英文:
Docker mount file default permissions 777 and MariaDB complaining about world-writable (mounted) config file
问题
以下是您要翻译的内容:
My service definition, where mariadb.cnf
is mounted on /etc/mysql/mariadb.conf.d/80-app.cnf
:
db:
image: mariadb:10.11
volumes:
- ./mariadb.cnf:/etc/mysql/mariadb.conf.d/80-app.cnf:ro
On startup:
2023-06-14 18:27:16 Warning: World-writable config file '/etc/mysql/mariadb.conf.d/80-app.cnf' is ignored.
I know exactly what's happening, Docker is mouting my file with 777 permission:
# ls -la /etc/mysql/mariadb.conf.d/
total 40
drwxr-xr-x 1 root root 4096 Jun 14 18:27 .
drwxr-xr-x 1 root root 4096 Jun 9 23:30 ..
-rw-r--r-- 1 root root 46 Jun 9 23:30 05-skipcache.cnf
-rw-r--r-- 1 root root 575 Jun 5 19:14 50-client.cnf
-rw-r--r-- 1 root root 231 Jun 5 19:14 50-mysql-clients.cnf
-rw-r--r-- 1 root root 927 Jun 5 19:14 50-mysqld_safe.cnf
-rw-r--r-- 1 root root 3584 Jun 9 23:30 50-server.cnf
-rw-r--r-- 1 root root 570 Jun 5 19:14 60-galera.cnf
-rwxrwxrwx 1 root root 167 Jun 14 16:39 80-app.cnf
I can remove the ro
option, chmod 644 /etc/mysql/mariadb.conf.d/80-app.cnf
, restart the container, re-add ro
option, it works.
The problem is that anyone using my project have to to this the first time. Do I have any option?
I'm seriously thinking about adding in my docker-entrypoint.sh
:
#!/bin/sh
chmod 644 /etc/mysql/mariadb.conf.d/*-app.cnf
But I really hope there is a better solution.
英文:
My service definition, where mariadb.cnf
is mounted on /etc/mysql/mariadb.conf.d/80-app.cnf
:
<!-- language: lang-yml -->
db:
image: mariadb:10.11
volumes:
- ./mariadb.cnf:/etc/mysql/mariadb.conf.d/80-app.cnf:ro
On startup:
> 2023-06-14 18:27:16 Warning: World-writable config file '/etc/mysql/mariadb.conf.d/80-app.cnf' is ignored.
I know exactly what's happening, Docker is mouting my file with 777 permission:
<!-- language: lang-txt -->
# ls -la /etc/mysql/mariadb.conf.d/
total 40
drwxr-xr-x 1 root root 4096 Jun 14 18:27 .
drwxr-xr-x 1 root root 4096 Jun 9 23:30 ..
-rw-r--r-- 1 root root 46 Jun 9 23:30 05-skipcache.cnf
-rw-r--r-- 1 root root 575 Jun 5 19:14 50-client.cnf
-rw-r--r-- 1 root root 231 Jun 5 19:14 50-mysql-clients.cnf
-rw-r--r-- 1 root root 927 Jun 5 19:14 50-mysqld_safe.cnf
-rw-r--r-- 1 root root 3584 Jun 9 23:30 50-server.cnf
-rw-r--r-- 1 root root 570 Jun 5 19:14 60-galera.cnf
-rwxrwxrwx 1 root root 167 Jun 14 16:39 80-app.cnf
I can remove the ro
option, chmod 644 /etc/mysql/mariadb.conf.d/80-app.cnf
, restart the container, re-add ro
option, it works.
The problem is that anyone using my project have to to this the first time. Do I have any option?
I'm seriously thinking about adding in my docker-entrypoint.sh
:
#!/bin/sh
chmod 644 /etc/mysql/mariadb.conf.d/*-app.cnf
But I really hope there is a better solution.
答案1
得分: 1
这个问题现在已经修复,所以对于只读挂载的配置文件,将被视为具有相同的保护并将被读取/处理。
已修复版本:10.4.31、10.5.22、10.6.15、10.9.8、10.10.6、10.11.5、11.0.3、11.1.2、11.2.1及以上。
之前是:错误报告 MDEV-27038 / 服务器补丁 #2669
英文:
This has now been fixed so that read only mounts of configuration files are considered to have the same protection and will be read/processed.
Fixed for versions 10.4.31, 10.5.22, 10.6.15, 10.9.8, 10.10.6, 10.11.5, 11.0.3, 11.1.2, 11.2.1 and above.
was: bug report MDEV-27038 / server patch #2669
通过集体智慧和协作来改善编程学习和解决问题的方式。致力于成为全球开发者共同参与的知识库,让每个人都能够通过互相帮助和分享经验来进步。
评论