UNCLASSIFIED - NO CUI

Skip to content

Incorrect filesystem permissions

Summary

Incorrect file system permissions prevent the pod from starting properly.

Steps to reproduce

Set the following values for the postgresql-ha helm chart:

postgresql:
  image:
    registry: registry1.dso.mil
    repository: ironbank/bitnami/postgresql-repmgr
    tag: 16.3.0

Deploy the helm chart:
helm install -n postgres test oci://registry-1.docker.io/bitnamicharts/postgresql-ha -f test.yaml

What is the current bug behavior?

Pod fails with the following errors logged:

postgresql-repmgr 13:24:12.71 INFO  ==> 
cp: cannot open '/opt/bitnami/postgresql/conf.default/./pg_hba.conf' for reading: Permission denied
cp: cannot open '/opt/bitnami/postgresql/conf.default/./postgresql.conf' for reading: Permission denied

What is the expected correct behavior?

Pod starts correctly and reports ready.

Relevant logs and/or screenshots

% docker run --rm -it registry1.dso.mil/ironbank/bitnami/postgresql-repmgr:16.3.0 /bin/bash
postgresql-repmgr 13:28:28.86 INFO  ==> 
postgresql-repmgr 13:28:28.86 INFO  ==> Welcome to the Bitnami postgresql-repmgr container
postgresql-repmgr 13:28:28.87 INFO  ==> Subscribe to project updates by watching https://github.com/bitnami/containers
postgresql-repmgr 13:28:28.87 INFO  ==> Submit issues and feature requests at https://github.com/bitnami/containers/issues
postgresql-repmgr 13:28:28.88 INFO  ==> Upgrade to Tanzu Application Catalog for production environments to access custom-configured and pre-packaged software components. Gain enhanced features, including Software Bill of Materials (SBOM), CVE scan result reports, and VEX documents. To learn more, visit https://bitnami.com/enterprise
postgresql-repmgr 13:28:28.89 INFO  ==> 

bash-5.1$ ls -alh /opt/bitnami/postgresql/conf.default/
total 40K
drwxrwxr-x 3 postgres postgres 4.0K Jun 26 00:59 .
drwxr-xr-x 1 postgres postgres 4.0K Jun 11 11:38 ..
drwxrwxr-x 2 postgres postgres 4.0K Jun 11 11:38 conf.d
-rwxr-x--- 1 root     root      213 Jun 26 00:59 pg_hba.conf
-rwxr-x--- 1 root     root      24K Jun 26 00:59 postgresql.conf

Possible fixes

There are scripts run as root as part of the image build process. This script in particular creates the files noted above.

Adding a RUN chown -R 1001:1001 /opt/bitnami/postgresql/ after the script execution should fix this.

Tasks

  • Bug has been identified and corrected within the container

Please read the Iron Bank Documentation for more info

To upload designs, you'll need to enable LFS and have an admin enable hashed storage. More information

UNCLASSIFIED - NO CUI