[英]Permission issue with PostgreSQL in docker container
I'm trying to run a docker image with PostgreSQL that has a volume configured for persisting data.我正在尝试使用 PostgreSQL 运行 docker 图像,该图像的卷配置为持久化数据。
version: '3.1'
services:
db:
image: postgres
restart: always
volumes:
- ./data:/var/lib/postgresql/data
environment:
POSTGRES_PASSWORD: example
When I start the container I see the output当我启动容器时,我看到 output
fixing permissions on existing directory /var/lib/postgresql/data... ok
修复现有目录 /var/lib/postgresql/data 的权限...好的
and the data folder is no longer readable for me.数据文件夹对我来说不再可读。
If I elevate myself and access the data directory I can see that the files are there.如果我提升自己并访问数据目录,我可以看到文件在那里。 Furthermore, the command
ls -ld data
gives me此外,命令
ls -ld data
给我
drwx------ 19 systemd-coredump root 4096 May 17 16:22 data
I can manually set the directory permission with sudo chmod 755 data
, but that only works until I restart the container.我可以使用
sudo chmod 755 data
手动设置目录权限,但这只在我重新启动容器之前有效。
Why does this happen, and how can I fix it?为什么会发生这种情况,我该如何解决?
The other answer indeed points to the root cause of the problem, however the help page it points to does not contain a solution.另一个答案确实指出了问题的根本原因,但是它指向的帮助页面不包含解决方案。 Here is what I came up with to make this work for me:
这是我想出的为我完成这项工作的方法:
version: '3.7'
services:
db:
image: postgres
container_name: postgres
volumes:
- ./data:/var/lib/postgresql/data
environment:
POSTGRES_USER: fake_database_user
POSTGRES_PASSWORD: fake_database_PASSWORD
$ docker stop postgres
$ sudo chown -R 1000:1000 ./data
user:
)user:
:)version: '3.7'
services:
db:
image: postgres
container_name: postgres
volumes:
- ./data:/var/lib/postgresql/data
user: 1000:1000
environment:
POSTGRES_USER: fake_database_user
POSTGRES_PASSWORD: fake_database_password
The reason you can't just use user:
from the start is that if the image runs as a different user it fails to create the data files.您不能只使用
user:
从一开始的原因是,如果图像以其他用户身份运行,则无法创建数据文件。
On the image documentation page , it does mention a solution to add a volume to expose the /etc/passwd
file as read-only in the image when providing --user
option, however, that did not work for me with the latest image, as I was getting the following error.在图像文档页面上,它确实提到了一个解决方案,即在提供
--user
选项时添加一个卷以在图像中将/etc/passwd
文件公开为只读,但是,这对我来说不适用于最新的图像,因为我收到以下错误。 In fact none of the three proposed solutions worked for me.事实上,这三个提议的解决方案都不适合我。
initdb: error: could not change permissions of directory "/var/lib/postgresql/data": Operation not permitted
This is because of what is written in the dockerfile of the postgres image.这是因为 postgres 映像的dockerfile中写入的内容。
From line 15 to 18, you'll see that the group 999 and the user 999 are used.从第 15 行到第 18 行,您将看到使用了组 999 和用户 999。 I'm guessing that in your host, they map respectively to
systemd-coredump
and root
.我猜在您的主机中,它们分别映射到
systemd-coredump
和root
。
You need to know that whenever you use a user/group in an image, if the uid/gid exist in your host, then it will be mapped to it.您需要知道,每当您在图像中使用用户/组时,如果您的主机中存在 uid/gid,那么它将被映射到它。
You can read the documentation on the docker hub from the postgres image here .您可以从此处的 postgres 图像中阅读 docker hub 上的文档。 There is a section Arbitrary --user Notes that explain how it works in the context of this image.
有一节任意 --user Notes解释了它在此图像的上下文中是如何工作的。
An easier and permanent solution would be as follows:一个更简单和永久的解决方案如下:
Add these lines to ~/.bashrc
:将这些行添加到
~/.bashrc
:
export UID=$(id -u)
export GID=$(id -g)
Reload your shell:重新加载你的外壳:
$ source ~/.bashrc
Modify your docker-compose.yml
as follows:修改你
docker-compose.yml
如下:
version: "3.7"
services:
db:
image: postgres
volumes:
- ./tmp/db:/var/lib/postgresql/data
user: "${UID}:${GID}"
...
here's what i did:这是我所做的:
services:
postgres:
image: postgres:15.1
restart: always
environment:
- POSTGRES_USER=my_user
- POSTGRES_PASSWORD=my_user
- POSTGRES_DB=my_user
user: root
ports:
- "5432:5432"
volumes:
- /home/my_user/volumes/postgres/data:/var/lib/postgresql/data
- /home/my_user/volumes/postgres/config:/etc/postgresql
postgres_setup:
image: postgres:15.1
user: root
volumes:
- /home/my_user/volumes/postgres/data:/var/lib/postgresql/data
- /home/my_user/volumes/postgres/config:/etc/postgresql
entrypoint: [ "bash", "-c", "chmod 750 -R /var/lib/postgresql/data && chmod 750 -R /etc/postgresql"]
depends_on:
- postgres
pgadmin4:
image: dpage/pgadmin4
restart: always
environment:
- PGADMIN_DEFAULT_EMAIL=my_user@admin.com
- PGADMIN_DEFAULT_PASSWORD=my_user
- PGADMIN_LISTEN_ADDRESS=0.0.0.0
user: root
ports:
- "5050:80"
volumes:
- /home/my_user/volumes/pgadmin/data:/var/lib/pgadmin
depends_on:
- postgres_setup
the postgres_setup container just changes permissions and then shuts down postgres_setup 容器只是更改权限然后关闭
i executed using sudo and it worked for me, no change made我使用 sudo 执行,它对我有用,没有做任何改变
I'm trying to run a docker image with PostgreSQL that has a volume configured for persisting data.我正在尝试使用PostgreSQL运行docker映像,该映像具有为持久化数据配置的卷。
version: '3.1'
services:
db:
image: postgres
restart: always
volumes:
- ./data:/var/lib/postgresql/data
environment:
POSTGRES_PASSWORD: example
When I start the container I see the output当我启动容器时,我看到输出
fixing permissions on existing directory /var/lib/postgresql/data ... ok
在现有目录/ var / lib / postgresql / data上修复权限...确定
and the data folder is no longer readable for me.并且数据文件夹对我来说不再可读。
If I elevate myself and access the data directory I can see that the files are there.如果我提升自己并访问数据目录,我可以看到文件在那里。 Furthermore, the command
ls -ld data
gives me此外,命令
ls -ld data
给了我
drwx------ 19 systemd-coredump root 4096 May 17 16:22 data
I can manually set the directory permission with sudo chmod 755 data
, but that only works until I restart the container.我可以使用
sudo chmod 755 data
手动设置目录权限,但这仅在重新启动容器之前有效。
Why does this happen, and how can I fix it?为什么会发生这种情况,我该如何解决?
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.