Docker mount file default permissions 777 and MariaDB complaining about world-writable (mounted) config file

huangapple go评论70阅读模式
英文:

Docker mount file default permissions 777 and MariaDB complaining about world-writable (mounted) config file

问题

以下是您要翻译的内容:

My service definition, where mariadb.cnf is mounted on /etc/mysql/mariadb.conf.d/80-app.cnf:

db:
    image: mariadb:10.11
    volumes:
        - ./mariadb.cnf:/etc/mysql/mariadb.conf.d/80-app.cnf:ro

On startup:

2023-06-14 18:27:16 Warning: World-writable config file '/etc/mysql/mariadb.conf.d/80-app.cnf' is ignored.

I know exactly what's happening, Docker is mouting my file with 777 permission:

# ls -la /etc/mysql/mariadb.conf.d/
total 40
drwxr-xr-x 1 root root 4096 Jun 14 18:27 .
drwxr-xr-x 1 root root 4096 Jun  9 23:30 ..
-rw-r--r-- 1 root root   46 Jun  9 23:30 05-skipcache.cnf
-rw-r--r-- 1 root root  575 Jun  5 19:14 50-client.cnf
-rw-r--r-- 1 root root  231 Jun  5 19:14 50-mysql-clients.cnf
-rw-r--r-- 1 root root  927 Jun  5 19:14 50-mysqld_safe.cnf
-rw-r--r-- 1 root root 3584 Jun  9 23:30 50-server.cnf
-rw-r--r-- 1 root root  570 Jun  5 19:14 60-galera.cnf
-rwxrwxrwx 1 root root  167 Jun 14 16:39 80-app.cnf

I can remove the ro option, chmod 644 /etc/mysql/mariadb.conf.d/80-app.cnf, restart the container, re-add ro option, it works.

The problem is that anyone using my project have to to this the first time. Do I have any option?

I'm seriously thinking about adding in my docker-entrypoint.sh:

#!/bin/sh

chmod 644 /etc/mysql/mariadb.conf.d/*-app.cnf

But I really hope there is a better solution.

英文:

My service definition, where mariadb.cnf is mounted on /etc/mysql/mariadb.conf.d/80-app.cnf:

<!-- language: lang-yml -->

db:
    image: mariadb:10.11
    volumes:
        - ./mariadb.cnf:/etc/mysql/mariadb.conf.d/80-app.cnf:ro

On startup:

> 2023-06-14 18:27:16 Warning: World-writable config file '/etc/mysql/mariadb.conf.d/80-app.cnf' is ignored.

I know exactly what's happening, Docker is mouting my file with 777 permission:

<!-- language: lang-txt -->

# ls -la /etc/mysql/mariadb.conf.d/
total 40
drwxr-xr-x 1 root root 4096 Jun 14 18:27 .
drwxr-xr-x 1 root root 4096 Jun  9 23:30 ..
-rw-r--r-- 1 root root   46 Jun  9 23:30 05-skipcache.cnf
-rw-r--r-- 1 root root  575 Jun  5 19:14 50-client.cnf
-rw-r--r-- 1 root root  231 Jun  5 19:14 50-mysql-clients.cnf
-rw-r--r-- 1 root root  927 Jun  5 19:14 50-mysqld_safe.cnf
-rw-r--r-- 1 root root 3584 Jun  9 23:30 50-server.cnf
-rw-r--r-- 1 root root  570 Jun  5 19:14 60-galera.cnf
-rwxrwxrwx 1 root root  167 Jun 14 16:39 80-app.cnf

I can remove the ro option, chmod 644 /etc/mysql/mariadb.conf.d/80-app.cnf, restart the container, re-add ro option, it works.

The problem is that anyone using my project have to to this the first time. Do I have any option?

I'm seriously thinking about adding in my docker-entrypoint.sh:

#!/bin/sh

chmod 644 /etc/mysql/mariadb.conf.d/*-app.cnf

But I really hope there is a better solution.

答案1

得分: 1

这个问题现在已经修复,所以对于只读挂载的配置文件,将被视为具有相同的保护并将被读取/处理。

已修复版本:10.4.31、10.5.22、10.6.15、10.9.8、10.10.6、10.11.5、11.0.3、11.1.2、11.2.1及以上。

之前是:错误报告 MDEV-27038 / 服务器补丁 #2669

英文:

This has now been fixed so that read only mounts of configuration files are considered to have the same protection and will be read/processed.

Fixed for versions 10.4.31, 10.5.22, 10.6.15, 10.9.8, 10.10.6, 10.11.5, 11.0.3, 11.1.2, 11.2.1 and above.

was: bug report MDEV-27038 / server patch #2669

huangapple
  • 本文由 发表于 2023年6月15日 00:39:37
  • 转载请务必保留本文链接:https://go.coder-hub.com/76475794.html
匿名

发表评论

匿名网友

:?: :razz: :sad: :evil: :!: :smile: :oops: :grin: :eek: :shock: :???: :cool: :lol: :mad: :twisted: :roll: :wink: :idea: :arrow: :neutral: :cry: :mrgreen:

确定