I'm creating a PostgreSQL database with Docker Compose on Debian 11.
Docker version 20.10.14, build a224086
Docker Compose version v2.3.3
When I try to shutdown Docker Compose and remove all existing data, I cannot seem to get rid of bind mounted data.
docker-compose.yml
version: '3'
services:
postgres:
image: postgres:9.3.25
healthcheck:
test: [ "CMD", "pg_isready", "-q", "-d", "postgres", "-U", "root" ]
timeout: 45s
interval: 10s
retries: 10
restart: always
environment:
- POSTGRES_USER=root
- POSTGRES_PASSWORD=docker
- APP_DB_USER=app_user
- APP_DB_PASS=docker
- APP_DB_NAME=myapp_db
# Notice this creates bind mounts, not volumes!
volumes:
- ./db-entry-point:/docker-entrypoint-initdb.d/
- ./postgres-db-data:/var/lib/postgresql/data
ports:
- 5432:5432
The command below is issued to shutdown docker containers. I know it doesn't remove volumes by default. --volumes argument could be used for removing volumes, but I tested that it doesn't remove bind mound data.
docker compose -f /opt/storage/disk-03/docker/myapp-db/docker-compose.yml down
These files are on the bind mount target directory:
ls -la /opt/storage/disk-03/docker/myapp-db/postgres-db-data/
total 44
drwx------ 15 systemd-timesync root 329 Mar 29 09:52 .
drwxr-xr-x 4 root root 78 Mar 29 09:35 ..
-rw------- 1 systemd-timesync systemd-timesync 4 Mar 28 14:52 PG_VERSION
drwx------ 7 systemd-timesync systemd-timesync 67 Mar 28 14:52 base
drwx------ 2 systemd-timesync systemd-timesync 4096 Mar 29 09:51 global
drwx------ 2 systemd-timesync systemd-timesync 18 Mar 28 14:52 pg_clog
-rw------- 1 systemd-timesync systemd-timesync 4486 Mar 28 14:52 pg_hba.conf
-rw------- 1 systemd-timesync systemd-timesync 1636 Mar 28 14:52 pg_ident.conf
drwx------ 4 systemd-timesync systemd-timesync 36 Mar 28 14:52 pg_multixact
drwx------ 2 systemd-timesync systemd-timesync 18 Mar 29 09:50 pg_notify
drwx------ 2 systemd-timesync systemd-timesync 6 Mar 28 14:52 pg_serial
drwx------ 2 systemd-timesync systemd-timesync 6 Mar 28 14:52 pg_snapshots
drwx------ 2 systemd-timesync systemd-timesync 105 Mar 29 09:52 pg_stat
drwx------ 2 systemd-timesync systemd-timesync 6 Mar 29 09:52 pg_stat_tmp
drwx------ 2 systemd-timesync systemd-timesync 18 Mar 28 14:52 pg_subtrans
drwx------ 2 systemd-timesync systemd-timesync 6 Mar 28 14:52 pg_tblspc
drwx------ 2 systemd-timesync systemd-timesync 6 Mar 28 14:52 pg_twophase
drwx------ 3 systemd-timesync systemd-timesync 60 Mar 28 14:52 pg_xlog
-rw------- 1 systemd-timesync systemd-timesync 20120 Mar 28 14:52 postgresql.conf
-rw------- 1 systemd-timesync systemd-timesync 37 Mar 29 09:50 postmaster.opts
I'm not sure how to delete these files as rm -rf doesn't remove them. ls -la /opt/storage/disk-03/docker/myapp-db/postgres-db-data/ still lists the files.
sudo rm -rf /opt/storage/disk-03/docker/myapp-db/postgres-db-data/*
What would be the right way from Docker's perspective to remove these files?
Seems that the files can be removed by changing the owner of the files first and then removing. I'm not sure what's going on in the underlying OS, but I tested this couple times and it works.
# This doesn't remove the files when files are owned by "systemd-timesync"
sudo rm -rf /opt/storage/disk-03/docker/myapp-db/postgres-db-data/*
# chown to admin user
sudo chown -R admin. /opt/storage/disk-03/docker/myapp-db/postgres-db-data/
# Now removal works
sudo rm -rf /opt/storage/disk-03/docker/myapp-db/postgres-db-data/*
Related
The uploads directory is not writeable by a browser because of ownership.
-rw-rw-r-- 1 masud masud 28 Mar 23 15:46 index.php
drwxrwxr-x 4 masud masud 4096 Mar 23 15:46 languages
drwxrwxr-x 11 masud masud 4096 Mar 23 16:16 plugins
drwxrwxr-x 3 masud masud 4096 Mar 23 16:11 themes
drwxrwxr-x 4 masud masud 4096 Mar 7 13:14 uploads
I want to change the ownership of the uploads directory.
it will change the ownership of that directory
sudo chmod -R 0777 directory_name
Scenario;
AWS EC2 running Red Hat 8.2 with an EBS volume mounted at /data
mount | grep -i data
/dev/nvme1n1 on /data type xfs (rw,relatime,seclabel,attr2,inode64,noquota)
Created a test user with home directory on the external EBS volume /data/home/test and copied authorized_keys from ec2-user. SSH fails, 'Server refused our key'. However, when the home directory is moved to root volume; /home, it is possible to login.
The permissions are the same, what am I missing? Thanks!
# ls -Rla /data/home/test/
/data/home/test/:
total 16
drwx------. 3 test test 88 Oct 19 10:16 .
drwxr-xr-x. 4 root root 30 Oct 19 10:15 ..
-rw-r--r--. 1 test test 18 Aug 30 2019 .bash_logout
-rw-r--r--. 1 test test 141 Aug 30 2019 .bash_profile
-rw-r--r--. 1 test test 312 Aug 30 2019 .bashrc
-rw-r--r--. 1 test test 172 Feb 6 2020 .kshrc
drwx------. 2 test test 29 Oct 19 10:16 .ssh
/data/home/test/.ssh:
total 4
drwx------. 2 test test 29 Oct 19 10:16 .
drwx------. 3 test test 88 Oct 19 10:16 ..
-rw-------. 1 test test 829 Oct 19 10:16 authorized_keys
# ls -Rla /home/test/
/home/test/:
total 16
drwx------. 3 test test 88 Oct 19 10:40 .
drwxr-xr-x. 8 root root 106 Oct 19 10:39 ..
-rw-r--r--. 1 test test 18 Aug 30 2019 .bash_logout
-rw-r--r--. 1 test test 141 Aug 30 2019 .bash_profile
-rw-r--r--. 1 test test 312 Aug 30 2019 .bashrc
-rw-r--r--. 1 test test 172 Feb 6 2020 .kshrc
drwx------. 2 test test 29 Oct 19 10:40 .ssh
/home/test/.ssh:
total 4
drwx------. 2 test test 29 Oct 19 10:40 .
drwx------. 3 test test 88 Oct 19 10:40 ..
-rw-------. 1 test test 829 Oct 19 10:40 authorized_keys
I have installed homebrew without any problems.
The problem was to install node.. I got permission errors about /usr/local directory and symlinks.
So I did
sudo chown -R myuser /usr/local
then I istalled node without problems and then I did
sudo chown -R root /usr/local
I don't remember how was the owners in first place. I just followed some suggestions from stackoverflow to change the owner of /usr/local (a voice inside me says I did bad).
So when I run
brew doctor
I got some warnings and suggestions to chown some folders in /usr/local directory, so I did them. Then when I run
brew doctor
brew update
I get no warnings or errors anymore and looks fine (there was no updates to do after all).
My directories now looks like below. Can anyone confirm if is secure like that? How should be the owners in /usr/local ? Tt's okay to have it owned by my user as they say at github? Thanks.
myuser#iMac:/usr$ ls -la
total 8
drwxr-xr-x# 12 root wheel 408B Sep 30 23:52 ./
drwxr-xr-x 30 root wheel 1.1K Jan 23 17:51 ../
drwxr-xr-x 5 root wheel 170B Aug 23 03:51 X11/
lrwxr-xr-x 1 root wheel 3B Sep 30 23:43 X11R6# -> X11
drwxr-xr-x 3 root wheel 102B Aug 27 04:17 adic/
drwxr-xr-x 1055 root wheel 35K Jan 23 17:51 bin/
drwxr-xr-x 263 root wheel 8.7K Jan 23 17:52 lib/
drwxr-xr-x 186 root wheel 6.2K Jan 23 17:51 libexec/
drwxrwxr-x 22 root admin 748B Feb 7 12:28 local/
drwxr-xr-x 243 root wheel 8.1K Jan 23 17:51 sbin/
drwxr-xr-x 45 root wheel 1.5K Sep 30 23:43 share/
drwxr-xr-x 4 root wheel 136B Sep 17 09:03 standalone/
myuser#iMac:/usr$ cd local/
myuser#iMac:/usr/local$ ls -la
total 104
drwxrwxr-x 22 root admin 748B Feb 7 12:28 ./
drwxr-xr-x# 12 root wheel 408B Sep 30 23:52 ../
drwxr-xr-x 15 myuser admin 510B Feb 7 12:56 .git/
-rw-r--r-- 1 root admin 847B Feb 6 10:48 .gitignore
-rw-r--r-- 1 root admin 1.3K Feb 6 10:48 .travis.yml
-rw-r--r-- 1 root admin 291B Feb 6 10:48 .yardopts
-rw-r--r-- 1 root admin 3.1K Feb 6 10:48 CODEOFCONDUCT.md
-rw-r--r-- 1 root admin 2.5K Feb 6 10:48 CONTRIBUTING.md
drwxr-xr-x 3 myuser admin 102B Feb 7 12:28 Cellar/
-rw-r--r-- 1 root admin 1.2K Feb 6 10:48 LICENSE.txt
drwxr-xr-x 10 myuser admin 340B Feb 7 12:28 Library/
-rw-r--r-- 1 root admin 2.4K Feb 6 10:48 README.md
-rw-r--r-- 1 root admin 23K Feb 6 10:48 SUPPORTERS.md
drwxrwxr-x 9 root admin 306B Feb 7 12:28 bin/
drwxr-xr-x 3 myuser admin 102B Feb 7 12:28 etc/
drwxr-xr-x 10 root wheel 340B Aug 3 2015 git/
drwxr-xr-x 20 root wheel 680B Dec 3 02:01 go/
drwxr-xr-x 3 myuser admin 102B Feb 7 12:28 include/
drwxr-xr-x 4 myuser admin 136B Feb 7 12:28 lib/
drwxr-xr-x 3 root wheel 102B May 15 2015 n/
drwxr-xr-x 3 myuser admin 102B Feb 7 12:28 opt/
drwxrwxr-x 5 root admin 170B Feb 7 12:28 share/
myuser#iMac:/usr/local$
Whatever I did I couldn't start postgresql 9.2 on Mac 10.9.3 again after reboot.
$ initdb -D /usr/local/var/postgres
The files belonging to this database system will be owned by user "alex".
This user must also own the server process.
The database cluster will be initialized with locale "en_US.UTF-8".
The default database encoding has accordingly been set to "UTF8".
The default text search configuration will be set to "english".
Data page checksums are disabled.
initdb: directory "/usr/local/var/postgres" exists but is not empty
If you want to create a new database system, either remove or empty
the directory "/usr/local/var/postgres" or run initdb
with an argument other than "/usr/local/var/postgres"
I decided I should create another directory in it. So I created data directory there and ran initdb again:
$ initdb -D /usr/local/var/postgres/data
The files belonging to this database system will be owned by user "alex".
This user must also own the server process.
The database cluster will be initialized with locale "en_US.UTF-8".
The default database encoding has accordingly been set to "UTF8".
The default text search configuration will be set to "english".
Data page checksums are disabled.
fixing permissions on existing directory /usr/local/var/postgres/data ... initdb:
could not change permissions of directory "/usr/local/var/postgres/data":
Operation not permitted
I tried to change the permissions but didn't figure out what were the right ones. Here is what I have:
$ ls -ald /usr/local/var/postgres
drwxr-xr-x 22 _postgres staff 748 Jun 13 17:26 /usr/local/var/postgres
ls -ald /usr/local/var/postgres/data
drwxr-xr-x 2 _postgres staff 68 Jun 13 17:26 /usr/local/var/postgres/data
$ ls -al /usr/local/var/postgres
total 96
drwxr-xr-x 22 _postgres staff 748 Jun 13 17:26 .
drwx------ 3 alex admin 102 Jun 1 15:08 ..
-rw------- 1 _postgres _postgres 4 Jun 1 15:08 PG_VERSION
drwx------ 6 _postgres _postgres 204 Jun 2 11:40 base
drwxr-xr-x 2 _postgres staff 68 Jun 13 17:26 data
drwx------ 42 _postgres _postgres 1428 Jun 2 14:18 global
drwx------ 3 _postgres _postgres 102 Jun 1 15:08 pg_clog
-rw------- 1 _postgres _postgres 4465 Jun 2 10:58 pg_hba.conf
-rw------- 1 _postgres _postgres 1636 Jun 1 15:08 pg_ident.conf
drwx------ 4 _postgres _postgres 136 Jun 1 15:08 pg_multixact
drwx------ 3 _postgres _postgres 102 Jun 1 18:24 pg_notify
drwx------ 2 _postgres _postgres 68 Jun 1 15:08 pg_serial
drwx------ 2 _postgres _postgres 68 Jun 1 15:08 pg_snapshots
drwx------ 7 _postgres _postgres 238 Jun 2 21:23 pg_stat
drwx------ 2 _postgres _postgres 68 Jun 2 21:23 pg_stat_tmp
drwx------ 3 _postgres _postgres 102 Jun 1 15:08 pg_subtrans
drwx------ 2 _postgres _postgres 68 Jun 1 15:08 pg_tblspc
drwx------ 2 _postgres _postgres 68 Jun 1 15:08 pg_twophase
drwx------ 4 _postgres _postgres 136 Jun 1 15:08 pg_xlog
-rw------- 1 _postgres _postgres 20571 Jun 1 15:08 postgresql.conf
-rw------- 1 _postgres _postgres 79 Jun 1 18:24 postmaster.opts
-rw------- 1 _postgres _postgres 1482 Jun 2 21:23 server.log
What should I do next? I'm out of ideas. The only guess is that it is related to a file or folder permissions.
Two step process:
Go to your web-browser and search for "postgresql permissions data directory" - look down the list for the page from the official manuals (it's the top one for me).
Read the page from the official manuals and follow the instructions.
Presumably it's complaining that it "could not change permissions" because you aren't running this as user "_postgres". Note - it's normally user "postgres". I don't know if the name-change is something you've done or something common on Mac installations.
Oh - and I can't see why this is tagged "linux"
I have a chrooted user(username: clientdev) which I have jailed inside their home directory. This chroot directory is /home/clientdev/ which is owned by root.
Now I need this clientdev user to be able access the tomcat web application folder which is residing under /mnt/datadrive/tomcat/webapps.
What I have done is :
chroot the user with a public key of their own to the home
directory.
Create a folder under /home/clientdev called tomcat_ROOT and gave
the ownership to clientdev.
Now when I run the command :
mount -bind /mnn/datadrive/tomcat/webapps /home/clientdev/tomcat_ROOT
The folder disappears from the directory listing inside /home/clientdev if I login with clientdev. My root user can see it but now the desired user.
Any help would be greatly appreciated
Thanks in advance,
Peter
Output of ls -l /home/clientdev/tomcat_ROOT:
drwxr-xr-x. 6 root root 4096 Apr 11 15:07 .
drwxrwxr-x. 12 root root 4096 Apr 11 15:07 ..
drwxr-xr-x. 3 root root 4096 Apr 9 22:10 webapp1
drwxr-xr-x. 4 root root 4096 Mar 18 18:43 webapp2
drwxr-xr-x. 3 root root 4096 Apr 9 22:11 webapp3
drwxrwxr-x. 10 root root 4096 Apr 11 15:20 ROOT
Output of ls -l /home/clientdev/:
drwx------. 4 clientdev clientdev 4096 Apr 10 21:36 .
drwxr-xr-x. 7 root root 4096 Apr 10 22:07 ..
-rw-------. 1 clientdev clientdev 664 Apr 10 21:43 .bash_history
-rw-r--r--. 1 clientdev clientdev 18 Apr 23 2012 .bash_logout
-rw-r--r--. 1 clientdev clientdev 176 Apr 23 2012 .bash_profile
-rw-r--r--. 1 clientdev clientdev 124 Apr 23 2012 .bashrc
drwx------. 2 clientdev clientdev 4096 Apr 10 19:20 .ssh
drwxr-xr-x. 2 clientdev clientdev 4096 Apr 10 21:34 tomcat_ROOT