From df2a0478d05348957d78f9d2fe8200e6392c1e4c Mon Sep 17 00:00:00 2001 From: Tim Neumann Date: Tue, 26 May 2015 22:18:56 +0200 Subject: [PATCH] add support for USERMAP_* env variables --- README.md | 20 ++++++++++++++++---- start | 15 +++++++++++++++ 2 files changed, 31 insertions(+), 4 deletions(-) diff --git a/README.md b/README.md index fe1a9ac..6be0ea5 100644 --- a/README.md +++ b/README.md @@ -8,11 +8,12 @@ - [Reporting Issues](#reporting-issues) - [Installation](#installation) - [Quick Start](#quick-start) -- [Creating User and Database at Launch](creating-user-and-database-at-launch) +- [Creating User and Database at Launch](#creating-user-and-database-at-launch) - [Configuration](#configuration) - [Data Store](#data-store) - [Shell Access](#shell-access) - [Upgrading](#upgrading) +- [Host UID / GID Mapping](#host-uid--gid-mapping) # Introduction @@ -78,11 +79,10 @@ Run the postgresql image docker run --name postgresql -d sameersbn/postgresql:9.4 ``` -The simplest way to login to the postgresql container as the administrative `postgres` user is to use the `--volumes-from` docker option to connect to the postgresql server over the unix socket. +The simplest way to login to the postgresql container as the administrative `postgres` user is to use the `docker exec` command to attach a new process to the running container and connect to the postgresql server over the unix socket. ```bash -docker run -it --rm --volumes-from=postgresql \ - sameersbn/postgresql:9.4 sudo -u postgres -H psql +docker exec -it postgresql sudo -u postgres psql ``` # Creating User and Database at Launch @@ -224,3 +224,15 @@ docker pull sameersbn/postgresql:9.4 ```bash docker run --name postgresql -d [OPTIONS] sameersbn/postgresql:9.4 ``` + +# Host UID / GID Mapping + +Per default the container is configured to run postgres as user and group `postgres` with some unknown `uid` and `gid`. The host possibly uses these ids for different purposes leading to unfavorable effects. From the host it appears as if the mounted data volumes are owned by the host's user/group `[whatever id postgres has in the image]`. + +Also the container processes seem to be executed as the host's user/group `[whatever id postgres has in the image]`. The container can be configured to map the `uid` and `gid` of `postgres` to different ids on host by passing the environment variables `USERMAP_UID` and `USERMAP_GID`. The following command maps the ids to user and group `postgres` on the host. + +```bash +docker run --name=postgresql -it --rm [options] \ + --env="USERMAP_UID=$(id -u postgres)" --env="USERMAP_GID=$(id -g postgres)" \ + sameersbn/postgresql:9.4 +``` diff --git a/start b/start index 9c403f6..98ba492 100755 --- a/start +++ b/start @@ -6,6 +6,18 @@ PG_CONFDIR="/etc/postgresql/${PG_VERSION}/main" PG_BINDIR="/usr/lib/postgresql/${PG_VERSION}/bin" PG_DATADIR="${PG_HOME}/${PG_VERSION}/main" +if [ -n "${USERMAP_UID}" ] || [ -n "${USERMAP_GID}" ]; then + if [ -n "${USERMAP_UID}" ] && [ -n "${USERMAP_GID}" ]; then + groupmod -g ${USERMAP_GID} postgres + usermod -u ${USERMAP_UID} -g ${USERMAP_GID} postgres + else + echo "" + echo "WARNING: " + echo " Please specify USERMAP_UID AND USERMAP_GID or neither. Not changing user id..." + echo "" + fi +fi + # set this env variable to true to enable a line in the # pg_hba.conf file to trust samenet. this can be used to connect # from other containers on the same host without authentication @@ -16,6 +28,9 @@ DB_USER=${DB_USER:-} DB_PASS=${DB_PASS:-} DB_UNACCENT=${DB_UNACCENT:false} +# fix ownership of ${PG_CONFDIR} (may be necessary if USERMAP_* was set) +chown -R postgres:postgres ${PG_CONFDIR} + # fix permissions and ownership of ${PG_HOME} mkdir -p -m 0700 ${PG_HOME} chown -R postgres:postgres ${PG_HOME}