files belonging to this database system will be owned by user "tux".
postgres          | This user must also own the server process.
postgres          |
postgres          | The database cluster will be initialized with locale "en_US.utf8".
postgres          | The default database encoding has accordingly been set to "UTF8".
postgres          | The default text search configuration will be set to "english".
postgres          |
postgres          | Data page checksums are disabled.
postgres          |
postgres          | initdb: error: could not change permissions of directory "/var/lib/postgresql/data": Operation not permitted
postgres          | chmod: /var/lib/postgresql/data: Operation not permitted
postgres          | chmod: /var/run/postgresql: Operation not permitted
postgres          | fixing permissions on existing directory /var/lib/postgresql/data ... The files belonging to this database system will be owned by user "tux".
postgres          | This user must also own the server process.
postgres          |
postgres          | The database cluster will be initialized with locale "en_US.utf8".
postgres          | The default database encoding has accordingly been set to "UTF8".
postgres          | The default text search configuration will be set to "english".
postgres          |
postgres          | Data page checksums are disabled.
postgres          |
postgres          | initdb: error: could not change permissions of directory "/var/lib/postgresql/data": Operation not permitted
postgres          | chmod: /var/lib/postgresql/data: Operation not permitted
postgres          | chmod: /var/run/postgresql: Operation not permitted
postgres          | fixing permissions on existing directory /var/lib/postgresql/data ... The files belonging to this database system will be owned by user "tux".
postgres          | This user must also own the server process.
postgres          |
postgres          | The database cluster will be initialized with locale "en_US.utf8".
postgres          | The default database encoding has accordingly been set to "UTF8".
postgres          | The default text search configuration will be set to "english".
postgres          |
postgres          | Data page checksums are disabled.
postgres          |
postgres          | initdb: error: could not change permissions of directory "/var/lib/postgresql/data": Operation not permitted
postgres          | fixing permissions on existing directory /var/lib/postgresql/data ...

According to the container docs this should work https://hub.docker.com/_/postgres (see Arbitrary --user Notes at the bottom of the page).
@tianon
Copy link
Member

tianon commented Sep 16, 2024

The prerequisite to this working is "as long as the owner of /var/lib/postgresql/data matches" -- did you pre-create ./data/postgresql on your host with appropriate ownership before starting the container? (If not, Docker probably created it for you with 0:0 ownership instead 🙈)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@tianon @tamis-laan