Permissions are reset after config write
defcon84 opened this issue · comments
Every time Redis saves the config to disk, it resets the permissions of the file.
Initial situation:
root@dckr03:/srv/docker/redis7# ls -l
-rwxrwxrwx 1 lxd docker 286 Feb 22 13:07 redis-server-1.conf
Then whenever I get a CONFIG REWRITE executed with success
in the logs, it saves a new config file (via a temp file).
root@dckr03:/srv/docker/redis7# ls -l
-rw------- 1 lxd docker 258 Feb 22 13:10 redis-server-1.conf
Same happens for the sentinel configs.
It does not happen with redis:4.
Any idea on how to keep the same permissions on the files?
docker-compose config:
redis7-server-1:
container_name: "redis7-server-1"
image: redis:7.0.8
ports:
- 7379:7379
volumes:
- /srv/docker/redis7:/usr/local/etc/redis
command: redis-server /usr/local/etc/redis/redis-server-1.conf
restart: unless-stopped
redis server config:
bind 0.0.0.0
port 7379
protected-mode no
loglevel notice
syslog-enabled yes
# Generated by CONFIG REWRITE
dir "/data"
save 3600 1
save 300 100
save 60 10000
latency-tracking-info-percentiles 50 99 99.9
user default on nopass sanitize-payload ~* &* +@all
replicaof 192.168.5.42 7379
This is probably due to the umask
we set in our entrypoint:
If you don't want this behavior, you should be able to bypass our entrypoint and run as non-root / modify permissions directly yourself (since it doesn't handle much more than that). 👍
Ok I have created this file:
#!/bin/sh
set -e
# first arg is `-f` or `--some-option`
# or first arg is `something.conf`
if [ "${1#-}" != "$1" ] || [ "${1%.conf}" != "$1" ]; then
set -- redis-server "$@"
fi
# allow the container to be started with `--user`
if [ "$1" = 'redis-server' -a "$(id -u)" = '0' ]; then
find . \! -user redis -exec chown redis '{}' +
exec gosu redis "$0" "$@"
fi
exec "$@"
I have tried to override the entrypoint with:
entrypoint: /usr/local/etc/redis/docker-entrypoint.sh
But get the exception:
exec /usr/local/etc/redis/docker-entrypoint.sh: no such file or directory
I've also tried to add the file as a volume:
- /srv/docker/redis7/docker-entrypoint.sh:/usr/local/bin/docker-entrypoint.sh:ro
Then I get this:
exec /usr/local/bin/docker-entrypoint.sh: no such file or directory
What am I doing wrong?
Your local file probably needs to be executable (chmod +x
).
(For further help debugging your deployment, I'd suggest a dedicated support forum, such as the Docker Community Slack, Server Fault, Unix & Linux, or Stack Overflow. 🙇)