Cannot run docker container with non root user for mariadb image - mysql

Without a non root user the docker container that is running out of the dockerfile is working without error but when I add a user then I am getting following error:
Initializing database 2019-07-17 21:28:05 0 [Warning] Can't create test file /var/lib/mysql/9e79cb48a1f0.lower-test 2019-07-17 21:28:05 0 [ERROR] mysqld: Can't create/write to file '/var/lib/mysql/aria_log_control' (Errcode: 13 "Permission denied") 2019-07-17 21:28:05 0 [ERROR] mysqld: Got error 'Can't create file' when trying to use aria control file '/var/lib/mysql/aria_log_control' 2019-07-17 21:28:05 0 [ERROR] Plugin 'Aria' init function returned error. 2019-07-17 21:28:05 0 [ERROR] Plugin 'Aria' registration as a STORAGE ENGINE failed. 2019-07-17 21:28:05 0 [ERROR] InnoDB: Operating system error number 13 in a file operation. 2019-07-17 21:28:05 0 [ERROR] InnoDB: The error means mysqld does not have the access rights to the directory. 2019-07-17 21:28:05 0 [ERROR] InnoDB: Operating system error number 13 in a file operation. 2019-07-17 21:28:05 0 [ERROR] InnoDB: The error means mysqld does not have the access rights to the directory. 2019-07-17 21:28:05 0 [ERROR] InnoDB: Cannot open datafile './ibdata1' 2019-07-17 21:28:05 0
[ERROR] InnoDB: Could not open or create the system tablespace. If you tried to add new data files to the system tablespace, and it failed here, you should now edit innodb_data_file_path in my.cnf back to what it was, and remove the new ibdata files InnoDB created in this failed attempt. InnoDB only wrote those files full of zeros, but did not yet use them in any way. But be careful: do not remove old data files which contain your precious data!
Dockerfile
FROM mariadb:10.3.5
RUN apt-get update & apt-get upgrade -y
ENV MYSQL_USER=user1 \
MYSQL_PASSWORD=pass5 \
MYSQL_DATABASE=db \
MYSQL_ROOT_PASSWORD=XXX
RUN useradd -ms /bin/bash newuser
USER newuser
WORKDIR /home/newuser
RUN sudo chown -R newuser:newuser /var/lib/mysql
ADD . /home/newuser
I would like to see the container to run as non root user

If you look into the content of Dockerfile, They already adding one no-root user in the Dockerfile, then why you need the other one?
# add our user and group first to make sure their IDs get assigned consistently, regardless of whatever dependencies get added
RUN groupadd -r mysql && useradd -r -g mysql mysql
your this step also ignored,
RUN sudo chown -R newuser:newuser /var/lib/mysql
But it fails when it comes to the offical docker entrypoint, they run DB initialization or other stuff as a MySQL user so the new user will not permit for the following file so defiantly it will throw permission denied.
If you really want to do this you have to override docker-entry point or might be some part of dockerfile.
Here is code form offical Dockerfile
rm -rf /var/lib/mysql; \
mkdir -p /var/lib/mysql /var/run/mysqld; \
chown -R mysql:mysql /var/lib/mysql /var/run/mysqld; \
# ensure that /var/run/mysqld (used for socket and lock files) is writable regardless of the UID our mysqld instance ends up having at runtime
chmod 777 /var/run/mysqld; \

Related

Error on realpath() on '/var/lib/mysql-files' (Error 2 - No such file or directory)

I am using Ubuntu to configure Wordpress on WSL. Currently, I am trying to install MySQL as part of the LAMP Stack using the following as per this tutorial:
sudo usermod -d /var/lib/mysql/ mysql
sudo service mysql start
When I run the second command, I see "fail" in red appear (ie. mysql won't start). Here is what the Error Log looks like:
2021-09-05T08:17:59.936284Z mysqld_safe Logging to '/var/log/mysql/error.log'.
2021-09-05T08:17:59.951837Z mysqld_safe Starting mysqld daemon with databases from /var/lib/mysql
mysqld: Error on realpath() on '/var/lib/mysql-files' (Error 2 - No such file or directory)
2021-09-05T08:17:59.962000Z 0 [Warning] [MY-010139] [Server] Changed limits: max_open_files: 1024 (requested 8161)
2021-09-05T08:17:59.962006Z 0 [Warning] [MY-010142] [Server] Changed limits: table_open_cache: 431 (requested 4000)
2021-09-05T08:18:00.172509Z 0 [Warning] [MY-011068] [Server] The syntax 'expire-logs-days' is deprecated and will be removed in a future release. Please use binlog_expire_logs_seconds instead.
2021-09-05T08:18:00.172578Z 0 [ERROR] [MY-010095] [Server] Failed to access directory for --secure-file-priv. Please make sure that directory exists and is accessible by MySQL Server. Supplied value : /var/lib/mysql-files
2021-09-05T08:18:00.172626Z 0 [ERROR] [MY-010119] [Server] Aborting
2021-09-05T08:18:00.178880Z mysqld_safe mysqld from pid file /run/mysqld/mysqld.pid ended
Edit- Here is what I get when I run the following commands:
root#DESKTOP-P44T17P:~# stat /var/lib/mysql-files
stat: cannot stat '/var/lib/mysql-files': No such file or directory
root#DESKTOP-P44T17P:~# grep user /etc/mysql/mysql.conf.d/mysqld.cnf
user = mysql
It does not look the mysql-files directory exists.
Ubuntu 20.04.2
it might be your log folder deleted for some reason. make sure there's /var/log/mysql folder. if it's don't just make new one with mysql ownership.
Ensure the directory /var/lib/mysql-files exists and MySQL should start.
You can try:
sudo mkdir /var/lib/mysql-files

After `brew install mysql` mysqld fails to start, complaining about unknown option "--skip-locking". How do I fix this?

Lots of details here...
OS: OS X El Capitan 10.11.6
$ brew --version
Homebrew 1.5.12
Homebrew/homebrew-core (git revision af232; last commit 2018-03-27)
I could no longer connect to my local mysql, so I reinstalled with brew, following instructions at https://coderwall.com/p/os6woq/uninstall-all-those-broken-versions-of-mysql-and-re-install-it-with-brew-on-mac-mavericks including restarting after uninstalling mysql.
Running mysql_install_db is successful:
2018-03-27 10:17:01 [WARNING] mysql_install_db is deprecated. Please consider switching to mysqld --initialize
2018-03-27 10:17:01 [NOTE] Creating data directory /usr/local/var/mysql
2018-03-27 10:17:01 [NOTE] Generating random password to /Users/me/.mysql_secret...done.
2018-03-27 10:17:01 [NOTE] Executing /usr/local/opt/mysql/bin/mysqld --bootstrap --datadir=/usr/local/var/mysql --lc-messages-dir=/usr/local/opt/mysql/share/mysql --lc-messages=en_US --basedir=/usr/local/opt/mysql
2018-03-27 10:17:03 [NOTE] Creating system tables...done.
2018-03-27 10:17:03 [NOTE] Filling system tables with data...done.
2018-03-27 10:17:04 [NOTE] Filling help table with data...done.
2018-03-27 10:17:04 [NOTE] Creating user for internal session service...done.
2018-03-27 10:17:04 [NOTE] Creating default user root#localhost
2018-03-27 10:17:04 [NOTE] Creating default proxy root#localhost
2018-03-27 10:17:04 [NOTE] Creating sys schema
2018-03-27 10:17:06 [NOTE] done.
2018-03-27 10:17:07 [WARNING] The bootstrap log isn't empty:
2018-03-27 10:17:07 [WARNING] 2018-03-27T17:17:01.939957Z 0 [Warning] --bootstrap is deprecated. Please consider using --initialize instead
When I try running mysql.server start I get this error message on the command line:
... ERROR! The server quit without updating PID file (/usr/local/var/mysql/myhostname.pid).
And here's the error in /usr/local/var/mysql/myhostname.err:
2018-03-27T17:30:40.451904Z 0 [ERROR] unknown option '--skip-locking'
There is no /etc/my.cnf file.
Here's what I do see from /usr/local:
find Cellar/mysql/ var/mysql -name my.cnf
Cellar/mysql//5.7.21/.bottle/etc/my.cnf
$ cat Cellar/mysql//5.7.21/.bottle/etc/my.cnf
# Default Homebrew MySQL server config
[mysqld]
# Only allow connections from localhost
bind-address = 127.0.0.1
And I also added set -x to /usr/local/Cellar/mysql/5.7.21/bin/mysqld_safe and here's the command-line it uses to launch:
nohup /usr/local/Cellar/mysql/5.7.21/bin/mysqld \
--basedir=/usr/local/Cellar/mysql/5.7.21 \
--datadir=/usr/local/var/mysql \
--plugin-dir=/usr/local/Cellar/mysql/5.7.21/lib/plugin \
--log-error=Erics-MacBook-Pro-601.err \
--pid-file=/usr/local/var/mysql/Erics-MacBook-Pro-601.pid \
--socket=/tmp/mysql.sock \
--port=3306
So where is the --skip-locking option getting injected? Any suggestions where to look?
Found it in ~/.my.cnf
[Extra text added to appease stackoverflow]

Docker with mysql: The error means mysqld does not have the access rights to the directory

I am on Mac 10.11.3 (15D21)
About Docker I have:
$ docker version
Client:
Version: 1.10.3
API version: 1.22
Go version: go1.5.3
Git commit: 20f81dd
Built: Thu Mar 10 21:49:11 2016
OS/Arch: darwin/amd64
Server:
Version: 1.10.3
API version: 1.22
Go version: go1.5.3
Git commit: 20f81dd
Built: Thu Mar 10 21:49:11 2016
OS/Arch: linux/amd64
For Mysql
$ docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
mysql latest 7a5866c2edbf 12 days ago 361.3 MB
...
I did the following:
mkdir -p /Users/me/docker/mysql/data
chmod -R 777 /Users/me/docker/mysql/data
(Even with sudo for each command)
It from Pro Docker and from: Permission denied when mounting Docker volume in OSX
Even doing:
docker -v /Users/me/docker/mysql/data:/var/lib/mysql mysql chown -R mysql /var/lib/mysql
It from: Database Fails to Start - Host Directory as a Data Volume
When I execute: (showing in multiple lines for better visualisation)
docker run -v /Users/me/docker/mysql/data:/var/lib/mysql --name manolitomysql
-e MYSQL_DATABASE='mysqldb' -e MYSQL_USER='mysql' -e MYSQL_PASSWORD='mysql'
-e MYSQL_ALLOW_EMPTY_PASSWORD='yes' -e MYSQL_ROOT_PASSWORD='' -d mysql
I always get:
$ docker logs manolitomysql
Initializing database
2016-03-27T16:04:33.520170Z 0 [Warning] Setting lower_case_table_names=2 because file system for /var/lib/mysql/ is case insensitive
2016-03-27T16:04:35.089907Z 0 [ERROR] InnoDB: Operating system error number 13 in a file operation.
2016-03-27T16:04:35.090006Z 0 [ERROR] InnoDB: The error means mysqld does not have the access rights to the directory.
2016-03-27 16:04:35 0x7f061a050740 InnoDB: Assertion failure in thread 139664183068480 in file fil0fil.cc line 868
InnoDB: Failing assertion: success
InnoDB: We intentionally generate a memory trap.
InnoDB: Submit a detailed bug report to http://bugs.mysql.com.
InnoDB: If you get repeated assertion failures or crashes, even
InnoDB: immediately after the mysqld startup, there may be
InnoDB: corruption in the InnoDB tablespace. Please refer to
InnoDB: http://dev.mysql.com/doc/refman/5.7/en/forcing-innodb-recovery.html
InnoDB: about forcing recovery.
16:04:35 UTC - mysqld got signal 6 ;
This could be because you hit a bug. It is also possible that this binary
or one of the libraries it was linked against is corrupt, improperly built,
or misconfigured. This error can also be caused by malfunctioning hardware.
Attempting to collect some information that could help diagnose the problem.
As this is a crash and something is definitely wrong, the information
collection process might fail.
key_buffer_size=8388608
read_buffer_size=131072
max_used_connections=0
max_threads=151
thread_count=0
connection_count=0
It is possible that mysqld could use up to
key_buffer_size + (read_buffer_size + sort_buffer_size)*max_threads = 68188 K bytes of memory
Hope that's ok; if not, decrease some variables in the equation.
Thread pointer: 0x0
Attempting backtrace. You can use the following information to find out
where mysqld died. If you see no messages after this, something went
terribly wrong...
stack_bottom = 0 thread_stack 0x40000
mysqld(my_print_stacktrace+0x2c)[0xe57c7c]
mysqld(handle_fatal_signal+0x459)[0x7896b9]
/lib/x86_64-linux-gnu/libpthread.so.0(+0xf8d0)[0x7f0619c2d8d0]
/lib/x86_64-linux-gnu/libc.so.6(gsignal+0x37)[0x7f061841b067]
/lib/x86_64-linux-gnu/libc.so.6(abort+0x148)[0x7f061841c448]
mysqld[0x75fc29]
mysqld[0x1180f68]
mysqld(_Z40fil_open_log_and_system_tablespace_filesv+0xe4)[0x1185a74]
mysqld[0x107afe0]
mysqld(_Z34innobase_start_or_create_for_mysqlv+0x3692)[0x107eb12]
mysqld[0xf4a05d]
mysqld(_Z24ha_initialize_handlertonP13st_plugin_int+0x51)[0x7d3981]
mysqld[0xc53716]
mysqld(_Z11plugin_initPiPPci+0x5c8)[0xc5a5c8]
mysqld[0x782164]
mysqld(_Z11mysqld_mainiPPc+0x7b2)[0x7835d2]
/lib/x86_64-linux-gnu/libc.so.6(__libc_start_main+0xf5)[0x7f0618407b45]
mysqld[0x77a274]
The manual page at http://dev.mysql.com/doc/mysql/en/crashing.html contains
information that should help you find out what is causing the crash.
What extra configuration is need it?
For the audience, the following works:
1 Create a Dockerfile with
FROM mysql:latest
RUN deluser mysql
RUN useradd mysql
RUN mkdir -p /Users/me/docker/mysql/data
RUN chmod -R 777 /Users/me/docker/mysql/data
2 Create a new image using the previous Dockerfile
3 Run your new container using the previous new image
You may have better control using a Dockerfile with the following instructions:
RUN useradd mysql
RUN mkdir /var/lib/mysql && chown -R mysql:mysql /var/lib/mysql

mysql on amazon linux - MySQL Daemon failed to start

I tried that restarting EC2 instance and sudo service httpd restart.
But I still get this message:
[ec2-user#ip-* ~]$ sudo service mysqld start
MySQL Daemon failed to start.
Starting mysqld: [FAILED]
Also I get this message:
[ec2-user#ip-* ~]$ mysqld
160127 7:01:48 [Note] mysqld (mysqld 5.5.46) starting as process 2745 ...
160127 7:01:48 [Warning] Can't create test file /var/lib/mysql/ip-*.lower-test
160127 7:01:48 [Warning] Can't create test file /var/lib/mysql/ip-*.lower-test
160127 7:01:48 [Note] Plugin 'FEDERATED' is disabled.
mysqld: Can't find file: './mysql/plugin.frm' (errno: 13)
160127 7:01:48 [ERROR] Can't open the mysql.plugin table. Please run mysql_upgrade to create it.
160127 7:01:48 InnoDB: The InnoDB memory heap is disabled
160127 7:01:48 InnoDB: Mutexes and rw_locks use GCC atomic builtins
160127 7:01:48 InnoDB: Compressed tables use zlib 1.2.8
160127 7:01:48 InnoDB: Using Linux native AIO
160127 7:01:48 InnoDB: Initializing buffer pool, size = 128.0M
160127 7:01:48 InnoDB: Completed initialization of buffer pool
160127 7:01:48 InnoDB: Operating system error number 13 in a file operation.
InnoDB: The error means mysqld does not have the access rights to
InnoDB: the directory.
InnoDB: File name ./ibdata1
InnoDB: File operation call: 'open'.
InnoDB: Cannot continue operation.
I don't know what should I do..
Cheers!
EDIT
(+ I'm also using amazon RDS.)
Now, I tried sudo chown -R mysql:mysql /var/lib/mysql too.
But
[ec2-user#ip-* ~]$ mysql_upgrade
Looking for 'mysql' as: mysql
Looking for 'mysqlcheck' as: mysqlcheck
FATAL ERROR: Upgrade failed
[ec2-user#ip-* ~]$ ls -lh /var/lib/mysql/
합계 29M
-rw-rw---- 1 mysql mysql 5.0M 1월 27 06:52 ib_logfile0
-rw-rw---- 1 mysql mysql 5.0M 1월 27 06:12 ib_logfile1
-rw-rw---- 1 mysql mysql 18M 1월 27 06:52 ibdata1
drwx------ 2 mysql mysql 4.0K 1월 20 07:03 mysql
drwx------ 2 mysql mysql 4.0K 1월 20 07:03 performance_schema
drwx------ 2 mysql mysql 4.0K 1월 20 07:03 test
As per today the nano instances with 0.5GiB memory do not allow running mysqld - they do not have enough memory. Running a micro instance with 1GiB memory fixes the problem completely. I think guys at AWS should have made a note about this in the LAMP installation instructions, as this research costed me several hours or even a day before I figured it out.
I answer myself to my question to help other people in the same problem.
I resolved this problem from these steps:
Restart your EC2 instance.
Type sudo service httpd restart. (I don't know why I should do these two steps.)
Type sudo chown -R mysql:mysql /var/lib/mysql. - Before typing this command, check your user= option in your /etc/my.cnf. If there is no user= option, your user is "mysql". (Visit https://stackoverflow.com/a/21435052/1570534)
Change the innodb_buffer_pool_size option inside /etc/my.cnf from 128 (can be different) to 500M. If you don't have innodb_buffer_pool_size option in your /etc/my.cnf, add innodb_buffer_pool_size=500M in [mysqld] section.
I hope it helps you!
I also faced the same issue when setting up an instance on Lightsail with the lowest cost instance (512MB, 1 vCPU, 20 GB SSD).
I was able to solve the issue by adding a swap file in the instance.
Here is the step to create a swap:
Use the dd command to create a swap file on the root file system, where "bs" is the block size and "count" is the number of blocks. In this example the swap file is 1 GB:
$ sudo dd if=/dev/zero of=/swapfile bs=1M count=1000
Update the read and write permissions for the swap file:
$ chmod 600 /swapfile
Set up a Linux swap area:
$ mkswap /swapfile
Make the swap file available for immediate use by adding the swap file to swap space:
$ swapon /swapfile
Verify that the procedure was successful:
$ swapon -s
Enable the swap file at boot time by editing the /etc/fstab file:
$ vi /etc/fstab
$ /swapfile swap swap defaults 0 0
If the issue is in Amazon Linux OS, please check whether you have free swap.
I faced the same issue, when I add more swap, mysql service start working.
You can see more from here http://www.linuxblackmagic.com/2018/04/mysql-daemon-failed-to-start-in-amazon.html
This will surely work for you.
Shivin Vijai
I had this problem, similar to #Michael Zelensky, when I tried to make use of an Amazon t3.nano machine. (FWIW t3.micro needed no extra adjustments on my end, but I was trying to see "how low could I go" )
I was able to find a workaround that seems to be working for now. Simply add:
table_definition_cache=400
.. to the [mysqld] section in /etc/my.cnf . This apparently lowered some of the memory usage enough to allow me to then perform a service mysqld start and the service came up (along with my Wordpress websites :) )
Thanks to some AWS support specialists and also this website for helping me figure this out: http://www.tocker.ca/2014/03/10/configuring-mysql-to-use-minimal-memory.html

cannot touch `/var/log/mysqld.log': Permission denied

i have reinstalled mysql server in cent OS RHEL5.5 , Im getting the following error
touch: cannot touch `/var/log/mysqld.log': Permission denied
chown: changing ownership of `/var/log/mysqld.log': Operation not permitted
chmod: changing permissions of `/var/log/mysqld.log': Operation not permitted
MySQL Daemon failed to start.
Starting mysqld: [FAILED]
I have checked the permissions for log files , its having correct permissions as mysql user
-rw-r----- 1 mysql mysql 5931 Mar 9 04:36 mysqld.log
Please let me know the issue on this and how to solve it.
Thanks
Ok. I have solved the issue,
$ /usr/libexec/mysqld --skip-grant &
[1] 5388
InnoDB: Error: log file ./ib_logfile0 is of different size 0 50331648 bytes
InnoDB: than specified in the .cnf file 0 5242880 bytes!
150312 10:03:28 [Note] /usr/libexec/mysqld: ready for connections.
Version: '5.0.95' socket: '/var/lib/mysql/mysql.sock' port: 3306 Source distribution
$ rm -rf /var/lib/mysql/ib_logfile0
$ rm -rf /var/lib/mysql/ib_logfile1
$ ls -l /var/lib/mysql
i have removed the log files and restart the mysql server.
Thanks
The workaround is:
$ sudo touch /var/log/mysqld.log
$ sudo chown mysql:mysql /var/log/mysqld.log
$ sudo chcon system_u:object_r:mysqld_log_t:s0 /var/log/mysqld.log
In my case, this happened to me after downgrading an AWS EC2 instance. The error was as follows:
$ service mysqld start
touch: cannot touch ‘/var/log/mysqld.log’: Permission denied
chown: changing ownership of ‘/var/log/mysqld.log’: Operation not permitted
chmod: changing permissions of ‘/var/log/mysqld.log’: Operation not permitted
chown: changing ownership of ‘/var/lib/mysql’: Operation not permitted
chmod: changing permissions of ‘/var/lib/mysql’: Operation not permitted
MySQL Daemon failed to start.
Starting mysqld: [FAILED]
Turns out the issue was the new downgraded VM didn't have enough memory as MySQL was trying to reserve.
Updating the value reserved for InnoDB on etc/my.cnf solved the issue:
innodb_buffer_pool_size=4G
No other changes on the file system permissions were needed.
In my case, there is problem with ubuntu apparmor.
Solution:
Edit mysqld profiles (usually in /etc/apparmor.d/usr.sbin.mysqld) and make sure you have:
/var/log/mysqld.log rw,
systemctl reload apparmor
touch /var/log/mysqld.log
chown mysql:mysql /var/log/mysqld.log
chmod 0644 /var/log/mysqld.log
systemctl restart mysql