Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Docker: Running the zeebe container with the unprivileged user zeebe may fail due to lack of write permissions #11866

Closed
megglos opened this issue Mar 1, 2023 · 0 comments · Fixed by #11800
Closed

Docker: Running the zeebe container with the unprivileged user zeebe may fail due to lack of write permissions #11866

megglos opened this issue Mar 1, 2023 · 0 comments · Fixed by #11800
Assignees
@megglos
Labels
kind/bug Categorizes an issue or PR as a bug support Marks an issue as related to a customer support request

Comments

@megglos
Copy link
Contributor

megglos commented Mar 1, 2023
edited

Describe the bug

As of now the log and data folder ownership setup may not allow to run the zeebe container with the unprivileged user zeebe that is already setup in Dockerfile due to these directories being owned by the root user:

root@9f6bb138376a:/usr/local/zeebe# ls -al
...
drwxrwxr-x 3 root  root  4096 Feb 23 17:26 data
drwxr-xr-x 2 zeebe root 12288 Feb 23 07:59 lib
drwxr-xr-x 2 root  root  4096 Feb 23 17:26 logs

whether the issue occurs depends on whether these directories are mounted to volumes and how the permissions for these volumes are setup. This relates to this docker issue, which indicates that at best volumes folders should be pre-created with the desired ownership.

Depending on the setup the zeebe user may lack permission to e.g. write to the logs directory:

Unable to create file /usr/local/zeebe/logs/zeebe.log java.io.IOException: Could not create directory /usr/local/zeebe/logs

Relates to https://jira.camunda.com/browse/SUPPORT-15854
@megglos megglos added the kind/bug Categorizes an issue or PR as a bug label Mar 1, 2023
@megglos megglos self-assigned this Mar 1, 2023
This was referenced Mar 1, 2023
Merged
Merged
Merged
@megglos megglos added support Marks an issue as related to a customer support request backport stable/8.0 labels Mar 1, 2023
@megglos megglos closed this as completed Mar 1, 2023
@megglos megglos changed the title Running the zeebe container with the unprivileged user zeebe may fail due to lack of write permissions Docker: Running the zeebe container with the unprivileged user zeebe may fail due to lack of write permissions Mar 1, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@megglos megglos

Labels
kind/bug Categorizes an issue or PR as a bug support Marks an issue as related to a customer support request
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

fix(docker): data and logs mount for unprivileged user camunda/zeebe
1 participant
@megglos