Re: Problem related to volume creation to pgadmin 4 Docker image

Thu, 21 Oct 2021 11:51:32 -0700 

Hi Dave,

Which OS do you use? I'm using Ubuntu 18.

Nautilus is the file manager to Ubuntu.
I updated my image to dpage/pgadmin4:6.0 in order to avoid old versions. I add a new volume and I executed the chown command (i.e. sudo chown -R 5050:5050 <host_directory>).
I tried to add my user to 5050 group, but it did not work, because when pgadmin4 Docker container is executed, it allows just 5050 user to edit the folder and not other ones from the same group (i.e. *drwx------*).
*drwx------* is the default permission that pgadmin4 Docker container gives to volume it creates, in other words, just 5050 user can edit the volume data, not other ones, even if that user belongs to 5050 group. 

Thank you.

Best regards,
Rodrigo

On 21/10/2021 10:20, Dave Page wrote:
On Thu, Oct 21, 2021 at 1:33 PM Rodrigo Mariano <rodmarian...@gmail.com <mailto:rodmarian...@gmail.com>> wrote: 

    Hi Dave,

    /> I've never needed to do that with plain Docker or Kubernetes.
    I've never used Docker Compose though. /

    Have you ever tried to create a volume to
    //var/lib/pgadmin/storage/ folder using newer image versions and
    you were able to access it via host in the nautilus? Using plain
    Docker.
I have no idea what "the nautilus" is, but yes, I've mapped /var/lib/pgadmin to the host many times (including 30 seconds ago with 6.1), and it works fine. As long as appropriate permissions are set on the directory on the host, I can access it from there as well. 


    If you have, how could I do that?
As you suggested, you could add yourself to the 5050 group, and ensure the directory on the host is group readable. 


    I did not have this kind of issue with older versions of pgadmin4
    Docker image (e.g. /dpage/pgadmin4:4.15/), this issue has started
    with recent images that I need to change folder permission to
    5050:5050 (e.g. /dpage/pgadmin4:5.4/).
4.15 is very old. We've long since had additional checks in pgAdmin to ensure that we can successfully write to the storage directory, and to stop running the processes in the container as root that was a) quite dangerous and b) could allow it to override permissions on the host. In particular, you're probably hitting the issue mentioned in the callout box at the top of https://www.pgadmin.org/docs/pgadmin4/6.1/release_notes_4_16.html <https://www.pgadmin.org/docs/pgadmin4/6.1/release_notes_4_16.html> 


    Thank you.

    Best regards,
    Rodrigo


    On 21/10/2021 08:36, Dave Page wrote:



    On Thu, Oct 21, 2021 at 12:27 PM Rodrigo Mariano
    <rodmarian...@gmail.com <mailto:rodmarian...@gmail.com>> wrote:

        Hi Aditya,

        According to the documentation, I need to change user and
        group of my host folder to /5050:5050/ through /chown/.

        If my default user and group is /rodrigo:rodrigo/, how could
        my default user access a folder that belongs to another one
        (i.e. /5050:5050/)?

    The pgAdmin processes in the container run under uid 5050, gid 5050.


        As far as I know, I cannot access a folder that belongs to
        other user normally.

        Maybe should I add my default user (i.e. /rodrigo/) to
        pgadmin group (i.e. /5050/)?

    I've never needed to do that with plain Docker or Kubernetes.
    I've never used Docker Compose though.

        If I should, I believe this information could be written on
        the documentation.

        Thank you.

        Best regards,
        Rodrigo

        On 21/10/2021 02:06, Aditya Toshniwal wrote:

        Hi Rodrigo,

        pgAdmin just needs a readable and writable directory.
        pgAdmin cannot change any permission on its own. It might be
        some other ownership issue on your system then.

        On Wed, Oct 20, 2021 at 11:29 PM Rodrigo Mariano
        <rodmarian...@gmail.com <mailto:rodmarian...@gmail.com>> wrote:

            Hi Aditya,

            I did both.

            First, I changed the folder permissions to 5050:5050 and
            the Docker container worked, but I was not able to get
            into the folder; the folder is locked and I cannot
            access its subfolders, even through terminal. For example:

            After that, I tried using default permissions, however
            that error message appeared.

            Thank you.

            Best regards,
            Rodrigo

            On 20/10/2021 10:08, Aditya Toshniwal wrote:

            Hi Rodrigo,

            Did you run sudo chown -R 5050:5050 ./volumes/pgadmin4
            and sudo chown -R 5050:5050 ./volumes/pgadmin4_storage
            As per -
            
https://www.pgadmin.org/docs/pgadmin4/6.0/container_deployment.html#mapped-files-and-directories
            
<https://www.pgadmin.org/docs/pgadmin4/6.0/container_deployment.html#mapped-files-and-directories>
            ?


            On Wed, Oct 20, 2021 at 6:14 PM Rodrigo Mariano
            <rodmarian...@gmail.com
            <mailto:rodmarian...@gmail.com>> wrote:

                Hi Aditya,

                I tried to create the volume to sub directory as
                well (i.e.
                //var/lib/pgadmin/storage/postgres_localhost.com
                <http://postgres_localhost.com>/), but the same
                error message appears.

                I send below the traceback.

                Thank you for your help.

                Best regards,
                Rodrigo

                -

                Traceback (most recent call last):
                  File
                "/venv/lib/python3.8/site-packages/gunicorn/arbiter.py",
                line 589, in spawn_worker
                    worker.init_process()
                  File
                "/venv/lib/python3.8/site-packages/gunicorn/workers/gthread.py",
                line 92, in init_process
                    super().init_process()
                  File
                "/venv/lib/python3.8/site-packages/gunicorn/workers/base.py",
                line 134, in init_process
                    self.load_wsgi()
                  File
                "/venv/lib/python3.8/site-packages/gunicorn/workers/base.py",
                line 146, in load_wsgi
                    self.wsgi = self.app.wsgi()
                  File
                "/venv/lib/python3.8/site-packages/gunicorn/app/base.py",
                line 67, in wsgi
                    self.callable = self.load()
                  File
                "/venv/lib/python3.8/site-packages/gunicorn/app/wsgiapp.py",
                line 58, in load
                    return self.load_wsgiapp()
                  File
                "/venv/lib/python3.8/site-packages/gunicorn/app/wsgiapp.py",
                line 48, in load_wsgiapp
                    return util.import_app(self.app_uri)
                  File
                "/venv/lib/python3.8/site-packages/gunicorn/util.py",
                line 359, in import_app
                    mod = importlib.import_module(module)
                  File "/usr/lib/python3.8/importlib/__init__.py",
                line 127, in import_module
                    return _bootstrap._gcd_import(name[level:],
                package, level)
                  File "<frozen importlib._bootstrap>", line 1014,
                in _gcd_import
                  File "<frozen importlib._bootstrap>", line 991,
                in _find_and_load
                  File "<frozen importlib._bootstrap>", line 975,
                in _find_and_load_unlocked
                  File "<frozen importlib._bootstrap>", line 671,
                in _load_unlocked
                  File "<frozen importlib._bootstrap_external>",
                line 848, in exec_module
                  File "<frozen importlib._bootstrap>", line 219,
                in _call_with_frames_removed
                  File "/pgadmin4/run_pgadmin.py", line 4, in <module>
                    from pgAdmin4 import app
                  File "/pgadmin4/pgAdmin4.py", line 98, in <module>
                    app = create_app()
                  File "/pgadmin4/pgadmin/__init__.py", line 441,
                in create_app
                    paths.init_app(app)
                  File "/pgadmin4/pgadmin/utils/paths.py", line
                103, in init_app
                    raise InternalServerError(
                werkzeug.exceptions.InternalServerError: 500
                Internal Server Error: The user does not have
                permission to read and write to the specified
                storage directory.

                On 20/10/2021 09:08, Aditya Toshniwal wrote:

                Hi Rodrigo,

                /var/lib/pgadmin/storage is the base directory. A
                sub directory for each user will be created for
                storing user files.

                On Wed, Oct 20, 2021 at 5:10 PM Rodrigo Mariano
                <rodmarian...@gmail.com
                <mailto:rodmarian...@gmail.com>> wrote:

                    Hi,

                    I'm having a trouble related to pgadmin 4
                    Docker image
                    <https://hub.docker.com/r/dpage/pgadmin4>
                    <https://hub.docker.com/r/dpage/pgadmin4>.

                    I would like to create a volume to
                    //var/lib/pgadmin/storage/ folder, in order to
                    access backup files created by pgadmin 4
                    interface, however error messages about
                    permission denied are raised, for example:

                    werkzeug.exceptions.InternalServerError: 500
                    Internal Server Error: The user does not have
                    permission to read and write to the specified
                    storage directory.

                    Is there a way to create this volume?

                    I had to use a command to change user and
                    group of my volume to 5050:5050 (i.e. /sudo
                    chown -R 5050:5050 pgadmin4/), but now I'm not
                    able to get into the folder anymore, even when
                    I try creating a volume to
                    //var/lib/pgadmin/storage/ folder directly.

                    I send below my Docker compose file with
                    default values.

                    Thank you in advance.

                    Best regards,
                    Rodrigo

                    -

                    /docker-compose.yml/

                    version: '3'

                    services:
                      cdsr_postgis:
                        container_name: cdsr_postgis
                        image: kartoza/postgis:11.0-2.5
                        restart: on-failure
                        environment:
                          - POSTGRES_USER=postgres
                          - POSTGRES_PASS=postgres
                          - ALLOW_IP_RANGE=0.0.0.0/0
                    <http://0.0.0.0/0>
                          -
                    
POSTGRES_MULTIPLE_EXTENSIONS=postgis,hstore,postgis_topology,pgrouting
                        volumes:
                          - ./volumes/postgresql:/var/lib/postgresql
                        networks:
                          - cdsr
                        ports:
                          - 6000:5432

                      cdsr_pgadmin4:
                        container_name: cdsr_pgadmin4
                        image: dpage/pgadmin4:5.4
                        restart: on-failure
                        environment:
                          -
                    PGADMIN_DEFAULT_EMAIL=postg...@localhost.com
                    <mailto:PGADMIN_DEFAULT_EMAIL=postg...@localhost.com>
                          - PGADMIN_DEFAULT_PASSWORD=postgres
                        volumes:
                          # to fix permission bugs:
                          # sudo chown -R 5050:5050 pgadmin4
                          - ./volumes/pgadmin4:/var/lib/pgadmin
                          -
                    ./volumes/pgadmin4_storage:/var/lib/pgadmin/storage
                        networks:
                          - cdsr
                        depends_on:
                          - cdsr_postgis
                        ports:
                          - 6001:80

                    networks:
                      cdsr:
                        driver: bridge
-- Thanks, 
                Aditya Toshniwal
                pgAdmin Hacker | Software Architect |
                *edbpostgres.com* <http://edbpostgres.com>
                "Don't Complain about Heat, Plant a TREE"
-- Thanks, 
            Aditya Toshniwal
            pgAdmin Hacker | Software Architect | *edbpostgres.com*
            <http://edbpostgres.com>
            "Don't Complain about Heat, Plant a TREE"
-- Thanks, 
        Aditya Toshniwal
        pgAdmin Hacker | Software Architect | *edbpostgres.com*
        <http://edbpostgres.com>
        "Don't Complain about Heat, Plant a TREE"
-- Dave Page 
    Blog: https://pgsnake.blogspot.com <https://pgsnake.blogspot.com>
    Twitter: @pgsnake

    EDB: https://www.enterprisedb.com <https://www.enterprisedb.com>




--
Dave Page
Blog: https://pgsnake.blogspot.com <https://pgsnake.blogspot.com>
Twitter: @pgsnake

EDB: https://www.enterprisedb.com <https://www.enterprisedb.com>

Reply via email to