Description
I'm attempting to run the latest 9.6 container (have also tried the alpine container with the same result) with a non-default user. The data files are all created correctly by initdb, but the server itself never starts due to permission problems on /var/run/postgresql
.
Using the following command to start the container:
sudo docker run --name app-pg -e POSTGRES_PASSWORD=<secret> \
-e POSTGRES_DB=postgres -e PGDATA=/var/lib/postgresql/data/pgdata \
--user "$(id -u appuser):$(id -g appuser)" \
-v /volume1/docker/volumes/app_data/pgdata:/var/lib/postgresql/data/pgdata \
-v /etc/passwd:/etc/passwd:ro -d\
postgres:9.6
The following output is generated:
The files belonging to this database system will be owned by user "appuser".
This user must also own the server process.
The database cluster will be initialized with locale "en_US.utf8".
The default database encoding has accordingly been set to "UTF8".
The default text search configuration will be set to "english".
Data page checksums are disabled.
fixing permissions on existing directory /var/lib/postgresql/data/pgdata ... ok
creating subdirectories ... ok
selecting default max_connections ... 100
selecting default shared_buffers ... 128MB
selecting dynamic shared memory implementation ... posix
creating configuration files ... ok
running bootstrap script ... ok
performing post-bootstrap initialization ... ok
syncing data to disk ... ok
Success. You can now start the database server using:
pg_ctl -D /var/lib/postgresql/data/pgdata -l logfile start
WARNING: enabling "trust" authentication for local connections
You can change this by editing pg_hba.conf or using the option -A, or
--auth-local and --auth-host, the next time you run initdb.
waiting for server to start....FATAL: could not create lock file "/var/run/postgresql/.s.PGSQL.5432.lock": Permission denied
LOG: database system is shut down
stopped waiting
pg_ctl: could not start server
It would seem that while the data piece of allowing arbitrary users is working, the section of the Dockerfile at https://github.com/docker-library/postgres/blob/master/9.6/Dockerfile#L57 still requires postgres
user or group, which cannot be assumed to exist on the host. Possible solution would be to make the directory world accessible, but I'm admittedly not positive what the security ramifications of doing so would be (though I suspect it's minimal given this is all inside the container)
Or...I could just be doing something wrong. Any suggestions?