.erlang.cookie must be accessible by owner only

[protossyk]

Hallo:
i run rabbitmq container with a mount.cifs mounted volume.

docker run -d --restart always --name rabbitmqmanagement2 --hostname dfherabbitmq2 -p 8888:15672 -e RABBITMQ_DEFAULT_USER=admin -e RABBITMQ_DEFAULT_PASS=admin -v /var/rabbitmqdatavol2:/var/lib/rabbitmq rabbitmq:3-management

it shows me the error log:
"Cookie file /var/lib/rabbitmq/.erlang.cookie must be accessible by owner only" ...and more
when i run the container with local disk, it goes work successful. i found the .erlong.cookie file permission mask could not be 400, when i use mount.cifs volume

[gulien]

Hi @protossyk

You should map the folder /var/lib/rabbitmq/mnesia instead of /var/lib/rabbitmq.
Don't know if it's the right solution, but it works.

[tianon]

Yeah, I suppose if a CIFS mount can't handle permission mask being 400 (which makes sense), then mounting the subdirectory instead seems like a fine workaround. If you want to ensure your erlang cookie is consistent between runs as well, you can use -e RABBITMQ_ERLANG_COOKIE=..., but that might not be necessary for your use case.

[alexsandro-xpt]

Why /var/lib/rabbitmq/mnesia instead of /var/lib/rabbitmq @gulien if here https://hub.docker.com/_/rabbitmq/ said /var/lib/rabbitmq a volume by default and by the way it's tell too database dir : /var/lib/rabbitmq/mnesia/rabbit@my-rabbi

[gulien]

@alexsandro-xpt If you're using a named volume, you should indeed map /var/lib/rabbitmq. However, if you're mounting a host folder, you might encounter some permission issue with the erlang cookie, that's why I was suggesting to map /var/lib/rabbitmq/mnesia instead. See tianon answer for more details :)

[putz612]

I am getting this as well but I am not using any mapped drives.
docker run -d --hostname rabbitmq --name rabbitmq -p 5672:5672 -p 15672:15672 rabbitmq:3.7.2-management

H:>docker logs -f 68960b76314f
19:03:52.922 [error] Failed to change mode: eperm
19:04:02.860 [error] Cookie file /var/lib/rabbitmq/.erlang.cookie must be accessible by owner only

H:>docker version
Client:
Version: 17.12.0-ce
API version: 1.35
Go version: go1.9.2
Git commit: c97c6d6
Built: Wed Dec 27 20:05:22 2017
OS/Arch: windows/amd64

Server:
Engine:
Version: 17.12.0-ce
API version: 1.35 (minimum version 1.24)
Go version: go1.9.2
Git commit: c97c6d6
Built: Wed Dec 27 20:15:52 2017
OS/Arch: windows/amd64
Experimental: true

[tianon]

This is an old issue that appears to be discussed sufficiently.

The newer resurgence of it looks like something weird going on with the particular system -- I'd suggest looking into why chown in a container on your system is giving eperm errors (since you appear to be using LCOW, that's probably the culprit -- see #257 and https://docs.microsoft.com/en-us/virtualization/windowscontainers/deploy-containers/linux-containers#known-app-issues).

[huiyonghkw]

Hi @protossyk

You should map the folder /var/lib/rabbitmq/mnesia instead of /var/lib/rabbitmq.
Don't know if it's the right solution, but it works.

work fine for me

[leonlee723]

if /var/lib/rabbitmq/mnesia instead of /var/lib/rabbitmq, then rabbitmq container can start, but rabbitmq can not save my config through web administator. For example you run the rabbitmq docker and add a new user, when your stop the container and run it again, the user don't been saved.

[fredgate]

The Helm chart mount the volume to /var/lib/rabbitmq
See https://github.com/helm/charts/blob/0219c128a8c1be5ea39842e40e69295664001efc/stable/rabbitmq-ha/templates/statefulset.yaml#L208
And with Azure files that set permission to something like 0777, the container can not start :-(

[aaronhadoop]

chmod 700 /var/lib/rabbitmq/.erlang.cookie

[sullrich84]

You should map the folder /var/lib/rabbitmq if you want your instance update safe.

[PululuK]

Hi @protossyk

You should map the folder /var/lib/rabbitmq/mnesia instead of /var/lib/rabbitmq.
Don't know if it's the right solution, but it works.

✌🏾