docker 容器的用户权限是否会影响主机对 docker-compose.yml 中挂载卷的权限?
Can user privilege of docker container impact permission of host machine on mounted volume in docker-compose.yml?
我有docker-compose.yml如下,
version: '2'
services:
mysql:
image: centos/mysql-56-centos7:latest
restart: always
container_name: mysql
environment:
- MYSQL_ROOT_PASSWORD=111111
volumes:
- /etc/localtime:/etc/localtime
- /data/mysql:/var/lib/mysql/data
ports:
- 3306:3306
centos/mysql-56-centos7 是来自 Docker Hub 的图像。我用docker-compose up启动容器,但总是失败,原因是:
Can't create test file /var/lib/mysql/data/cdef45a5817c.lower-test
完整信息:
Creating network "mysql_default" with the default driver
Creating mysql ... ^M
^[[1A^[[2K^MCreating mysql ... ^[[32mdone^[[0m^M^[[1BAttaching to mysql
^[[36mmysql |^[[0m => sourcing 20-validate-variables.sh ...
^[[36mmysql |^[[0m => sourcing 25-validate-replication-variables.sh ...
^[[36mmysql |^[[0m => sourcing 30-base-config.sh ...
^[[36mmysql |^[[0m ---> 16:39:17 Processing basic MySQL configuration files ...
^[[36mmysql |^[[0m => sourcing 60-replication-config.sh ...
^[[36mmysql |^[[0m => sourcing 70-s2i-config.sh ...
^[[36mmysql |^[[0m ---> 16:39:17 Processing additional arbitrary MySQL configuration provided by s2i ...
^[[36mmysql |^[[0m => sourcing 40-paas.cnf ...
^[[36mmysql |^[[0m => sourcing 50-my-tuning.cnf ...
^[[36mmysql |^[[0m ---> 16:39:17 Initializing database ...
^[[36mmysql |^[[0m ---> 16:39:17 Running mysql_install_db --rpm --datadir=/var/lib/mysql/data
^[[36mmysql |^[[0m 2020-01-10 16:39:17 0 [Warning] TIMESTAMP with implicit DEFAULT value is deprecated. Please use --explicit_defaults_for_timestamp server option (see documentation for more details).
^[[36mmysql |^[[0m 2020-01-10 16:39:17 0 [Note] Ignoring --secure-file-priv value as server is running with --bootstrap.
^[[36mmysql |^[[0m 2020-01-10 16:39:17 0 [Note] /opt/rh/rh-mysql56/root/usr/libexec/mysqld (mysqld 5.6.38) starting as process 30 ...
^[[36mmysql |^[[0m 2020-01-10 16:39:17 30 [Warning] Can't create test file /var/lib/mysql/data/a5d11f4146dd.lower-test
^[[36mmysql |^[[0m 2020-01-10 16:39:17 30 [Warning] Can't create test file /var/lib/mysql/data/a5d11f4146dd.lower-test
^[[36mmysql |^[[0m 2020-01-10 16:39:17 30 [Note] InnoDB: Using atomics to ref count buffer pool pages
^[[36mmysql |^[[0m 2020-01-10 16:39:17 30 [Note] InnoDB: The InnoDB memory heap is disabled
^[[36mmysql |^[[0m 2020-01-10 16:39:17 30 [Note] InnoDB: Mutexes and rw_locks use GCC atomic builtins
^[[36mmysql |^[[0m 2020-01-10 16:39:17 30 [Note] InnoDB: Memory barrier is not used
^[[36mmysql |^[[0m 2020-01-10 16:39:17 30 [Note] InnoDB: Compressed tables use zlib 1.2.7
^[[36mmysql |^[[0m 2020-01-10 16:39:17 30 [Note] InnoDB: Using Linux native AIO
^[[36mmysql |^[[0m 2020-01-10 16:39:17 30 [Note] InnoDB: Using CPU crc32 instructions
^[[36mmysql |^[[0m 2020-01-10 16:39:17 30 [Note] InnoDB: Initializing buffer pool, size = 32.0M
^[[36mmysql |^[[0m 2020-01-10 16:39:17 30 [Note] InnoDB: Completed initialization of buffer pool
^[[36mmysql |^[[0m 2020-01-10 16:39:17 7f1048c42840 InnoDB: Operating system error number 13 in a file operation.
^[[36mmysql |^[[0m InnoDB: The error means mysqld does not have the access rights to
^[[36mmysql |^[[0m InnoDB: the directory.
^[[36mmysql |^[[0m 2020-01-10 16:39:17 7f1048c42840 InnoDB: Operating system error number 13 in a file operation.
^[[36mmysql |^[[0m InnoDB: The error means mysqld does not have the access rights to
^[[36mmysql |^[[0m InnoDB: the directory.
^[[36mmysql |^[[0m 2020-01-10 16:39:17 30 [ERROR] InnoDB: Creating or opening ./ibdata1 failed!
^[[36mmysql |^[[0m 2020-01-10 16:39:17 30 [ERROR] InnoDB: Could not open or create the system tablespace. If you tried to add new data files to the system tablespace, and it failed here, you should now edit innodb_data_file_path in my.cnf back to what it was, and remove the new ibdata files InnoDB created in this failed attempt. InnoDB only wrote those files full of zeros, but did not yet use them in any way. But be careful: do not remove old data files which contain your precious data!
^[[36mmysql |^[[0m 2020-01-10 16:39:17 30 [ERROR] Plugin 'InnoDB' init function returned error.
^[[36mmysql |^[[0m 2020-01-10 16:39:17 30 [ERROR] Plugin 'InnoDB' registration as a STORAGE ENGINE failed.
^[[36mmysql |^[[0m 2020-01-10 16:39:17 30 [ERROR] Unknown/unsupported storage engine: InnoDB
^[[36mmysql |^[[0m 2020-01-10 16:39:17 30 [ERROR] Aborting
^[[36mmysql |^[[0m
^[[36mmysql |^[[0m 2020-01-10 16:39:17 30 [Note] Binlog end
^[[36mmysql |^[[0m 2020-01-10 16:39:17 30 [Note] /opt/rh/rh-mysql56/root/usr/libexec/mysqld: Shutdown complete
如果我把docker-compose.yml这一行/data/mysql:/var/lib/mysql/data去掉,容器就可以正常启动了。
我运行 docker-compose up在主机上有root权限,怎么会出现权限问题?我不知道 MySQL 进程在 docker 容器中以什么用户权限启动,但这如何影响主机的权限?
其他信息:
在主机上,似乎没有启用 selinux
# getenforce
Disabled
我修改了 mysql 文件夹,所以
# ls -l /data
total 0
drwxrwxrwx 2 root root 6 Jan 9 15:28 mysql
启动主机上的哪个用户并不重要docker-compose up。当您将 /data/mysql 挂载到容器中时,容器内的挂载路径将具有与主机相同的权限和所有权。容器内的进程无法写入此路径。
我有docker-compose.yml如下,
version: '2'
services:
mysql:
image: centos/mysql-56-centos7:latest
restart: always
container_name: mysql
environment:
- MYSQL_ROOT_PASSWORD=111111
volumes:
- /etc/localtime:/etc/localtime
- /data/mysql:/var/lib/mysql/data
ports:
- 3306:3306
centos/mysql-56-centos7 是来自 Docker Hub 的图像。我用docker-compose up启动容器,但总是失败,原因是:
Can't create test file /var/lib/mysql/data/cdef45a5817c.lower-test
完整信息:
Creating network "mysql_default" with the default driver
Creating mysql ... ^M
^[[1A^[[2K^MCreating mysql ... ^[[32mdone^[[0m^M^[[1BAttaching to mysql
^[[36mmysql |^[[0m => sourcing 20-validate-variables.sh ...
^[[36mmysql |^[[0m => sourcing 25-validate-replication-variables.sh ...
^[[36mmysql |^[[0m => sourcing 30-base-config.sh ...
^[[36mmysql |^[[0m ---> 16:39:17 Processing basic MySQL configuration files ...
^[[36mmysql |^[[0m => sourcing 60-replication-config.sh ...
^[[36mmysql |^[[0m => sourcing 70-s2i-config.sh ...
^[[36mmysql |^[[0m ---> 16:39:17 Processing additional arbitrary MySQL configuration provided by s2i ...
^[[36mmysql |^[[0m => sourcing 40-paas.cnf ...
^[[36mmysql |^[[0m => sourcing 50-my-tuning.cnf ...
^[[36mmysql |^[[0m ---> 16:39:17 Initializing database ...
^[[36mmysql |^[[0m ---> 16:39:17 Running mysql_install_db --rpm --datadir=/var/lib/mysql/data
^[[36mmysql |^[[0m 2020-01-10 16:39:17 0 [Warning] TIMESTAMP with implicit DEFAULT value is deprecated. Please use --explicit_defaults_for_timestamp server option (see documentation for more details).
^[[36mmysql |^[[0m 2020-01-10 16:39:17 0 [Note] Ignoring --secure-file-priv value as server is running with --bootstrap.
^[[36mmysql |^[[0m 2020-01-10 16:39:17 0 [Note] /opt/rh/rh-mysql56/root/usr/libexec/mysqld (mysqld 5.6.38) starting as process 30 ...
^[[36mmysql |^[[0m 2020-01-10 16:39:17 30 [Warning] Can't create test file /var/lib/mysql/data/a5d11f4146dd.lower-test
^[[36mmysql |^[[0m 2020-01-10 16:39:17 30 [Warning] Can't create test file /var/lib/mysql/data/a5d11f4146dd.lower-test
^[[36mmysql |^[[0m 2020-01-10 16:39:17 30 [Note] InnoDB: Using atomics to ref count buffer pool pages
^[[36mmysql |^[[0m 2020-01-10 16:39:17 30 [Note] InnoDB: The InnoDB memory heap is disabled
^[[36mmysql |^[[0m 2020-01-10 16:39:17 30 [Note] InnoDB: Mutexes and rw_locks use GCC atomic builtins
^[[36mmysql |^[[0m 2020-01-10 16:39:17 30 [Note] InnoDB: Memory barrier is not used
^[[36mmysql |^[[0m 2020-01-10 16:39:17 30 [Note] InnoDB: Compressed tables use zlib 1.2.7
^[[36mmysql |^[[0m 2020-01-10 16:39:17 30 [Note] InnoDB: Using Linux native AIO
^[[36mmysql |^[[0m 2020-01-10 16:39:17 30 [Note] InnoDB: Using CPU crc32 instructions
^[[36mmysql |^[[0m 2020-01-10 16:39:17 30 [Note] InnoDB: Initializing buffer pool, size = 32.0M
^[[36mmysql |^[[0m 2020-01-10 16:39:17 30 [Note] InnoDB: Completed initialization of buffer pool
^[[36mmysql |^[[0m 2020-01-10 16:39:17 7f1048c42840 InnoDB: Operating system error number 13 in a file operation.
^[[36mmysql |^[[0m InnoDB: The error means mysqld does not have the access rights to
^[[36mmysql |^[[0m InnoDB: the directory.
^[[36mmysql |^[[0m 2020-01-10 16:39:17 7f1048c42840 InnoDB: Operating system error number 13 in a file operation.
^[[36mmysql |^[[0m InnoDB: The error means mysqld does not have the access rights to
^[[36mmysql |^[[0m InnoDB: the directory.
^[[36mmysql |^[[0m 2020-01-10 16:39:17 30 [ERROR] InnoDB: Creating or opening ./ibdata1 failed!
^[[36mmysql |^[[0m 2020-01-10 16:39:17 30 [ERROR] InnoDB: Could not open or create the system tablespace. If you tried to add new data files to the system tablespace, and it failed here, you should now edit innodb_data_file_path in my.cnf back to what it was, and remove the new ibdata files InnoDB created in this failed attempt. InnoDB only wrote those files full of zeros, but did not yet use them in any way. But be careful: do not remove old data files which contain your precious data!
^[[36mmysql |^[[0m 2020-01-10 16:39:17 30 [ERROR] Plugin 'InnoDB' init function returned error.
^[[36mmysql |^[[0m 2020-01-10 16:39:17 30 [ERROR] Plugin 'InnoDB' registration as a STORAGE ENGINE failed.
^[[36mmysql |^[[0m 2020-01-10 16:39:17 30 [ERROR] Unknown/unsupported storage engine: InnoDB
^[[36mmysql |^[[0m 2020-01-10 16:39:17 30 [ERROR] Aborting
^[[36mmysql |^[[0m
^[[36mmysql |^[[0m 2020-01-10 16:39:17 30 [Note] Binlog end
^[[36mmysql |^[[0m 2020-01-10 16:39:17 30 [Note] /opt/rh/rh-mysql56/root/usr/libexec/mysqld: Shutdown complete
如果我把docker-compose.yml这一行/data/mysql:/var/lib/mysql/data去掉,容器就可以正常启动了。
我运行 docker-compose up在主机上有root权限,怎么会出现权限问题?我不知道 MySQL 进程在 docker 容器中以什么用户权限启动,但这如何影响主机的权限?
其他信息:
在主机上,似乎没有启用 selinux
# getenforce
Disabled
我修改了 mysql 文件夹,所以
# ls -l /data
total 0
drwxrwxrwx 2 root root 6 Jan 9 15:28 mysql
启动主机上的哪个用户并不重要docker-compose up。当您将 /data/mysql 挂载到容器中时,容器内的挂载路径将具有与主机相同的权限和所有权。容器内的进程无法写入此路径。