permissions on /keyfile are too open

Question

permissions on /keyfile are too open

ThinhVu opened this issue a year ago · 2 comments

The command I tried is:

docker run --rm --name mongodb \
  -e MONGO_INITDB_ROOT_USERNAME=admin \
  -e MONGO_INITDB_ROOT_PASSWORD=your_admin_password \
  -e MONGO_INITDB_DATABASE=mydatabase \
  -v mongodb-keyfile:/keyfile \
  mongo:latest --auth --keyFile /keyfile

Anyone know how to get rid of this issue?

Answer 1 · 2023-07-19T04:24:04.000Z

After a few hours search over the internet, I figured it out.

The docker run with mongodb user.

So:

I need to add new mongodb user
Then add chmod of keyfile to 400.
Then create docker volume to mount the mongo /data/db
chown the docker volume for mongo /data/db with mongodb user

The final command:

docker run -d --rm --name mongodb \
  --user 1001:1001 \
  -e MONGO_INITDB_ROOT_USERNAME=admin \
  -e MONGO_INITDB_ROOT_PASSWORD=your_admin_password \
  -e MONGO_INITDB_DATABASE=mydatabase \
  -v /var/lib/docker/volumes/mongo-data/_data:/data/db \
  -v /var/lib/docker/volumes/mongodb-keyfile/_data/keyfile:/keyfile \
  -p 27017:27017 \
  mongo:latest --auth --replSet "rs0" --keyFile /keyfile

Refs:
https://stackoverflow.com/questions/42446931/mongodb-exception-in-initandlisten-20-attempted-to-create-a-lock-file-on-a-rea

Answer 2 · 2023-07-19T04:46:17.000Z

@tianon @yosifkit At least the document at https://hub.docker.com/_/mongo should point out that the mongodb user is needed