harbor
harbor copied to clipboard
Published
20 hours ago •
goharbor
goharbor
Harbor db image throws ./docker-entrypoint.sh: line 4: //initdb.sh: Permission denied errors after local build.
After an install according to the docs, I didn't manage to setup harbor locally beacuse the db didn't start.
Problem description
The logs showed that the entrypoint gets permission denied when it calls the initdb.sh
docker logs harbor-db
./docker-entrypoint.sh: line 4: //initdb.sh: Permission denied
./docker-entrypoint.sh: line 4: //initdb.sh: Permission denied
./docker-entrypoint.sh: line 4: //initdb.sh: Permission denied
...
Reproduce the problem
I built the the db as BULDTARGET, switched the entrypoint to a sleep and indeed initdb.sh is mounted as root not the postgres user.
make build BUILDTARGET=_build_db
...
Execing into the image:
docker exec -it harbor-db sh
sh-5.2$ ls -la
total 80
drwxr-xr-x 1 root root 4096 Oct 6 16:33 .
drwxr-xr-x 1 root root 4096 Oct 6 16:33 ..
-rwxr-xr-x 1 root root 0 Oct 6 16:33 .dockerenv
lrwxrwxrwx 1 root root 7 Sep 5 22:38 bin -> usr/bin
drwxr-xr-x 1 root root 4096 Oct 4 07:54 boot
drwxr-xr-x 5 root root 340 Oct 6 16:33 dev
drwxr-xr-x 1 postgres postgres 4096 Oct 4 07:54 docker-entrypoint-initdb.d
-rwxrw---- 1 postgres postgres 3297 Oct 2 21:50 docker-entrypoint.sh
-rwxrw---- 1 postgres postgres 439 Oct 2 21:50 docker-healthcheck.sh
drwxr-xr-x 1 root root 4096 Oct 6 16:33 etc
drwxr-xr-x 1 root root 4096 Oct 4 07:53 home
-rwxrwx--- 1 root root 4263 Oct 2 21:50 initdb.sh
lrwxrwxrwx 1 root root 7 Sep 5 22:38 lib -> usr/lib
lrwxrwxrwx 1 root root 7 Sep 5 22:38 lib64 -> usr/lib
lrwxrwxrwx 1 root root 9 Sep 5 22:38 media -> run/media
drwxr-xr-x 4 root root 4096 Sep 13 06:38 mnt
dr-xr-xr-x 499 root root 0 Oct 6 16:33 proc
drwxr-x--- 1 root root 4096 Oct 4 07:54 root
drwxr-xr-x 1 root root 4096 Oct 4 07:54 run
lrwxrwxrwx 1 root root 8 Sep 5 22:38 sbin -> usr/sbin
lrwxrwxrwx 1 root root 7 Sep 5 22:38 srv -> var/srv
dr-xr-xr-x 13 root root 0 Oct 6 16:33 sys
drwxrwxrwt 2 root root 4096 Sep 5 22:38 tmp
-rwxrwx--- 1 root root 1184 Oct 2 21:50 upgrade.sh
drwxr-xr-x 1 root root 4096 Oct 4 07:54 usr
drwxr-xr-x 1 root root 4096 Sep 13 06:38 var
The problem is that this script is not added to the chown-ed one in the Dockerfile.
I am curious how this didn't come up for others. I checked and the official image doesn't have this problem because initdb has execute permissions.
docker exec -it harbor-db sh
sh-5.0$ ls -lah
total 68K
drwxr-xr-x 1 root root 4.0K Oct 7 07:22 .
drwxr-xr-x 1 root root 4.0K Oct 7 07:22 ..
-rwxr-xr-x 1 root root 0 Oct 7 07:22 .dockerenv
lrwxrwxrwx 1 root root 7 Feb 24 2021 bin -> usr/bin
drwxr-xr-x 1 root root 4.0K Oct 10 2022 boot
drwxr-xr-x 5 root root 340 Oct 7 07:22 dev
drwxr-xr-x 1 postgres postgres 4.0K Oct 10 2022 docker-entrypoint-initdb.d
-rwxr--r-- 1 postgres postgres 2.5K Oct 10 2022 docker-entrypoint.sh
-rwxr--r-- 1 postgres postgres 439 Oct 10 2022 docker-healthcheck.sh
drwxr-xr-x 1 root root 4.0K Oct 7 07:22 etc
drwxr-xr-x 1 root root 4.0K Oct 10 2022 home
-rwxr-xr-x 1 root root 4.2K Oct 10 2022 initdb.sh
lrwxrwxrwx 1 root root 7 Feb 24 2021 lib -> usr/lib
lrwxrwxrwx 1 root root 7 Feb 24 2021 lib64 -> usr/lib
lrwxrwxrwx 1 root root 9 Feb 24 2021 media -> run/media
drwxr-xr-x 4 root root 4.0K Sep 30 2022 mnt
dr-xr-xr-x 516 root root 0 Oct 7 07:22 proc
drwxr-x--- 2 root root 4.0K Feb 24 2021 root
drwxr-xr-x 1 root root 4.0K Oct 10 2022 run
lrwxrwxrwx 1 root root 8 Feb 24 2021 sbin -> usr/sbin
lrwxrwxrwx 1 root root 7 Feb 24 2021 srv -> var/srv
dr-xr-xr-x 13 root root 0 Oct 7 07:22 sys
drwxrwxrwt 2 root root 4.0K Feb 24 2021 tmp
-rwxr-xr-x 1 root root 1.2K Oct 10 2022 upgrade.sh
drwxr-xr-x 1 root root 4.0K Oct 10 2022 usr
drwxr-xr-x 1 root root 4.0K Sep 30 2022 var
Same is true for upgrade.sh
I have a fairly old compose version:
- Docker version 27.1.1, build 6312585
- Docker Compose version v2.21.0
- Harbor 2.11
