mssql-docker
mssql-docker copied to clipboard
microsoft
SQL Server 2019 will run as non-root by default
Hi, I run a container on a win 10 docker desktop in linux mode as follows
docker run --name 'sql19' -e 'ACCEPT_EULA=Y' -e MSSQL_SA_PASSWORD=$PASSWORD -p 1433:1433 -v sqldata1:/var/opt/mssql -d mcr.microsoft.com/mssql/server:2019-latest
It creates the container but when I try to get the logs I see
SQL Server 2019 will run as non-root by default. This container is running as user mssql. Your master database file is owned by root. To learn more visit https://go.microsoft.com/fwlink/?linkid=2099216
So how I can access the logs or anything else, also, is it possible to run it as root as it was the case in sql 2017? Thanks
I don't recall the user number for mssql in the container, your containing storage needs that user number to have appropriate permissions... this means assigning +rw to files and +rwx to directories... that are owned by the user either via owner, group owner or all user permissions.
If you're okay setting all users to have FULL permissions....
sudo chmod -R a+rwX /path-to-sql-data/
Apologies, glossed over you using Docker on Windows... you should REALLY install WSL2 and use Docker that way (checkbox in docker desktop settings) if you haven't.
Volume mounts to windows/mac native OS are somewhat problematic (namely S-L-O-W). You should use either a WSL2 environment for launching/mounting or use a Volume Container inside Docker itself for this. I'm not sure if you CAN change the permissions like you are wanting from within a windows volume into Docker...
About the only think I'd ever mount from a Windows Desktop environment is a backup/restore directory... not the data itself.
tracker1, I am doing some quick tests and would like to be able to run a sql2k19 container as the case with sql2k17 where there is no such an issue. I have WSL2 installed but this is another learning curve for which I have no time. Anyway, I resolved the issue by using a flag --user root when I run the container which solved the issue and allowed me to do my POC. Anyway, any tutorial on using WSL2 in this scenario?
I don't recall the user number for mssql in the container, your containing storage needs that user number to have appropriate permissions... this means assigning +rw to files and +rwx to directories... that are owned by the user either via owner, group owner or all user permissions.
If you're okay setting all users to have FULL permissions....
sudo chmod -R a+rwX /path-to-sql-data/
what is the path-to-sql-data? where to find that?
@Aayush13013 You set it when you create the volume mount to /var/opt/mssql inside the container.
You can easily change the owner of all the files in your volume to mssql. This is a one time operation.
VOLUMENAME=sqldata1
docker run --rm --user root \
-v $VOLUMENAME:/data \
mcr.microsoft.com/mssql/server:2019-latest \
bash -c "chown -R mssql /data"
I'm encountering a challenge with deploying MS SQL Server within an OpenShift environment. The issue arises when attempting to run MS SQL as a non-root user, which is the default behavior expected by SQL Server 2022. Specifically, the container attempts to run under the user ID 1002710000, leading to permissions issues as detailed below:
SQL Server 2022 will run as non-root by default.
This container is running as user 1002710000.
To learn more visit https://go.microsoft.com/fwlink/?linkid=2099216.
/opt/mssql/bin/permissions_check.sh: line 59: /opt/mssql/bin/sqlservr: Operation not permitted
/opt/mssql/bin/permissions_check.sh: line 59: /opt/mssql/bin/sqlservr: Success
In an effort to address this, I explored the following configurations, but faced restrictions due to cluster security policies:
- Adjusting the fsGroup in the pod's security context:
spec:
template:
spec:
securityContext:
fsGroup: 1002710000
- Utilizing an initContainer to modify file permissions:
spec:
template:
spec:
initContainers:
- name: fix-permissions
image: busybox
command: ['sh', '-c', 'chown -R 1002710000:1002710000/var/opt/mssql && chmod -R 770 /var/opt/mssql']
volumeMounts:
- name: {{ .Chart.Name }}-storage
mountPath: /var/opt/mssql
At this juncture, I'm considering the creation of a custom Dockerfile tailored for OpenShift deployment or seeking an exemption from our ClusterAdmin, although the latter is unlikely to be approved.
I have attempted deployment with the following images, all of which resulted in the same permissions issue:
- mcr.microsoft.com/mssql/rhel/server:2022-latest
- mcr.microsoft.com/mssql/rhel/server:2019-latest
- mcr.microsoft.com/mssql/server:2019-latest
- mcr.microsoft.com/mssql/server:2022-latest
Is there an available MS SQL Server image that can be deployed without requiring elevated permissions or admin rights?
EDIT: I found a solution here: https://github.com/microsoft/mssql-docker/issues/769#issuecomment-1370324908. But to be clear, this means ms-sql images do need root access, as we can see. Not sure why they are every sold as "none root images".
