Sqlite database connection `permission denied`

jlariza · June 26, 2020, 6:53pm

Good day,

I am trying to connect a sqlite db but I keep getting opening db: '/var/globaleaks/globaleaks.db': Permission denied

I am running both globaleaks app and metabase app using docker. They share a volume where the database is located /var/globaleaks/globaleaks.db. Here is my docker-compose.yml:

version: '2'
services:
  globaleaks:
    container_name: myapp-gl
    build:
      context: ./
      dockerfile: appgl.dockerfile
    working_dir: /data/globaleaks
    image: globaleaks/globaleaks
    volumes:
       - ./myapp-gl/gl_data:/var/globaleaks/
    ports:
      - '80:80'
      - '443:443'
  metabase:
    image: metabase/metabase
    environment:
      MB_JETTY_PORT: 4000
    volumes_from:
      - globaleaks
    volumes:
       - ./myapp-metabase/metabase_data/metabase.db:/metabase.db/
    ports:
      - 4000:4000

The strange thing is that I accessed the metabase container and it is able to modify the files, but the app itself is not able to read it.

This configuration worked for me on a macbook using Docker Desktop; but when going live on a ubuntu server, it raised the permission denied issue. I even tried to create a test database with 777 permission and the metabase app was unable to read it.

What should I do?

This is my metabase information

{
  "browser-info": {
    "language": "en-US",
    "platform": "MacIntel",
    "userAgent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.116 Safari/537.36",
    "vendor": "Google Inc."
  },
  "system-info": {
    "file.encoding": "UTF-8",
    "java.runtime.name": "OpenJDK Runtime Environment",
    "java.runtime.version": "11.0.7+10",
    "java.vendor": "AdoptOpenJDK",
    "java.vendor.url": "https://adoptopenjdk.net/",
    "java.version": "11.0.7",
    "java.vm.name": "OpenJDK 64-Bit Server VM",
    "java.vm.version": "11.0.7+10",
    "os.name": "Linux",
    "os.version": "5.3.0-1023-aws",
    "user.language": "en",
    "user.timezone": "GMT"
  },
  "metabase-info": {
    "databases": [
      "h2",
      "postgres"
    ],
    "hosting-env": "unknown",
    "application-database": "h2",
    "application-database-details": {
      "database": {
        "name": "H2",
        "version": "1.4.197 (2018-03-18)"
      },
      "jdbc-driver": {
        "name": "H2 JDBC Driver",
        "version": "1.4.197 (2018-03-18)"
      }
    },
    "run-mode": "prod",
    "version": {
      "date": "2020-05-28",
      "tag": "v0.35.4",
      "branch": "release-0.35.x",
      "hash": "b3080fa"
    },
    "settings": {
      "report-timezone": null
    }
  }
}

Thank you

flamber · June 26, 2020, 9:46pm

Hi @jlariza
You are accessing the container as root, whereas Metabase application is running with UID 2000.
You can change the ID used with environment variables:
https://github.com/metabase/metabase/blob/master/bin/docker/run_metabase.sh#L28-L32

Migrate away from H2 if you’re using Metabase in production:
https://www.metabase.com/docs/latest/operations-guide/migrating-from-h2.html

jlariza · June 30, 2020, 12:34pm

@flamber Thank you! setting the correct user and group did the trick.

Thanks!