docker-library/mongo

Running the image by specifying a custom user

Hunsu opened this issue · 2 comments

Hunsu commented

I ran across an issue when trying running this image using a custom user:

# config in docker-compose
user: 1001:1002

I got an error similar to this. I fixed it by running chown -R 1001:1002 /data/db in docker-entrypoint.sh.

You are doing something similar in lines 12-17. Is this issue known? Can I send a PR where I replace the hard-coded user mongodb by the UID:GID of the current user?

tianon commented

mongo/docker-entrypoint.sh

Line 12 in 27228fa

if [[ "$originalArgOne" == mongo* ]] && [ "$(id -u)" = '0' ]; then

We only attempt chown if the container is run as root, so running with user: should not attempt to chown (unless mongod itself is doing so, which isn't something we change or have control over). 😬

tianon commented

Just to verify the code, I went and ran it with bash -x to make sure chown is indeed not invoked in that case:

$ docker run -it --rm --user 1001:1002 --pull=always mongo bash -x docker-entrypoint.sh mongod
latest: Pulling from library/mongo
Digest: sha256:4301b0558d8170db609563a747d0de57fc02f94eabb7cf08869b418dfcd1ead8
Status: Image is up to date for mongo:latest
+ set -Eeuo pipefail
+ '[' m = - ']'
+ originalArgOne=mongod
+ [[ mongod == mongo* ]]
++ id -u
+ '[' 1001 = 0 ']'
++ dpkg --print-architecture
+ dpkgArch=amd64
+ case "$dpkgArch" in
+ grep -qE '^flags.* avx( .*|$)' /proc/cpuinfo
+ [[ mongod == mongo* ]]
+ numa='numactl --interleave=all'
+ numactl --interleave=all true
+ declare -a mongodHackedArgs
+ : /tmp
+ jsonConfigFile=/tmp/docker-entrypoint-config.json
+ tempConfigFile=/tmp/docker-entrypoint-temp-config.json
+ dbPath=
+ '[' mongod = mongod ']'
+ file_env MONGO_INITDB_ROOT_USERNAME
+ local var=MONGO_INITDB_ROOT_USERNAME
+ local fileVar=MONGO_INITDB_ROOT_USERNAME_FILE
+ local def=
+ '[' '' ']'
+ local val=
+ '[' '' ']'
+ '[' '' ']'
+ export MONGO_INITDB_ROOT_USERNAME=
+ MONGO_INITDB_ROOT_USERNAME=
+ unset MONGO_INITDB_ROOT_USERNAME_FILE
+ file_env MONGO_INITDB_ROOT_PASSWORD
+ local var=MONGO_INITDB_ROOT_PASSWORD
+ local fileVar=MONGO_INITDB_ROOT_PASSWORD_FILE
+ local def=
+ '[' '' ']'
+ local val=
+ '[' '' ']'
+ '[' '' ']'
+ export MONGO_INITDB_ROOT_PASSWORD=
+ MONGO_INITDB_ROOT_PASSWORD=
+ unset MONGO_INITDB_ROOT_PASSWORD_FILE
+ mongoShell=mongo
+ command -v mongo
+ mongoShell=mongosh
+ shouldPerformInitdb=
+ '[' '' ']'
+ '[' '' ']'
+ '[' '' ']'
+ '[' -z '' ']'
+ for f in /docker-entrypoint-initdb.d/*
+ case "$f" in
+ '[' -n '' ']'
+ '[' -n '' ']'
+ haveBindIp=
+ _mongod_hack_have_arg --bind_ip mongod
+ local checkArg=--bind_ip
+ shift
+ local arg
+ for arg in "$@"
+ case "$arg" in
+ return 1
+ _mongod_hack_have_arg --bind_ip_all mongod
+ local checkArg=--bind_ip_all
+ shift
+ local arg
+ for arg in "$@"
+ case "$arg" in
+ return 1
+ _parse_config mongod
+ '[' -s /tmp/docker-entrypoint-temp-config.json ']'
+ local configPath
++ _mongod_hack_get_arg_val --config mongod
++ local checkArg=--config
++ shift
++ '[' 1 -gt 0 ']'
++ local arg=mongod
++ shift
++ case "$arg" in
++ '[' 0 -gt 0 ']'
++ return 1
+ configPath=
+ return 1
+ '[' -z '' ']'
+ set -- mongod --bind_ip_all
+ unset MONGO_INITDB_ROOT_PASSWORD MONGO_INITDB_ROOT_USERNAME
+ rm -f /tmp/docker-entrypoint-config.json /tmp/docker-entrypoint-temp-config.json
+ exec mongod --bind_ip_all
... mongod output here ...