Fix permission/ownership issues on Linux #206
Open
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
**Upgrade to Testcontainers 2.0.2** **Replace deprecated `addFileSystemBind` with `withCopyToContainer`** * For bind-mount-like behaviour we now copy config files into the container using `withCopyToContainer` instead of `addFileSystemBind`. * This follows Testcontainers’ recommendations and avoids host UID/GID quirks for mounted files. **Introduce `OwnedTransferable` helper** * Add a small wrapper around `Transferable` that lets us set file mode **and** uid/gid on tar entries. * Used for files that Postgres is strict about (e.g. key files), where ownership and `0600` permissions are required. **Fix permission/ownership issues on Linux** Previously, temp files created on the host were mounted into the container with the host UID and default `0600` mode. This happened to work on macOS (via Docker Desktop’s VM), but failed on Linux where Postgres runs as a non-root user. We now: * Copy files into the container using `OwnedTransferable`. * Set modes appropriately (e.g. `0600` for key files, `0644` for config/certs). * Set uid/gid based on the image variant (Alpine images use `postgres` as `70:70`, other images as `999:999`). This makes the SSL/Vault integration tests pass reliably on both macOS and Linux without requiring root or special host permissions.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
addFileSystemBindwithwithCopyToContainerwithCopyToContainerinstead ofaddFileSystemBind.OwnedTransferablehelperTransferablethat lets us set file mode and uid/gid on tar entries.0600permissions are required.Fix permission/ownership issues on Linux
Previously, temp files created on the host were mounted into the container with the host UID and default
0600mode. This happened to work on macOS (via Docker Desktop’s VM), but failed on Linux where Postgres runs as a non-root user.We now:
OwnedTransferable.0600for key files,0644for config/certs).postgresas70:70, other images as999:999).This makes the SSL/Vault integration tests pass reliably on both macOS and Linux without requiring root or special host permissions.