We Keep Coding

Weird permissions podman docker-compose volume

I have specified docker-compose.yml file with some volumes to mount. Here is example:
backend-move:
container_name: backend-move
environment:
APP_ENV: prod
image: backend-move:latest
logging:
options:
max-size: 250m
ports:
- 8080:8080
tty: true
volumes:
- php_static_logos:/app/public/images/logos
- ./volumes/nginx-php/robots.txt:/var/www/html/public/robots.txt
- ./volumes/backend/mysql:/app/mysql
- ./volumes/backend/httpd/welcome.conf:/etc/httpd/conf.d/welcome.conf
After I run podman-compose up -d and go to container through docker exec -it backend-move bash
I have this crazy permissions (??????????) on mounted files:
bash-4.4$ ls -la
ls: cannot access 'welcome.conf': Permission denied
total 28
drwxrwxrwx. 2 root root 114 Apr 21 12:29 .
drwxrwxrwx. 5 root root 105 Apr 21 12:29 ..
-rwxrwxrwx. 1 root root 400 Mar 21 17:33 README
-rwxrwxrwx. 1 root root 2926 Mar 21 17:33 autoindex.conf
-rwxrwxrwx. 1 root root 1517 Apr 21 12:29 php.conf
-rwxrwxrwx. 1 root root 8712 Apr 21 12:29 ssl.conf
-rwxrwxrwx. 1 root root 1252 Mar 21 17:27 userdir.conf
-?????????? ? ? ? ? ? welcome.conf
Any suggestions?
[root#45 /]# podman-compose --version
['podman', '--version', '']
using podman version: 3.4.2
podman-composer version 1.0.3
podman --version
podman version 3.4.2

facing the exact same issue, although on macos with the podman machine, since the parent dir has been mounted on the podman-machine, I do get the write permissions.
Although, on linux, it just fails as in your example.
To fix my issue, I had to add:
privileged: true

Service mongod does not start on Centos8

I tried to install mongoDB on Centos8, but when I run the command
systemctl status mongod.service
I get this error:
● mongod.service - MongoDB Database Server
Loaded: loaded (/usr/lib/systemd/system/mongod.service; enabled; vendor preset: disabled)
Active: failed (Result: exit-code) since Sat 2020-08-01 14:26:53 CEST; 11min ago
Docs: https://docs.mongodb.org/manual
Process: 1875 ExecStart=/usr/bin/mongod $OPTIONS (code=exited, status=14)
Process: 1873 ExecStartPre=/usr/bin/chmod 0755 /var/run/mongodb (code=exited, status=0/SUCCESS)
Process: 1871 ExecStartPre=/usr/bin/chown mongod:mongod /var/run/mongodb (code=exited, status=0/SUCCESS)
Process: 1869 ExecStartPre=/usr/bin/mkdir -p /var/run/mongodb (code=exited, status=0/SUCCESS)
Aug 01 14:26:53 db.localhost systemd[1]: Starting MongoDB Database Server...
Aug 01 14:26:53 db.localhost mongod[1875]: about to fork child process, waiting until server is ready for>
Aug 01 14:26:53 db.localhost mongod[1875]: forked process: 1877
Aug 01 14:26:53 db.localhost mongod[1875]: ERROR: child process failed, exited with 14
Aug 01 14:26:53 db.localhost mongod[1875]: To see additional information in this output, start without th>
Aug 01 14:26:53 db.localhost systemd[1]: mongod.service: Control process exited, code=exited status=14
Aug 01 14:26:53 db.localhost systemd[1]: mongod.service: Failed with result 'exit-code'.
Aug 01 14:26:53 db.localhost systemd[1]: Failed to start MongoDB Database Server.
I tried to check privileges for the folders: /var/lib/mongo and /var/log/mongodb
#/var/lib/
drwxr-xr-x. 4 mongod mongod 4096 Aug 1 14:44 mongo
#/var/log/
drwxr-xr-x. 2 mongod mongod 50 Aug 1 14:14 mongodb
In some other posts, people told to try this command:
sudo chown -R mongodb:mongodb /var/lib/mongodb/
but in don't have the user mongodb and I get the error: invalid user: 'mongodb:mongodb'!
In my /etc/passwd file the only user for mongo is this:
mongod:x:994:992:mongod:/var/lib/mongo:/bin/false
What's the problem?
Why I cannot run mongod.service?
Thanks for your support.
Added more informations:
systemctl cat mongod
[root#db tmp]# systemctl cat mongod
# /usr/lib/systemd/system/mongod.service
[Unit]
Description=MongoDB Database Server
Documentation=https://docs.mongodb.org/manual
After=network.target
[Service]
User=mongod
Group=mongod
Environment="OPTIONS=-f /etc/mongod.conf"
EnvironmentFile=-/etc/sysconfig/mongod
ExecStart=/usr/bin/mongod $OPTIONS
ExecStartPre=/usr/bin/mkdir -p /var/run/mongodb
ExecStartPre=/usr/bin/chown mongod:mongod /var/run/mongodb
ExecStartPre=/usr/bin/chmod 0755 /var/run/mongodb
PermissionsStartOnly=true
PIDFile=/var/run/mongodb/mongod.pid
Type=forking
# file size
LimitFSIZE=infinity
# cpu time
LimitCPU=infinity
# virtual memory size
LimitAS=infinity
# open files
LimitNOFILE=64000
# processes/threads
LimitNPROC=64000
# locked memory
LimitMEMLOCK=infinity
# total threads (user+kernel)
TasksMax=infinity
TasksAccounting=false
# Recommended limits for mongod as specified in
# https://docs.mongodb.com/manual/reference/ulimit/#recommended-ulimit-settings
[Install]
WantedBy=multi-user.target
mongod.conf
[root#db tmp]# cat /etc/mongod.conf
# ..
# mongod.conf
# for documentation of all options, see:
# http://docs.mongodb.org/manual/reference/configuration-options/
# where to write logging data.
systemLog:
destination: file
logAppend: true
path: /var/log/mongodb/mongod.log
# Where and how to store data.
storage:
dbPath: /var/lib/mongo
journal:
enabled: true
# engine:
# wiredTiger:
# how the process runs
processManagement:
fork: true # fork and run in background
pidFilePath: /var/run/mongodb/mongod.pid # location of pidfile
timeZoneInfo: /usr/share/zoneinfo
# network interfaces
net:
port: 27017
bindIp: 127.0.0.1 # Enter 0.0.0.0,:: to bind to all IPv4 and IPv6 addresses or, alternatively, use the net.bindIpAll setting.
#security:
#operationProfiling:
#replication:
#sharding:
## Enterprise-Only Options
#auditLog:
#snmp:
/usr/bin/mongod -f /etc/mongod.conf
[root#db mongodb]# /usr/bin/mongod -f /etc/mongod.conf
about to fork child process, waiting until server is ready for connections.
forked process: 1959
child process started successfully, parent exiting

For some kind of reason, mongod want the folder /data/db and ignore the file mongod.conf
After I created these folders, if I run mongod command (with sudo), programme start "correctly".
But if I reboot the system, the service fails on boot and continue to have problems.

Permission denied error Change dbpath for mongodb in centos

I am attempting to update the dbpath for mongo db. I am following the steps as below:
1) Create new directory : sudo mkdir /mnt/database/mongo
2) Change owner : sudo cp -R /var/lib/mongo/ /mnt/database/
3) Copy DB files: sudo chown mongod:mongod -R /mnt/database/mongo
4) Update mongo configuration file:
storage:
dbPath: /mnt/database/mongo
5) Restart mongod service: sudo systemctl restart mongod
The service restart command gives the following error:
Job for mongod.service failed because the control process exited with error code. See systemctl status mongod.service and journalctl -xe for details.
Logfile contents:
I CONTROL [initandlisten] options: { config: "/etc/mongod.conf", net: { bindIp: "127.0.0.1", port: 27017 }, processManagement: { fork: true, pidFilePath: "/var/run/mongodb/mongod.pid", timeZoneInfo: "/usr/share/zoneinfo" }, storage: { dbPath: "/mnt/database/mongo", journal: { enabled: true } }, systemLog: { destination: "file", logAppend: true, path: "/var/log/mongodb/mongod.log" } }
2020-04-17T04:56:00.666+0000 I STORAGE [initandlisten] exception in initAndListen: Location28596: Unable to determine status of lock file in the data directory /mnt/database/mongo: boost::filesystem::status: Permission denied: "/mnt/database/mongo/mongod.lock", terminating
Am I missing any steps with regards to permission.
System logs: /var/log/messages
systemd: Stopping MongoDB Database Server...
systemd: Starting MongoDB Database Server...
mongod: about to fork child process, waiting until server is ready for connections.
mongod: forked process: 17968
mongod: ERROR: child process failed, exited with error number 100
mongod: To see additional information in this output, start without the "--fork" option.
systemd: mongod.service: control process exited, code=exited status=100
systemd: Failed to start MongoDB Database Server.
systemd: Unit mongod.service entered failed state.
systemd: mongod.service failed.
Directory permissions:
/mnt :
drwxr-xr-x. 6 mongod mongod mnt
/mnt/database:
drwxrwxrwx. 3 mongod mongod database
/mnt/database/mongo:
drwxrwxrwx. 4 mongod mongod mongo
Files under /mnt/database/mongo:
-rwxrwxrwx. 1 mongod mongod 20480 collection-0-1788044936069962496.wt
-rwxrwxrwx. 1 mongod mongod 36864 collection-2-1788044936069962496.wt
-rwxrwxrwx. 1 mongod mongod 4096 collection-4-1788044936069962496.wt
drwxrwxrwx. 2 mongod mongod 90 diagnostic.data
-rwxrwxrwx. 1 mongod mongod 20480 index-1-1788044936069962496.wt
-rwxrwxrwx. 1 mongod mongod 36864 index-3-1788044936069962496.wt
-rwxrwxrwx. 1 mongod mongod 4096 index-5-1788044936069962496.wt
-rwxrwxrwx. 1 mongod mongod 12288 index-6-1788044936069962496.wt
drwxrwxrwx. 2 mongod mongod 110 journal
-rwxrwxrwx. 1 mongod mongod 20480 _mdb_catalog.wt
-rwxrwxrwx. 1 mongod mongod 36864 sizeStorer.wt
-rwxrwxrwx. 1 mongod mongod 114 storage.bson
-rwxrwxrwx. 1 mongod mongod 47 WiredTiger
-rwxrwxrwx. 1 mongod mongod 4096 WiredTigerLAS.wt
-rwxrwxrwx. 1 mongod mongod 21 WiredTiger.lock
-rwxrwxrwx. 1 mongod mongod 1185 WiredTiger.turtle
-rwxrwxrwx. 1 mongod mongod 61440 WiredTiger.wt
The security context of mongodb directoreies:
ls -Z /mnt/database
drwxrwxrwx. mongod mongod unconfined_u:object_r:mnt_t:s0 mongo

Resolved the issue executing chcon -R --reference=/var/lib/mongo /mnt/database/mongo

GCE "create-with-container --container-mount-disk" flag mounts disk as read-only

I am trying to use a Percona Docker image for MongoDB on GCE, however I'm running into an issue with Mongo saying the mounted path is read-only. I looked around as much as I could, but im stumped at what could be the issue.
gcloud compute instances create-with-container mongo-svr \
--create-disk name=disk-1,size=1GB \
--container-mount-disk mount-path="/data/mongodb",mode=rw \
--container-image=docker.io/percona/percona-server-mongodb:4.2
I used the above command and it creates my instance. I then SSH into the server, connect to the running mongo instance to shutdown, then I run: docker exec -it [NAME] mongod --configsvr --replSet rs0 --dbpath=/data/mongodb --bind_ip localhost
This spits out an error stating:
CONTROL [initandlisten] options: { net: { bindIp: "localhost" }, replication: { replSet: "rs0" }, sharding: { clusterRole: "configsvr" }, storage: { dbPath: "/data/mongodb" } }
STORAGE [initandlisten] exception in initAndListen: IllegalOperation: Attempted to create a lock file on a read-only directory: /data/mongodb, terminating
At this point, I've been recreating instances with different params, but nothing has worked so far. Anyone have an idea what I'm missing?
Updated with command output
gcloud compute instances create-with-container mongo-config-f --zone us-central1-f --create-disk name=disk-1,size=1GB --container-mount-disk mount-path="/data/mongodb" --container-image=docker.io/percona/percona-server-mongodb:4.2 --machine-type=f1-micro
WARNING: Default device-name for disk name [disk-1] will be [disk-1] because it is being mounted to a container with [`--container-mount-disk`]
Created [https://www.googleapis.com/compute/v1/projects/[PROJECT_NAME]/zones/us-central1-f/instances/mongo-config-f].
NAME ZONE MACHINE_TYPE PREEMPTIBLE INTERNAL_IP EXTERNAL_IP STATUS
mongo-config-f us-central1-f f1-micro xx.xx.xx.xx xx.xx.xx.xx RUNNING

I've tried to replicate your issue on my test project and found that:
persistent disk was created and mounted in read-write mode as expected;
bash-4.2$ mount
...
/dev/sdb on /data/mongodb type ext4 (rw,relatime)
docker runs containers inside our VM properly;
the cause of the error while running docker exec -it [NAME] mongod --configsvr --replSet rs0 --dbpath=/data/mongodb --bind_ip localhost is permissions inside mongodb container:
bash-4.2$ ls -l /data/
...
drwxr-xr-x 3 root root 4096 Feb 19 15:33 mongodb
As a workaround commands could be executed with root permissions:
$ docker exec -it --user root klt-mongo-svr-upd-wowt mongod --configsvr --replSet rs0 --db path=/data/mongodb
Please find more details and my steps below:
create VM:
$ gcloud compute instances create-with-container mongo-svr \
--create-disk name=disk-1,size=1GB \
--container-image docker.io/percona/percona-server-mongodb:4.2 \
--container-mount-disk mount-path="/data/mongodb"
WARNING: Default device-name for disk name [disk-1] will be [disk-1] because it is being mounted to a container with [`--container-mount-disk`]
Created [https://www.googleapis.com/compute/v1/projects/test-prj/zones/europe-west3-a/instances/mongo-svr].
NAME ZONE MACHINE_TYPE PREEMPTIBLE INTERNAL_IP EXTERNAL_IP STATUS
mongo-svr-upd europe-west3-a n1-standard-1 10.156.0.9 35.XXX.155.XXX RUNNING
SSH to instance;
check if container is running:
$ docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
dfad9c10235d percona/percona-server-mongodb:4.2 "/entrypoint.sh mong…" About a minute ago Up About a minute klt-mongo-svr-upd-wowt
bbe02c8e8621 gcr.io/stackdriver-agents/stackdriver-logging-agent:0.2-1.5.33-1-1 "/entrypoint.sh /usr…" About a minute ago Up About a minute stackdriver-logging-agent
everything looks good at this point;
try to run command as user:
$ docker exec -it klt-mongo-svr-upd-wowt mongod --configsvr --replSet rs0 --dbpath=/data/mongodb --bind_ip localhost
and observe the same error:
2020-02-19T15:37:53.176+0000 I STORAGE [initandlisten] exception in initAndListen: IllegalOperation: Attempted to create a lock file on a read-only directory: /data/mongodb, terminating
here key read-only directory: /data/mongodb;
check mounts and permissions inside of the container:
$ docker exec -it klt-mongo-svr-upd-wowt /bin/bash
bash-4.2$ mount
...
/dev/sdb on /data/mongodb type ext4 (rw,relatime)
...
as we expected disk was created and mounted in read-write mode to the container
bash-4.2$ ls -l /data/
total 8
drwxr-xr-x 4 mongodb root 4096 Feb 19 15:36 db
drwxr-xr-x 3 root root 4096 Feb 19 15:33 mongodb
bash-4.2$
but to work with /data/mongodb you need root permissions;
try to run command as root:
$ docker exec -it --user root klt-mongo-svr-upd-wowt mongod --configsvr --replSet rs0 --dbpath=/data/mongodb
2020-02-19T15:45:24.970+0000 I CONTROL [main] Automatically disabling TLS 1.0, to force-enable TLS 1.0 specify --sslDisabledProtocols 'none'
2020-02-19T15:45:24.973+0000 I CONTROL [initandlisten] MongoDB starting : pid=119 port=27019 dbpath=/data/mongodb 64-bit host=mongo-svr-upd
2020-02-19T15:45:24.974+0000 I CONTROL [initandlisten] db version v4.2.2-3
2020-02-19T15:45:24.974+0000 I CONTROL [initandlisten] git version: 2cdb6e50913583f627acc5de35dc4e04dbfe196f
2020-02-19T15:45:24.974+0000 I CONTROL [initandlisten] OpenSSL version: OpenSSL 1.0.2k-fips 26 Jan 2017
2020-02-19T15:45:24.974+0000 I CONTROL [initandlisten] allocator: tcmalloc
2020-02-19T15:45:24.974+0000 I CONTROL [initandlisten] modules: none
2020-02-19T15:45:24.974+0000 I CONTROL [initandlisten] build environment:
2020-02-19T15:45:24.975+0000 I CONTROL [initandlisten] distarch: x86_64
2020-02-19T15:45:24.975+0000 I CONTROL [initandlisten] target_arch: x86_64
2020-02-19T15:45:24.975+0000 I CONTROL [initandlisten] options: { replication: { replSet: "rs0" }, sharding: { clusterRole: "configsvr" }, storage: { dbPath: "/data/mongodb" } }
2020-02-19T15:45:24.976+0000 I STORAGE [initandlisten] Detected data files in /data/mongodb created by the 'wiredTiger' storage engine, so setting the active storage engine to 'wiredTiger'.
...
and it's working with root permissions.

Mongodb not starting as normal user

My MongoDB server is not starting on command mongod
Typing sudo service mongodb status yeilds
mongodb.service - High-performance, schema-free document-oriented database
Loaded: loaded (/etc/systemd/system/mongodb.service; enabled; vendor preset: enabled)
Active: failed (Result: exit-code) since Tue 2017-11-28 20:08:25 IST; 2s ago
Process: ExecStart=/usr/bin/mongod --config /etc/mongod.conf (code=exited, status=1/FAILURE)
Main PID: 29675 (code=exited, status=1/FAILURE)
System service:
#/etc/systemd/system/mongodb.service
[Unit]
Description=High-performance, schema-free document-oriented database
After=network.target
[Service]
User=mongodb
Group=mongodb
ExecStart=/usr/bin/mongod --config /etc/mongod.conf
[Install]
WantedBy=multi-user.target
mongod conf:
#/etc/mongod.conf
storage:
dbPath: /var/lib/mongodb
journal:
enabled: true
systemLog:
destination: file
logAppend: true
path: /var/log/mongodb/mongod.log
However if i am running sudo -u mongodb mongod --config /etc/mongod.conf it runs.
Also if I run sudo mongod the server tries to start but the storage path is /data/db/ which I haven't created.
mongod --config /etc/mongod.conf gives the below error
[main] Failed global initialization: FileNotOpen: Failed to open "/var/log/mongodb/mongod.log"
I had run chown -R mongodb:mongodb /var/lib/mongodb
Permissions:
-rw-r--r-- 1 mongodb mongodb 4096 Nov 28 20:19 /var/log/mongodb/mongod.log
drwxr-xr-x 4 mongodb mongodb 20480 Nov 28 21:32 /var/lib/mongodb
Now whenever I need MongoDB server I have to run it with sudo mongod --dbpath /var/lib/mongodb/
It seems like a permission issue for me. But I cannot figure how to fix this out?