docker-adminer icon indicating copy to clipboard operation
docker-adminer copied to clipboard

Published 20 hours ago verified publisher icon TimWolla

Container fails to start

Open JaneX8 opened this issue 2 years ago • 10 comments 

docker logs adminer
ln: failed to create symbolic link './adminer.css': Permission denied

JaneX8 avatar Jan 09 '23 16:01 JaneX8

How are you starting the container?

TimWolla avatar Jan 09 '23 17:01 TimWolla

Using docker-compose. Below config has always worked so far and isn't changed recently.

    adminer:
        image: adminer
        user: "adminer:adminer"
        container_name: adminer
        restart: on-failure:5
        deploy:
          resources:
            limits:
              cpus: '.20'
              memory: 32M
              pids: 5
        expose:
            - "8080/tcp"
        environment:
            ADMINER_DEFAULT_SERVER: xxxx
            ADMINER_DESIGN: "pepa-linha"
            ADMINER_PLUGINS: "login-totp"
        networks:
            caddy:
            mysql:
                ipv4_address: xxxx
        depends_on: ["caddy", "mysql"]
        privileged: false
        volumes:
            - "/var/docker/volumes/adminer/plugins/login-totp.php:/var/www/html/plugins/login-totp.php:ro"
            - "/var/docker/volumes/adminer/plugins-enabled:/var/www/html/plugins-enabled:rw"
        security_opt:
            - "no-new-privileges"
        cap_drop: ['ALL']
        healthcheck:
            test: ["CMD-SHELL", "netstat -ltn | grep -c ':8080' > /dev/null || exit 1"]
            interval: 30s
            timeout: 10s
            retries: 3
            start_period: 40s

JaneX8 avatar Jan 10 '23 13:01 JaneX8

I'm unable to reproduce the issue with a stripped down version of your configuration:

    adminer:
        image: adminer
        user: "adminer:adminer"
        container_name: adminer
        restart: on-failure:5
        expose:
            - "8080/tcp"
        environment:
            ADMINER_DEFAULT_SERVER: xxxx
            ADMINER_DESIGN: "pepa-linha"
        privileged: false
        security_opt:
            - "no-new-privileges"
        cap_drop: ['ALL']

$ docker-compose up
Recreating adminer ... done
Attaching to adminer
adminer    | [Tue Jan 10 21:27:12 2023] PHP 7.4.33 Development Server (http://[::]:8080) started
^CGracefully stopping... (press Ctrl+C again to force)

I'm also not seeing an obvious issue with your volumes, which I suspected, because #129 needed to change the underlying UIDs, as the one used by the previous Alpine version was taken in Debian.

Please check whether all the files are readable to the adminer user which has UID 999 in the current version.

TimWolla avatar Jan 10 '23 21:01 TimWolla

My volumes are using a custom user and group, not UID 999. But named adminer too. Unique as for all my docker containers. I will test it more when I have time. Deleting the container and recreating entirely didn't fix my problem.

JaneX8 avatar Jan 11 '23 09:01 JaneX8

My volumes are using a custom user and group, not UID 999. But named adminer too.

Names are irrelevant, permissions are only based on the UID. The name can differ depending on the contents of /etc/passwd (which might and likely will be different across host and container).

TimWolla avatar Jan 11 '23 10:01 TimWolla

I temporarily fixed it by changing in my docker-compose file to user: "999:999". However I wonder what changed because I have special users setup already with other UIDs for every container and this used to work before. Is 999 something new in de Adminer Docker container?

JaneX8 avatar Jan 11 '23 13:01 JaneX8

Using docker-compose. Below config has always worked so far and isn't changed recently.

    adminer:
        image: adminer
        user: "adminer:adminer"
        container_name: adminer
        restart: on-failure:5
        deploy:
          resources:
            limits:
              cpus: '.20'
              memory: 32M
              pids: 5
        expose:
            - "8080/tcp"
        environment:
            ADMINER_DEFAULT_SERVER: xxxx
            ADMINER_DESIGN: "pepa-linha"
            ADMINER_PLUGINS: "login-totp"
        networks:
            caddy:
            mysql:
                ipv4_address: xxxx
        depends_on: ["caddy", "mysql"]
        privileged: false
        volumes:
            - "/var/docker/volumes/adminer/plugins/login-totp.php:/var/www/html/plugins/login-totp.php:ro"
            - "/var/docker/volumes/adminer/plugins-enabled:/var/www/html/plugins-enabled:rw"
        security_opt:
            - "no-new-privileges"
        cap_drop: ['ALL']
        healthcheck:
            test: ["CMD-SHELL", "netstat -ltn | grep -c ':8080' > /dev/null || exit 1"]
            interval: 30s
            timeout: 10s
            retries: 3
            start_period: 40s

Hi , did you used nginx for this? if yes, mind to share your nginx con.f file?

alvinlys avatar May 26 '23 11:05 alvinlys

Hi Alvin, I'm not sure what your question is. But if you meant how I got Adminet behind a reverse proxy then check out https://caddyserver.com/v2.

JaneX8 avatar Aug 25 '23 16:08 JaneX8

When setting ADMINER_DESIGN in my compose file, I get the following and container keeps restarting: ln: failed to create symbolic link './adminer.css': Permission denied

And when not set: touch: cannot touch '.adminer-init': Permission denied But container starts.

I think what caused it was sometime ago I accidentally did: sudo chown -R root:root /var/lib/docker/, which messed up permissions for every container. But restarting all containers using down and up fixed other containers including postgres.

Any idea how to fix this?

MustagheesButt avatar Jul 18 '24 03:07 MustagheesButt