You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
I use multi-group membership to grant access to SSL certificates and keys so I don't have to have multiple copies of these files floating throughout the system. In mosquitto, I use the user configuration option to make this work. My password file includes
Note that there is a second group named ssl-cert and mosquitto (and some other stuff) has access to that. The reason for that is to grant them access to the private key to unlock the certificate.
This breaks when I run mosquitto from docker and I'm not quite sure why. When I run mosquitto I make sure the container has the same password and group file by mapping them to the host:
When the server runs, the primary group is correct. An easy way to confirm that is to delete the log file and let it recreate it. It does so, with the correct user and group id. But mosquitto running inside the container gets permission denied trying to access /etc/ssl/private/whatever.key even though that directory and that file have g+x and g+r permission respectively.
Maybe this is more of a docker question than a mosquitto question but this technique I have outlined seems to work fine for influxdb, grafana, and postgres - but not mosquitto. Does anybody have any thoughts as to why?
The text was updated successfully, but these errors were encountered:
I use multi-group membership to grant access to SSL certificates and keys so I don't have to have multiple copies of these files floating throughout the system. In mosquitto, I use the
user
configuration option to make this work. My password file includesthe primary group being 120 which is here:
Note that there is a second group named
ssl-cert
and mosquitto (and some other stuff) has access to that. The reason for that is to grant them access to the private key to unlock the certificate.This works great, I think because of this code:
mosquitto/src/mosquitto.c
Line 114 in 15292b2
This breaks when I run mosquitto from docker and I'm not quite sure why. When I run mosquitto I make sure the container has the same password and group file by mapping them to the host:
When the server runs, the primary group is correct. An easy way to confirm that is to delete the log file and let it recreate it. It does so, with the correct user and group id. But mosquitto running inside the container gets permission denied trying to access /etc/ssl/private/whatever.key even though that directory and that file have g+x and g+r permission respectively.
Maybe this is more of a docker question than a mosquitto question but this technique I have outlined seems to work fine for influxdb, grafana, and postgres - but not mosquitto. Does anybody have any thoughts as to why?
The text was updated successfully, but these errors were encountered: