Marcin Nabiałek Marcin Nabiałek - 6 months ago 96
SQL Question

Fixing World-writable MySql error in Docker

I'm using docker-compose, for db I have such container defined:

db:
build: ../builds/mysql-5.7
environment:
- MYSQL_ROOT_PASSWORD=pass
- MYSQL_DATABASE=
- MYSQL_USER=
- MYSQL_PASSWORD=
expose:
- 3306
volumes:
- /c/Users/marcin/dock-test/composers/l1.app/mysql/data/:/var/lib/mysql/
- /c/Users/marcin/dock-test/composers/l1.app/mysql/conf.d/:/etc/mysql/conf.d/
- /c/Users/marcin/dock-test/composers/l1.app/mysql/log/:/var/log/mysql/


My Dockerfile for this image is:

# Base image
FROM mysql:5.7

# Set valid file permissions - otherwise MySql won't read those files

#COPY mysql-perm-fix.sh /etc/init.d/mysql-perm-fix.sh
#RUN chmod +x /etc/init.d/mysql-perm-fix.sh
#RUN update-rc.d mysql-perm-fix.sh defaults 100

#RUN mkdir /etc/mysql/conf.d/source
#RUN cp /etc/mysql/conf.d/source/my.cnf /etc/mysql/conf.d/my.cnf
#RUN chmod -R 644 /etc/mysql/conf.d


At the moment everything is commented except base MySql image.

The problem is, when I start my containers, my MySql cnf file won't be used by MySql because of this warning:


mysqld: [Warning] World-writable config file '/etc/mysql/conf.d/my.cnf' is ignored.


I'm using Windows as my host system. The problem is that Docker mounts diretory with full permissions and they couldn't be changed.

The question - how could it be solved? As you see in my Dockerfile I've tried a few solutions, but none of them works for me (but maybe I'm doing something wrong).

At the moment I think the most reasonable solution would be mounting MySql conf files not directly into
/etc/mysql/conf.d/
but into some other directory and copy those files to
/etc/mysql/conf.d/
directory before MySql starts and set them not 777 permissions. I've tried it, but in Dockerfile those files are not present yet so they cannot be copied.

Is there any easy solution to fix it? Or maybe some MySql settings could be changed to don't care about conf file permissions?

I also cannot simple use COPY inside Dockerfile to copy Mysql config files (instead of using volumes) because I want to use those images by multiple sites and each of them might have different configuration.

Answer

It seems solution for having files with not full permissions when using Windows host is sharing files with "intermediate directory" and then copy those files into desired directory in Docker container.

In above case (MySQL container) it could be done like this (you can use this method also in other cases)

Dockerfile:

# Base image
FROM mysql:5.7

# Copy starting scripts file
COPY start.sh /root/start.sh

# Run necessary services
CMD ["/bin/bash", "/root/start.sh"]

docker-compose.yml (showed only db container)

db:
  build: ../builds/mysql-5.7
  environment:
     - MYSQL_ROOT_PASSWORD=pass
     - MYSQL_DATABASE=
     - MYSQL_USER=
     - MYSQL_PASSWORD=
  expose:
     - 3306
  volumes:
    - /c/Users/marcin/dock-test/composers/l1.app/mysql/data/:/var/lib/mysql/
    - /c/Users/marcin/dock-test/composers/l1.app/mysql/conf.d/:/etc/mysql/conf.d/source
    - /c/Users/marcin/dock-test/composers/l1.app/mysql/log/:/var/log/mysql/

Plese notice that above we mount conf.d directory to /etc/mysql/conf.d/source directory and not to /etc/mysql/conf.d/ directory (so MySql won't load this file for now).

start.sh

#!/bin/sh

cp /etc/mysql/conf.d/source/* /etc/mysql/conf.d/

/entrypoint.sh mysqld

Above we copy now all files from conf.d/source directly into conf.d - those files are not shared with Windows host so they will be created with Linux permissions (in my case leaving defaults - without using chmod is fine).

To verify whether custom mysql configuration values are loaded now I run:

mysql -u root -p

and type my password.

When I type SHOW VARIABLES; I will see some settings from my.cnf that previously (without putting this file had different values), so it's working as expected.

Of course drawback of this solution is that those files won't be really shared so in case those files would be changed in Docker machine, they won't be updated in Windows host, but in above case when we want to use custom config files it doesn't make any difference and solve the issue.

Comments