I'm trying to launch postgres in IBM containers. I have just created volume by:
$ cf ic volume create pgdata
Then mount it:
$ cf ic run --volume pgdata:/var/pgsql -p 22 registry.ng.bluemix.net/ruimo/pgsql944-cli
After logging into container through ssh, I found the mounted directory is owned by root:
drwxr-xr-x 3 root root 4096 Jul 8 08:20 pgsql
Since postgres does not permit to run by root, I want to change the owner of this directory. But I cannot change the owner of this directory:
# chown postgres:postgres pgsql
chown: changing ownership of 'pgsql': Permission denied
Is it possible to change owner of mounted directory?
In IBM Containers, the user namespace is enabled for docker engine. When, the user namespace is enabled, the effective root inside the container is a non-root user out side the container process and NFS is not allowing the mapped non-root user to perform the chown operation on the volume inside the container. Please note that the volume pgdata is a NFS, this can verified by executing mount -t nfs4 from container.
You can try the workaround suggested for
How can I fix the permissions using docker on a bluemix volume?
In this scenario it will be
1. Mount the Volume to `/mnt/pgdata` inside the container
cf ic run --volume pgdata:/mnt/pgdata -p 22 registry.ng.bluemix.net/ruimo/pgsql944-cli
2. Inside the container
2.1 Create "postgres" group and user
groupadd --gid 1010 postgres
useradd --uid 1010 --gid 1010 -m --shell /bin/bash postgres
2.2 Add the user to group "root"
adduser postgres root
chmod 775 /mnt/pgdata
2.3 Create pgsql directory under bind-mount volume
su -c "mkdir -p /mnt/pgdata/pgsql" postgres
ln -sf /mnt/pgdata/pgsql /var/pgsql
2.2 Remove the user from group "root"
deluser postgres root
chmod 755 /mnt/pgdata
In your Dockerfile you can modify the permissions of a directory.
RUN chown postgres:postgres pgsql
Additionally when you ssh in you can modify the permissions of the directory by using sudo.
sudo chown postgres:postgres pgsql
Here are 3 different but possible solutions:
- Using a dockerfile and doing a chown before mounting the volume.
- USER ROOT command in
dockerfile before you do a chown.
- Use
--cap-add flag.
{var%20f='http://v.t.sina.com.cn/share/share.php?appkey=1515056452',u=z||d.location,p=['&url=',e(u),'&title=',e(t||d.title),'&source=',e(r),'&sourceUrl=',e(l),'&content=',c||'gb2312','&pic=',e(p||'')].join('');function%20a(){if(!window.open([f,p].join(''),'mb',['toolbar=0,status=0,resizable=1,width=440,height=430,left=',(s.width-440)/2,',top=',(s.height-430)/2].join('')))u.href=[f,p].join('');};if(/Firefox/.test(navigator.userAgent))setTimeout(a,0);else%20a();})(screen,document,encodeURIComponent,'','','https://img.manongdao.com/sparkler-677774__340.jpg', '推荐 女痞 的文章《Can I change owner of directory that is mounted on》','https://www.manongdao.com/article-178624.html','页面编码gb2312|utf-8默认gb2312'));){kind=link}