Comments (9)
Possible duplicate of: moby/moby#3124
from docker-ejabberd.
What I understand is that Docker considers 'bind-mounts' as being owned by 'root' user, which would explain why our 'ejabberd' user does not get access to the volume.
from docker-ejabberd.
@rroemhild Would you consider it an option to change the default user to 'root', and ditch the 'ejabberd' user? See: #58
from docker-ejabberd.
Run ejabberd with the root user removes a bit of security. What about change the directory owner:group to the ejabberd id (999) or set read/write permissions for others?
from docker-ejabberd.
Or use a data-container and set the correct ownership:
$ docker create -v /opt/ejabberd/database -v /opt/ejabberd/ssl --name ejabberd-data debian
$ docker run --rm --volumes-from ejabberd-data debian chown -R 999:999 /opt/ejabberd
$ docker run -d --name ejabberd --volumes-from ejabberd-data rroemhild/ejabberd
from docker-ejabberd.
@rroemhild I would rather not work with a data container (although it SHOULD be possible ofcourse), since I want to make sure the data persists in production. Changing directory permissions on the host to a user that only exists in a container seems counter-intuitive. If there would be a way for the non-root user to write a mounted directory on the host, that would work for me too. In the meanwhile, I'm pretty much stuck...
from docker-ejabberd.
Heya. I stumpled over this very sample problem. Since you already use startup scripts, I'd like to suggest something like the following:
We could have a EJABBERD_UID
environment variable, possibly preset to 999
in the Dockerfile
. On run
- as root
- perform a
usermod -u $EJABBERD_UID $EJABBERD_USER
to change the ejabberd
user's UID on the fly. The permissions on all owned directories and files should be changed automatically. After that, continue on as $EJABBERD_USER
.
I assume it might also be possible to install sudo
in the dockerfile, add a change-user.sh
script that does the above and then configure passwordless sudo
access to this file only, removing the need to run as root
if that isn't feasible.
from docker-ejabberd.
@sunsided thanks for your contribution You got me on the right track. Can you both review PR #66, please. The container must be started with the -u root
option.
from docker-ejabberd.
I merged the PR to master branch. It works for me and I think it addresses this problem by let the user decide to run ejabberd as root
but run with ejabberd
user by default. Feel free to re-open this issue.
from docker-ejabberd.
Related Issues (20)
- Custom Module HOT 1
- Can't access admin :5280/admin HOT 2
- Cannot access API with browser show not found HOT 1
- Ejabberd shared roaster group with members @all@ HOT 5
- Kubernetes working example HOT 8
- SSL more env vars
- 18.09 tag HOT 1
- Not listening to any connection HOT 3
- Open relay HOT 5
- Keeping a CHANGELOG would be nice! HOT 2
- Getting issue with file upload HOT 1
- PostgreSQL support for auth script
- Can't connect to web admin
- setting ERLANG_NODE crashes docker container HOT 1
- dotenv and python
- Support for http auth method HOT 1
- How to do a Select on Erlang, Mnesia
- conf/ejabberd.yml.tpl seems to be outdated
- Provide tags for newer ejabberd versions HOT 1
- Easy, one-click deployment of ejabberd using Cloudron HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from docker-ejabberd.