0

I found these lines in installation guide of Thingsboard IoT platform as Docker container. Without this trick Postgres (embedded in Docker image) cannot store its data to the directory on the host machine.

mkdir -p ~/.mytb-data && sudo chown -R 799:799 ~/.mytb-data
mkdir -p ~/.mytb-logs && sudo chown -R 799:799 ~/.mytb-logs
devaskim
  • 113
  • 2
  • It's explained right there in the installation guide. And in the chown man page. – Gerald Schneider Sep 27 '22 at 12:08
  • @Gerald Schneider I know about UID and GID. Maybe I was unclear in my question. I cannot find any mention neither in Docker docs nor in [Thingsboard Dockerfile](https://github.com/thingsboard/thingsboard/blob/master/msa/tb/docker-postgres/Dockerfile) about user and group IDs - 799 – devaskim Sep 27 '22 at 12:28
  • Because it's just a random number the author of the Dockerfile picked to use inside the container. – Gerald Schneider Sep 27 '22 at 12:49

2 Answers2

1

The number has no special meaning. It's just a number the author of the image thingsboard/tb-postgres picked to use as uid inside the container.

$ docker run --rm -it thingsboard/tb-postgres id
uid=799(thingsboard) gid=799(thingsboard) groups=799(thingsboard)

You do the chown so the user inside the container can write to it.

not really relevant, but to end the discussion in the comment: This is the second layer of the original docker image:

RUN /bin/sh -c apt-get update && apt-get upgrade --yes && apt-get autoremove && apt-get install -y --no-install-recommends procps && apt-get clean && rm -rf /var/lib/apt/lists/* && addgroup --system thingsboard --gid=799 && adduser --quiet --system --uid=799 --ingroup thingsboard --quiet --disabled-login --disabled-password --no-create-home -gecos "Thingsboard application" thingsboard

Highlight by me. The uid/gid are inherited from a base image.

Gerald Schneider
  • 23,274
  • 8
  • 57
  • 89
  • Strange, I ran `grep` on whole project's code and there is no occurrence of 799 besides docs and permission list in one shell script. But thanks for clarification – devaskim Sep 27 '22 at 13:07
  • It is possible that it is inherited by another image that is used as a base. – Gerald Schneider Sep 27 '22 at 13:08
  • Yes, it is `FROM thingsboard/openjdk11:bullseye-slim` but I don't know where this Dockerfile. I think we can end investigation))) – devaskim Sep 27 '22 at 13:11
  • @Den "*ran grep on whole project's code*". Does the number appear in /etc/group or /etc/passwd? – Ray Butterworth Sep 27 '22 at 13:24
  • @Ray Butterworth Yes, if `grep` inside a running container. `thingsboard:x:799:` for /etc/group and `thingsboard:x:799:799:Thingsboard application,,,:/home/thingsboard:/usr/sbin/nologin` for /etc/passwd – devaskim Sep 27 '22 at 13:34
  • @Den, so "thingsonboard" is the user name and group name used by this package, and the two 799s are numbers arbitrarily assigned to those names (for filesystem internal use) when the package is installed. (They don't have to be the same as each other.). If the package is installed on some other system, it may very well end up with different numbers. – Ray Butterworth Sep 27 '22 at 13:39
  • @Ray Butterworth any time when I rebuild the image after code modification the number left the same – devaskim Sep 27 '22 at 13:41
  • @Den, yes, once it's in the passwd and group files, it's not going to change. At the very first installation, either the installation software itself created those two entries or it told whoever was doing it to create them. – Ray Butterworth Sep 27 '22 at 13:45
  • @Den, hmm, I see that the installation guide *does* make an unwarranted assumption that 799 will be available when it is installed. That seems rather strange. I wonder what it does when that number has already been assigned to some other user or group. – Ray Butterworth Sep 27 '22 at 13:51
  • @RayButterworth your assumption is wrong. If you inspect the layers of the docker image you'll see that the user and the group are created directly in the second layer with the numeric ids of 799. As long as this image is used it is always the identical number. – Gerald Schneider Sep 27 '22 at 13:54
  • @GeraldSchneider, then this is a really bad way to do things. If my system already uses 799, am I expected to renumber all its files? Even if it's a huge NFS shared filesystem shared by hundreds of computers, each of which will also have to be renumbered? Or even worse, what do I do if I've already installed the unrelated ABC package, which made an equally presumptuous claim on 799? – Ray Butterworth Sep 27 '22 at 14:01
  • I don't see any problem there, this is common practice with virtually every container. But this is not the place for such a discussion. Feel free to ask your own question about it if you have concerns. – Gerald Schneider Sep 27 '22 at 17:39
0

Well in this case, the first 799 is the user ID, the second 799 is the group ID.

So basically, it's assigning setting the owner of the directories to be UID 799 and GID 799

lolinux
  • 61
  • 1
  • 3