I started mattermost with docker compose
My version is 7.1.5
I exec to container via command “docker exec -it container-id /bin/bash”
when I want run simple command or install with apt I got error permission
and I don’t have password for su root
so, what is the root password of mattermost container?
Hi @farhaadn and welcome to the Mattermost forums!
When you run the docker exec command as root, you should also be root inside the container. Did you try that?
yes I try that but even with root user I cant get any package
root@45768021acf7:/mattermost# apt update
E: setgroups 65534 failed - setgroups (1: Operation not permitted)
E: setegid 65534 failed - setegid (1: Operation not permitted)
E: seteuid 100 failed - seteuid (1: Operation not permitted)
E: setgroups 0 failed - setgroups (1: Operation not permitted)
rm: cannot remove ‘/var/cache/apt/archives/partial/*.deb’: Permission denied
Reading package lists… Done
W: chown to _apt:root of directory /var/lib/apt/lists/partial failed - SetupAPTPartialDirectory (1: Operation not permitted)
W: chown to _apt:root of directory /var/lib/apt/lists/auxfiles failed - SetupAPTPartialDirectory (1: Operation not permitted)
E: setgroups 65534 failed - setgroups (1: Operation not permitted)
E: setegid 65534 failed - setegid (1: Operation not permitted)
E: seteuid 100 failed - seteuid (1: Operation not permitted)
E: setgroups 0 failed - setgroups (1: Operation not permitted)
E: Method gave invalid 400 URI Failure message: Failed to setgroups - setgroups (1: Operation not permitted)
E: Method http has died unexpectedly!
E: Sub-process http returned an error code (112)
The directories might be read only depending on your configuration. What additional tools do you want to install in the container? What is it exactly that you’re trying to achieve here?
lsof, tcpdump and iptables packages
I want to check the traffic
You can not install iptables inside a docker container, since it does not have access to the iptables anyways.
All connections from a docker container are visible on the host on the outside, so you should use these tools on your linux host and not inside the container.
what about lsof and tcpdump?
I can run it in container and I have it in another containers
Yes, you can - but all of this information is also available on the outside and whenever you update the container, the additional tools will be removed again and you have to reinstall them then.
It is not good practice to install tools inside the docker image once it’s running, you could modify the docker file to create a new customized container image which also includes these tools.
Another alternative would be to map a statically compiled version of busybox f.ex. into the container. This would then allow you to run some common debugging commands directly from within the container:
# docker exec -u root -ti 98505b225dd4 /bin/bash
root@98505b225dd4:/mattermost# busybox netstat
Active Internet connections (w/o servers)
Proto Recv-Q Send-Q Local Address Foreign Address State
tcp 0 0 98505b225dd4:58696 mm-770-postgres-1.mm-770_default:5432 ESTABLISHED
tcp 0 0 98505b225dd4:36328 mm-770-postgres-1.mm-770_default:5432 TIME_WAIT
tcp 0 0 98505b225dd4:58712 mm-770-postgres-1.mm-770_default:5432 ESTABLISHED
tcp 0 0 98505b225dd4:34114 server-18-66-97-125.fra56.r.cloudfront.net:443 ESTABLISHED
tcp 0 0 98505b225dd4:58680 mm-770-postgres-1.mm-770_default:5432 ESTABLISHED
tcp 0 0 98505b225dd4:40220 server-18-66-112-60.fra56.r.cloudfront.net:443 ESTABLISHED
tcp 0 0 98505b225dd4:58738 mm-770-postgres-1.mm-770_default:5432 ESTABLISHED
tcp 0 0 98505b225dd4:58692 mm-770-postgres-1.mm-770_default:5432 ESTABLISHED
tcp 0 0 98505b225dd4:33942 server-13-32-121-69.fra60.r.cloudfront.net:443 ESTABLISHED
tcp 0 0 98505b225dd4:36336 mm-770-postgres-1.mm-770_default:5432 TIME_WAIT
tcp 0 0 localhost:35868 localhost:8065 TIME_WAIT
tcp 0 0 98505b225dd4:58704 mm-770-postgres-1.mm-770_default:5432 ESTABLISHED
tcp 0 0 98505b225dd4:41040 server-18-66-97-74.fra56.r.cloudfront.net:443 ESTABLISHED
tcp 0 0 98505b225dd4:58728 mm-770-postgres-1.mm-770_default:5432 ESTABLISHED
tcp 0 0 98505b225dd4:58758 mm-770-postgres-1.mm-770_default:5432 ESTABLISHED
tcp 0 0 98505b225dd4:58748 mm-770-postgres-1.mm-770_default:5432 ESTABLISHED
Active UNIX domain sockets (w/o servers)
Proto RefCnt Flags Type State I-Node Path
unix 3 [ ] STREAM CONNECTED 62486324 /tmp/plugin2943161274
unix 3 [ ] STREAM CONNECTED 62486310
unix 3 [ ] STREAM CONNECTED 62485360
unix 3 [ ] STREAM CONNECTED 62485344
unix 3 [ ] STREAM CONNECTED 62486312 /tmp/plugin4011823926
unix 3 [ ] STREAM CONNECTED 62485369 /tmp/plugin2211775106
unix 3 [ ] STREAM CONNECTED 62486337
unix 3 [ ] STREAM CONNECTED 62486338 /tmp/plugin1169520782
unix 3 [ ] STREAM CONNECTED 62485328
unix 3 [ ] STREAM CONNECTED 62485368
unix 3 [ ] STREAM CONNECTED 62485315 /tmp/plugin471179159
unix 3 [ ] STREAM CONNECTED 62485361 /tmp/plugin1627926240
To do that, you can install the busybox-static package on your host system (or compile your own statically linked busybox binary with all the tools you need) and map it into the container by modifying the volumes in your docker-compose.yml file (see last line of the volumes section)
volumes:
- ${MATTERMOST_CONFIG_PATH}:/mattermost/config:rw
- ${MATTERMOST_DATA_PATH}:/mattermost/data:rw
- ${MATTERMOST_LOGS_PATH}:/mattermost/logs:rw
- ${MATTERMOST_PLUGINS_PATH}:/mattermost/plugins:rw
- ${MATTERMOST_CLIENT_PLUGINS_PATH}:/mattermost/client/plugins:rw
- ${MATTERMOST_BLEVE_INDEXES_PATH}:/mattermost/bleve-indexes:rw
- /bin/busybox:/bin/busybox:ro
Thank you, its usefull