Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Define User on Host #51

Open
JacobOkanta opened this issue Jun 1, 2021 · 4 comments
Open

Define User on Host #51

JacobOkanta opened this issue Jun 1, 2021 · 4 comments

Comments

@JacobOkanta
Copy link

I've been trying to change all of my containers to use a specific user on the host system, using the "user" config option in compose if the container doesn't support UID by default. This container seems to fail to start with that even if the ownership of directories are correct. This line seems most relevant but I'll link the full log "/usr/bin/mysqld: One can only use the --user switch if running as root" https://pastebin.com/53WYt41t Is this something that won't work with this container or am I doing just missing something?
@dominictayloruk
Copy link
Member

The user is mysql, with user id 100 and group id 101.

mysql:x:100:101:mysql:/var/lib/mysql:/sbin/nologin

This is the default, to change the user would require amending the Dockerfile as the mysql user chowns the /run/mysqld & /var/lib/mysql directories.

alpine-mariadb/alpine-mariadb-amd64/files/run.sh

Line 18 in 6b8eb2f

chown -R mysql:mysql /run/mysqld

alpine-mariadb/alpine-mariadb-amd64/files/run.sh

Line 23 in 6b8eb2f

chown -R mysql:mysql /var/lib/mysql

You would probably have to rebuild the container, and amend to your liking. Maybe the Mariadb documentation has some more info for you https://mariadb.com/kb/en/documentation/

@SoulInfernoDE
Copy link

SoulInfernoDE commented Jun 21, 2023
edited

Hi @dominictayloruk ,
i need to reopen this issue. I stumpled upon this exact same problem. I was looking around the mysql and mariadb image which seems to support user change as per README on the docker hub https://hub.docker.com/_/mysql:
image

If there is any way to implement user change on docker-compose for this image this would help many setups in many ways and would much be appreciated. I really want to avoid setting up buildbots for changing that if there is any chance to implement this directly.

I also found this issue:
#MariaDB/mariadb-docker#304

To clarify why this is needed here are the log-lines:
image
image
image
image

@dominictayloruk
Copy link
Member

Whats the underlying storage setup?

@SoulInfernoDE
Copy link

SoulInfernoDE commented Jun 22, 2023
edited

Hey @dominictayloruk thanks for trying to help with this 👍

I am using Docker on a Synology NAS and trying to set up nextcloud with alpine images.

So here are some details how my setup will look like:

I created a user (UID:1052 GID:100) that is used for all apps that will run docker containers. This user has full control of the folders and subfolders he is attached to including perm-changes.

This is the compose file part of mariadb i am using.

Note: I hardened the privileges for more security with no-new-privileges:true

version: '3.9'
services:
  mariadb:
    image: yobasystems/alpine-mariadb:latest
    container_name: Nextcloud-DB
    env_file: /volume1/NextCloud/credentials/credentials.env
    security_opt:
      - no-new-privileges:true
    user: 1052:100
    command: --user 1052:100 --transaction-isolation=READ-COMMITTED --log-bin=mariadb-binlog --binlog-format=ROW --innodb-read-only-compressed=OFF
    volumes:
      - /volume1/NextCloud/database:/var/lib/mysql:rw
    environment:
      - MYSQL_DATABASE=nextcloud
      - MYSQL_USER=nextcloud
#     - MYSQL_PASSWORD=credentials.env
#     - MYSQL_ROOT_PASSWORD=credentials.env
      - MYSQL_CHARSET=utf8mb4
      - MYSQL_COLLATION=utf8mb4_general_ci
      - TZ=Europe/Berlin
    restart: on-failure:5
    sysctls:
      net.core.somaxconn: 65535

These are the permissions set on the host system beforehand:

700 /volume1/NextCloud/config 1052 33 directory
700 /volume1/NextCloud/credentials 1052 100 directory
700 /volume1/NextCloud/customapps 1052 33 directory
700 /volume1//NextCloud/database 1052 100 directory
700 /volume1/NextCloud/main 1052 33 directory
700 /volume1NextCloud/redis 1052 33 directory
700 /volume1/NextCloud/themes 1052 33 directory

Using btrfs and the synology kernel 3.10 with DSM 7.2 on synology braswell (Intel cpu) 716+ and the synology reverse proxy for ssl

Looking through the PR that fixed the issue in the original image tianon seems to have fixed it in this line 35 from here :

docker-entrypoint.sh

Im not sure if and how it could be translated to alpine linux as my knowledge is a bit off here i think.
Looking further through the fix i think he is using gosu for it which seems to be available to alpine also from a fast google search.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@SoulInfernoDE @JacobOkanta @dominictayloruk