Docker 容器的用户权限是否会影响 docker-compose.yml 中挂载卷的主机权限?

tag-icon tag-icon linux centos mysql docker docker-compose
Docker 容器的用户权限是否会影响 docker-compose.yml 中挂载卷的主机权限?

我有docker-compose.yml如下内容,

version: '2'
services:
  mysql:
    image: centos/mysql-56-centos7:latest
    restart: always
    container_name: mysql
    environment:
       - MYSQL_ROOT_PASSWORD=111111
    volumes:
      - /etc/localtime:/etc/localtime
      - /data/mysql:/var/lib/mysql/data
    ports:
      - 3306:3306

centos/mysql-56-centos7是来自 Docker Hub 的镜像,我用它docker-compose up来启动容器,但是总是失败,原因是:

Can't create test file /var/lib/mysql/data/cdef45a5817c.lower-test

详细信息:

    Creating network "mysql_default" with the default driver
    Creating mysql ... ^M
    ^[[1A^[[2K^MCreating mysql ... ^[[32mdone^[[0m^M^[[1BAttaching to mysql
    ^[[36mmysql    |^[[0m => sourcing 20-validate-variables.sh ...
    ^[[36mmysql    |^[[0m => sourcing 25-validate-replication-variables.sh ...
    ^[[36mmysql    |^[[0m => sourcing 30-base-config.sh ...
    ^[[36mmysql    |^[[0m ---> 16:39:17     Processing basic MySQL configuration files ...
    ^[[36mmysql    |^[[0m => sourcing 60-replication-config.sh ...
    ^[[36mmysql    |^[[0m => sourcing 70-s2i-config.sh ...
    ^[[36mmysql    |^[[0m ---> 16:39:17     Processing additional arbitrary  MySQL configuration provided by s2i ...
    ^[[36mmysql    |^[[0m => sourcing 40-paas.cnf ...
    ^[[36mmysql    |^[[0m => sourcing 50-my-tuning.cnf ...
    ^[[36mmysql    |^[[0m ---> 16:39:17     Initializing database ...
    ^[[36mmysql    |^[[0m ---> 16:39:17     Running mysql_install_db --rpm --datadir=/var/lib/mysql/data
    ^[[36mmysql    |^[[0m 2020-01-10 16:39:17 0 [Warning] TIMESTAMP with implicit DEFAULT value is deprecated. Please use --explicit_defaults_for_timestamp server option (see documentation for more details).
    ^[[36mmysql    |^[[0m 2020-01-10 16:39:17 0 [Note] Ignoring --secure-file-priv value as server is running with --bootstrap.
    ^[[36mmysql    |^[[0m 2020-01-10 16:39:17 0 [Note] /opt/rh/rh-mysql56/root/usr/libexec/mysqld (mysqld 5.6.38) starting as process 30 ...
    ^[[36mmysql    |^[[0m 2020-01-10 16:39:17 30 [Warning] Can't create test file /var/lib/mysql/data/a5d11f4146dd.lower-test
    ^[[36mmysql    |^[[0m 2020-01-10 16:39:17 30 [Warning] Can't create test file /var/lib/mysql/data/a5d11f4146dd.lower-test
    ^[[36mmysql    |^[[0m 2020-01-10 16:39:17 30 [Note] InnoDB: Using atomics to ref count buffer pool pages
    ^[[36mmysql    |^[[0m 2020-01-10 16:39:17 30 [Note] InnoDB: The InnoDB memory heap is disabled
    ^[[36mmysql    |^[[0m 2020-01-10 16:39:17 30 [Note] InnoDB: Mutexes and rw_locks use GCC atomic builtins
    ^[[36mmysql    |^[[0m 2020-01-10 16:39:17 30 [Note] InnoDB: Memory barrier is not used
    ^[[36mmysql    |^[[0m 2020-01-10 16:39:17 30 [Note] InnoDB: Compressed tables use zlib 1.2.7
    ^[[36mmysql    |^[[0m 2020-01-10 16:39:17 30 [Note] InnoDB: Using Linux native AIO
    ^[[36mmysql    |^[[0m 2020-01-10 16:39:17 30 [Note] InnoDB: Using CPU crc32 instructions
    ^[[36mmysql    |^[[0m 2020-01-10 16:39:17 30 [Note] InnoDB: Initializing buffer pool, size = 32.0M
    ^[[36mmysql    |^[[0m 2020-01-10 16:39:17 30 [Note] InnoDB: Completed initialization of buffer pool
    ^[[36mmysql    |^[[0m 2020-01-10 16:39:17 7f1048c42840  InnoDB: Operating system error number 13 in a file operation.
    ^[[36mmysql    |^[[0m InnoDB: The error means mysqld does not have the access rights to
    ^[[36mmysql    |^[[0m InnoDB: the directory.
    ^[[36mmysql    |^[[0m 2020-01-10 16:39:17 7f1048c42840  InnoDB: Operating system error number 13 in a file operation.
    ^[[36mmysql    |^[[0m InnoDB: The error means mysqld does not have the access rights to
    ^[[36mmysql    |^[[0m InnoDB: the directory.
    ^[[36mmysql    |^[[0m 2020-01-10 16:39:17 30 [ERROR] InnoDB: Creating or opening ./ibdata1 failed!
    ^[[36mmysql    |^[[0m 2020-01-10 16:39:17 30 [ERROR] InnoDB: Could not open or create the system tablespace. If you tried to add new data files to the system tablespace, and it failed here, you should now edit innodb_data_file_path in my.cnf back to what it was, and remove the new ibdata files InnoDB created in this failed attempt. InnoDB only wrote those files full of zeros, but did not yet use them in any way. But be careful: do not remove old data files which contain your precious data!
    ^[[36mmysql    |^[[0m 2020-01-10 16:39:17 30 [ERROR] Plugin 'InnoDB' init function returned error.
    ^[[36mmysql    |^[[0m 2020-01-10 16:39:17 30 [ERROR] Plugin 'InnoDB' registration as a STORAGE ENGINE failed.
    ^[[36mmysql    |^[[0m 2020-01-10 16:39:17 30 [ERROR] Unknown/unsupported storage engine: InnoDB
    ^[[36mmysql    |^[[0m 2020-01-10 16:39:17 30 [ERROR] Aborting
    ^[[36mmysql    |^[[0m
    ^[[36mmysql    |^[[0m 2020-01-10 16:39:17 30 [Note] Binlog end
    ^[[36mmysql    |^[[0m 2020-01-10 16:39:17 30 [Note] /opt/rh/rh-mysql56/root/usr/libexec/mysqld: Shutdown complete

如果我/data/mysql:/var/lib/mysql/data从中删除这一行docker-compose.yml,容器就可以正常启动。

docker-compose up在主机上以 root 权限运行,怎么会有权限问题?我不知道 MySQL 进程在 docker 容器内以什么用户权限启动,但这会如何影响主机的权限?

其他信息:

在主机上,似乎没有启用 selinux

# getenforce
Disabled

我修改了 mysql 文件夹的权限,因此

# ls -l /data
total 0
drwxrwxrwx 2 root root 6 Jan  9 15:28 mysql

答案1

看起来 Docker 容器内的 MySQL 用户没有写入主机文件系统目录的权限。这与您以 root 身份/data/mysql运行无关。守护进程以容器内的用户身份启动,因此它具有这些权限。docker composemysqlmysql

/data/mysql要解决此问题,请更改主机文件系统上目录的所有权:

sudo chown -R 27 /data/mysql

27 是 Docker 容器内用户的数字 UID mysql。使用数字代替名称mysql,因为主机文件系统上的用户的 UID 可能不同mysql,但实际权限是通过 UID 号检查的。

不要创建目录rwx777除非有很好的理由

相关内容