-
Notifications
You must be signed in to change notification settings - Fork 2.3k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Extra groups with docker #2920
Comments
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
I use multi-group membership to grant access to SSL certificates and keys so I don't have to have multiple copies of these files floating throughout the system. In mosquitto, I use the
user
configuration option to make this work. My password file includesthe primary group being 120 which is here:
Note that there is a second group named
ssl-cert
and mosquitto (and some other stuff) has access to that. The reason for that is to grant them access to the private key to unlock the certificate.This works great, I think because of this code:
mosquitto/src/mosquitto.c
Line 114 in 15292b2
This breaks when I run mosquitto from docker and I'm not quite sure why. When I run mosquitto I make sure the container has the same password and group file by mapping them to the host:
When the server runs, the primary group is correct. An easy way to confirm that is to delete the log file and let it recreate it. It does so, with the correct user and group id. But mosquitto running inside the container gets permission denied trying to access /etc/ssl/private/whatever.key even though that directory and that file have g+x and g+r permission respectively.
Maybe this is more of a docker question than a mosquitto question but this technique I have outlined seems to work fine for influxdb, grafana, and postgres - but not mosquitto. Does anybody have any thoughts as to why?
The text was updated successfully, but these errors were encountered: