Mysql needs to be run as root

[Skull0ne]

Hi,

I have some trouble to run my mysql docker. Here is my error :

testmysql    | + echo 'Finished mysql_install_db'
testmysql    | Finished mysql_install_db
testmysql    | + pid=59
testmysql    | + mysql=(mysql --protocol=socket -uroot -hlocalhost --socket=/var/run/mysqld/mysqld.sock)
testmysql    | + for i in '{30..0}'
testmysql    | + mysqld --verbose --skip-networking --socket=/var/run/mysqld/mysqld.sock
testmysql    | + echo 'SELECT 1'
testmysql    | + mysql --protocol=socket -uroot -hlocalhost '--socket=/var/run/mysqld/mysqld.sock --verbose'
testmysql    | + echo 'MySQL init process in progress...'
testmysql    | + sleep 1
testmysql    | MySQL init process in progress...
testmysql    | 2017-02-06 21:44:19 0 [Warning] TIMESTAMP with implicit DEFAULT value is deprecated. Please use --explicit_defaults_for_timestamp server option (see documentation for more details).
testmysql    | 2017-02-06 21:44:19 0 [Note] mysqld (mysqld 5.6.35) starting as process 59 ...
testmysql    | 2017-02-06 21:44:19 59 [ERROR] Fatal error: Please read "Security" section of the manual to find out how to run mysqld as root!
testmysql    | 
testmysql    | 2017-02-06 21:44:19 59 [ERROR] Aborting
testmysql    | 
testmysql    | 2017-02-06 21:44:19 59 [Note] Binlog end
testmysql    | 2017-02-06 21:44:19 59 [Note] mysqld: Shutdown complete

This is my docker compose :

version: '2'

services:

 testmysql:
  build: 
    context: ./test-centos7-mysql
  image: test-centos7-mysql:latest
  container_name: testmysql
  environment:
    MYSQL_ROOT_PASSWORD: test
    MYSQL_DATABASE: test_db
    MYSQL_USER: usr_test
    MYSQL_PASSWORD: test
    MYSQL_HOST: localhost
  networks:
   test_network:
      ipv4_address: 172.16.250.1

networks:

 test_network:
   driver: bridge
   ipam:
     driver: default
     config:
     - subnet: 172.16.250.0/24
       gateway: 172.16.250.254

And my Dockerfile :

#Installation des packages de base
RUN yum install -y gcc \
        epel-release \
        make \
        net-tools 

#Installation Mysql 5.6
RUN wget http://repo.mysql.com/mysql-community-release-el7-5.noarch.rpm
RUN rpm -ivh mysql-community-release-el7-5.noarch.rpm
RUN yum install -y mysql-community-server

# Nettoyage Yum
RUN yum clean all && rm -rf /tmp/yum*

#Copie du script de permissions
COPY ./container_files/fix_permissions.sh ./
RUN chmod -v +x /fix_permissions.sh
RUN ./fix_permissions.sh /var/lib/mysql/   && \
    ./fix_permissions.sh /var/run/

#Copie du script de création de DB
COPY ./container_files/docker-entrypoint.sh /
RUN chmod -v +x /docker-entrypoint.sh

ENTRYPOINT ["/docker-entrypoint.sh"]

#On ouvre le port par défaut de mysql
EXPOSE 3306
CMD ["mysqld"]

Versions :

CentOS Linux release 7.3.1611 (Core) 
[pedegand@localhost:~/docker-test]$ docker --version
Docker version 1.13.0, build 49bf474
[pedegand@localhost:~/docker-test]$ docker-compose --version
docker-compose version 1.9.0, build 2585387

I've seen several posts with the same kind of error (#216, #45) but I don't think that I have the same problem (no mount and MYSQL_HOST is set to localhost).

Thanks for your help!

[ltangvald]

Hi,

Having mysql run as the root user is considered a security problem, so the daemon won't let you do it by default.
The way it normally handles this is that the server takes a --user setting, dropping privileges to that user.

Most likely, you just need to add a «user=mysql» to your server configuration.

[Skull0ne]

Hi thanks for replying :)

This is the mysql command I have in the docker-entrypoint.sh, it's not enough for mysql ?
mysql=( mysql --protocol=socket -uroot -hlocalhost --socket=/var/run/mysqld/mysqld.sock)

And this is the script :

set -e

# if command starts with an option, prepend mysqld
if [ "${1:0:1}" = '-' ]; then
        set -- mysqld "$@"
fi

if [ "$1" = 'mysqld' ]; then
        # Test we're able to startup without errors. We redirect stdout to /dev/null so
        # only the error messages are left.
        result=0
        output=$("$@" --verbose --help 2>&1 > /dev/null) || result=$?
        if [ ! "$result" = "0" ]; then
                echo >&2 'error: could not run mysql. This could be caused by a misconfigured my.cnf'
                echo >&2 "$output"
                exit 1
        fi

        # Get config
        DATADIR="$("$@" --verbose --help 2>/dev/null | awk '$1 == "datadir" { print $2; exit }')"

        if [ ! -d "$DATADIR/mysql" ]; then
                if [ -z "$MYSQL_ROOT_PASSWORD" -a -z "$MYSQL_ALLOW_EMPTY_PASSWORD" -a -z "$MYSQL_RANDOM_ROOT_PASSWORD" ]; then
                        echo >&2 'error: database is uninitialized and password option is not specified '
                        echo >&2 '  You need to specify one of MYSQL_ROOT_PASSWORD, MYSQL_ALLOW_EMPTY_PASSWORD and MYSQL_RANDOM_ROOT_PASSWORD'
                        exit 1
                fi
                # If the password variable is a filename we use the contents of the file
                if [ -f "$MYSQL_ROOT_PASSWORD" ]; then
                        MYSQL_ROOT_PASSWORD="$(cat $MYSQL_ROOT_PASSWORD)"
                fi
                mkdir -p "$DATADIR"
                chown -R mysql:mysql "$DATADIR"

                echo 'Running mysql_install_db'
                mysql_install_db --user=mysql --datadir="$DATADIR" --rpm
                echo 'Finished mysql_install_db'

                "$@" --verbose --skip-networking --socket=/var/run/mysqld/mysqld.sock &
                pid="$!"

                mysql=( mysql --protocol=socket -uroot -hlocalhost --socket=/var/run/mysqld/mysqld.sock)

                for i in {30..0}; do
                        if echo 'SELECT 1' | "${mysql[@]} --verbose" &> /dev/null; then
                                break
                        fi
                        echo 'MySQL init process in progress...'
                        sleep 1
                done
                if [ "$i" = 0 ]; then
                        echo >&2 'MySQL init process failed.'
                        exit 1
                fi

                mysql_tzinfo_to_sql /usr/share/zoneinfo | "${mysql[@]}" mysql

                if [ ! -z "$MYSQL_RANDOM_ROOT_PASSWORD" ]; then
                        MYSQL_ROOT_PASSWORD="$(pwmake 128)"
                        echo "GENERATED ROOT PASSWORD: $MYSQL_ROOT_PASSWORD"
                fi
                if [ -z "$MYSQL_ROOT_HOST" ]; then
                        ROOTCREATE="SET PASSWORD FOR 'root'@'${MYSQL_HOST}' = PASSWORD('${MYSQL_ROOT_PASSWORD}');"
                else
                        ROOTCREATE="SET PASSWORD FOR 'root'@'${MYSQL_HOST}' = PASSWORD('${MYSQL_ROOT_PASSWORD}'); \
                        CREATE USER 'root'@'${MYSQL_HOST}' IDENTIFIED BY '${MYSQL_ROOT_PASSWORD}'; \
                        GRANT ALL ON *.* TO 'root'@'${MYSQL_HOST}' WITH GRANT OPTION ;"
                fi
                "${mysql[@]}" <<-EOSQL
                        -- What's done in this file shouldn't be replicated
                        --  or products like mysql-fabric won't work
                        SET @@SESSION.SQL_LOG_BIN=0;
                        DELETE FROM mysql.user WHERE user NOT IN ('mysql.sys', 'mysqlxsys', 'root') OR host NOT IN ('localhost');
                        ${ROOTCREATE}
                        DROP DATABASE IF EXISTS test ;
                        FLUSH PRIVILEGES ;
                EOSQL
                if [ ! -z "$MYSQL_ROOT_PASSWORD" ]; then
                        mysql+=( -p"${MYSQL_ROOT_PASSWORD}" )
                fi

                if [ "$MYSQL_DATABASE" ]; then
                        echo "CREATE DATABASE IF NOT EXISTS \`$MYSQL_DATABASE\` ;" | "${mysql[@]}"
                        mysql+=( "$MYSQL_DATABASE" )
                fi

                if [ "$MYSQL_USER" -a "$MYSQL_PASSWORD" ]; then
                        echo "CREATE USER '"$MYSQL_USER"'@'%' IDENTIFIED BY '"$MYSQL_PASSWORD"' ;" | "${mysql[@]}"

                        if [ "$MYSQL_DATABASE" ]; then
                                echo "GRANT ALL ON \`"$MYSQL_DATABASE"\`.* TO '"$MYSQL_USER"'@'%' ;" | "${mysql[@]}"
                        fi

                        echo 'FLUSH PRIVILEGES ;' | "${mysql[@]}"
                fi

                echo
                for f in /docker-entrypoint-initdb.d/*; do
                        case "$f" in
                                *.sql) echo "$0: running $f"; "${mysql[@]}" < "$f" && echo ;;
                                *.sql.gz) echo "$0: running $f"; gunzip -c "$f" | "${mysql[@]}"; echo ;;
                                *)     echo "$0: ignoring $f" ;;
                        esac
                        echo
                done

                if ! kill -s TERM "$pid" || ! wait "$pid"; then
                        echo >&2 'MySQL init process failed.'
                        exit 1
                fi

                echo
                echo 'MySQL init process done. Ready for start up.'
                echo
        fi

        chown -R mysql:mysql "$DATADIR"
fi

exec "$@"```

[tianon]

Closing since this appears to be an issue with a custom image, not this one.

In the future, these sorts of questions/requests would be more appropriately posted to the Docker Community Forums, the Docker Community Slack, or Stack Overflow. Thanks!