Re: [mosquitto-dev] Unable to open pwfile when using mosquitto Docker im

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [List Home]

Re: [mosquitto-dev] Unable to open pwfile when using mosquitto Docker image

From: Giles Roadnight <giles.roadnight@xxxxxxxxx>
Date: Fri, 11 Mar 2022 10:35:35 +0000
Delivered-to: mosquitto-dev@xxxxxxxxxxx
List-archive: <https://www.eclipse.org/mailman/private/mosquitto-dev/>
List-help: <mailto:mosquitto-dev-request@eclipse.org?subject=help>
List-subscribe: <https://www.eclipse.org/mailman/listinfo/mosquitto-dev>, <mailto:mosquitto-dev-request@eclipse.org?subject=subscribe>
List-unsubscribe: <https://www.eclipse.org/mailman/options/mosquitto-dev>, <mailto:mosquitto-dev-request@eclipse.org?subject=unsubscribe>

I wondered about that but the permissions for the config file are exactly the same but it's able to read that:

/mosquitto/config # ls -la
total 4
d--------- 1 mosquitt mosquitt 28 Mar 11 05:28 .
drwxr-xr-x 1 mosquitt mosquitt 26 Nov 17 01:20 ..
---------- 1 mosquitt mosquitt 70 Mar 11 10:07 mosquitto.conf

so in the container most of these permissions have been modified to be owned by 1883:

/volume1/mosquitto/data$ ls -la
total 4
drwxrwxrwx+ 1 1883 1883 46 Mar 11 05:52 .
drwxrwxrwx+ 1 1883 1883 76 Mar 11 05:28 ..
-rwxrwxrwx+ 1 1883 1883 121 Mar 11 05:52 mosquitto.password_file

I ran your command:

/volume1/mosquitto/data$ sudo chmod 600 ./mosquitto.password_file
/volume1/mosquitto/data$ ls -la
total 4
drwxrwxrwx+ 1 1883 1883 46 Mar 11 05:52 .
drwxrwxrwx+ 1 1883 1883 76 Mar 11 05:28 ..
-rw------- 1 1883 1883 121 Mar 11 05:52 mosquitto.password_file

and tried again:

/volume1/mosquitto/config$ sudo docker run --rm -i -p 1883:1883 -v /volume1/mosquitto/config:/mosquitto/config -v /volume1/mosquitto/data:/mosquitto/data --name mosqTemp eclipse-mosquitto:latest
1646994754: mosquitto version 2.0.14 starting
1646994754: Config loaded from /mosquitto/config/mosquitto.conf.
1646994754: Error: Unable to open pwfile "/mosquitto/data/mosquitto.password_file".
1646994754: Error opening password file "/mosquitto/data/mosquitto.password_file".

the permissions in the container:

/mosquitto/data # ls -la
total 4
d--------- 1 mosquitt mosquitt 46 Mar 11 05:52 .
drwxr-xr-x 1 mosquitt mosquitt 26 Nov 17 01:20 ..
-rw------- 1 mosquitt mosquitt 121 Mar 11 05:52 mosquitto.password_file

Thanks very much for your replies. I really appreciate it. I feel like there's something simple that I am getting wrong but I can't see it!!!

Giles Roadnight
http://giles.roadnight.name

On Fri, 11 Mar 2022 at 10:18, Ben Hardill <hardillb@xxxxxxxxx> wrote:

The important part in what you've shown is:

> /mosquitto/data # ls -la
> total 4
> d--------- 1 mosquitt mosquitt 46 Mar 11 05:52 .
> drwxr-xr-x 1 mosquitt mosquitt 26 Nov 17 01:20 ..
> ---------- 1 mosquitt mosquitt 121 Mar 11 05:52
mosquitto.password_file
>

This shows that while the file is owned by the mosquitto user and group,
neither of them have permission to read the file (this is shown by all
the - chars at the start of the listing.

Have you run something like `chmod 000 mosquitto.password_file` on the
host os?

You should probable run `chmod 600 mosquitto.password_file` to grant
read/write permission to the file owner.

Ben

On 11/03/2022 10:11, Giles Roadnight wrote:
> Many thanks for that explanation. I hadn't realised that a docker image
> expects certain volumes, I thought you could replace any path with any path.
>
> Anyway, I am now running with:
>
> sudo docker run --rm -i -p 1883:1883 -v
> /volume1/mosquitto/config:/mosquitto/config -v
> /volume1/mosquitto/data:/mosquitto/data --name mosqTemp
> eclipse-mosquitto:latest
>
> but unfortunately I still get:
>
> 1646993206: mosquitto version 2.0.14 starting
> 1646993206: Config loaded from /mosquitto/config/mosquitto.conf.
> 1646993206: Error: Unable to open pwfile
> "/mosquitto/data/mosquitto.password_file".
> 1646993206: Error opening password file
> "/mosquitto/data/mosquitto.password_file".
>
> in the container I can now see the expected file:
>
> /mosquitto/data # pwd
> /mosquitto/data
> /mosquitto/data # ls -la
> total 4
> d--------- 1 mosquitt mosquitt 46 Mar 11 05:52 .
> drwxr-xr-x 1 mosquitt mosquitt 26 Nov 17 01:20 ..
> ---------- 1 mosquitt mosquitt 121 Mar 11 05:52
> mosquitto.password_file
>
> Giles Roadnight
> http://giles.roadnight.name <http://giles.roadnight.name>
>
>
> On Fri, 11 Mar 2022 at 10:02, Norbert Heußer <norbert.heusser@xxxxxxxxxx
> <mailto:norbert.heusser@xxxxxxxxxx>> wrote:
>
> Hi Giles,
>
> the mosquitto Docker container is expecting two different volumes to
> be mounted in the container (as you might be able to check using the
> "docker image inspect mosquitto:latest“ and check for Volumes)
> 1. /mosquitto/config
> 2. /mosquitto/data
>
> If you simply try to mount your local /volume1/mosquitto to the
> internal /mosquitto still the subfolders config and data will not be
> visible in the container (as they are overloaded by the docker
> engine). This is a general pattern in docker engine: All specified
> volumes have to be mounted individually. You can’t simply mount the
> folder above.
>
> To fix your problem you would need to mount your local data and
> config individually into the container:
> sudo docker run --rm -i -p 1883:1883 -v
> /volume1/mosquitto/config:/mosquitto/config -v
> /volume1/mosquitto/data:/mosquitto/data eclipse-mosquitto:latest
>
> Hope this helps.
>
> BTW: Why are there two different folder ?
> Because the folder contain two different types of data. Config
> contains seldom modified data, which contains highly sensitive data
> like usernames and password (hashes). The data folder store
> temporary data and maybe modified very often. Using two different
> folders allows to use different backend storages (e.g. different
> RAID configs).
>
> Best,
> Norbert
>
>> Am 11.03.2022 um 07:01 schrieb Giles Roadnight
>> <giles.roadnight@xxxxxxxxx <mailto:giles.roadnight@xxxxxxxxx>>:
>>
>> Hi All
>>
>> I am trying to get mosquitto docker to work with a password file.
>> my run command:
>>
>> sudo docker run --rm -i -p 1883:1883
>> -v/volume1/mosquitto:/mosquitto eclipse-mosquitto:latest
>>
>> my config (/volume1/mosquitto/config/mosquitto.conf):
>>
>> listener 1883
>> password_file /mosquitto/data/mosquitto.password_file
>>
>> container file structure:
>>
>> volume1/
>>    /config
>>    /mosquitto.conf
>>    /data
>>    /mosquitto.password_file
>>    /mqtt_passwd
>> (there are 2 copies of password at 2 different locations)
>>
>> Within the running container I can see the mqtt_passwd in
>> /mosquitto/ but the mosquitto.password_file is missing from
>> /mosquitto/data - I have no idea how that can happen.
>>
>> If I change my config to point to the password file at
>> /mosquitto/mqtt_passwd I get the same error:
>>
>> 1646978185: mosquitto version 2.0.14 starting
>> 1646978185: Config loaded from /mosquitto/config/mosquitto.conf.
>> 1646978185: Error: Unable to open pwfile "/mosquitto/mqtt_password".
>> 1646978185: Error opening password file "/mosquitto/mqtt_password".
>>
>> I am very new to docker and pretty new to linux so I am a bit
>> lost. Any help much appreciated.
>>
>> Giles Roadnight
>> http://giles.roadnight.name <http://giles.roadnight.name/>
>> _______________________________________________
>> mosquitto-dev mailing list
>> mosquitto-dev@xxxxxxxxxxx <mailto:mosquitto-dev@xxxxxxxxxxx>
>> To unsubscribe from this list, visit
>> https://www.eclipse.org/mailman/listinfo/mosquitto-dev
>> <https://www.eclipse.org/mailman/listinfo/mosquitto-dev>
>
> --
> *Norbert Heußer*
> Senior Developer | Cedalo GmbH
> Email: norbert.heusser@xxxxxxxxxx <mailto:philip.ackermann@xxxxxxxxxx>
> Tel: +49 173 936 43 63
>
> Cedalo GmbH
> The company behind Eclipse Mosquitto and Eclipse Streamsheets
> https://cedalo.com/ <https://cedalo.com/>
>
> Geschäftsführer: Philipp Struss, Philip Ackermann, Dr. Stefan Lölkes
> Registergericht: Amtsgericht Freiburg, HRB 725414
>
> ---------------------------------------------------------------------------------------------
>
> Diese E-Mail enthält vertrauliche und/oder rechtlich geschützte
> Informationen. Wenn Sie nicht der richtige Adressat sind oder diese
> E-Mail irrtümlich erhalten haben, informieren Sie bitte sofort den
> Absender und vernichten Sie diese Mail. Das unerlaubte Kopieren
> sowie die unbefugte Weitergabe dieser Mail ist nicht gestattet.
>
>
>
> _______________________________________________
> mosquitto-dev mailing list
> mosquitto-dev@xxxxxxxxxxx <mailto:mosquitto-dev@xxxxxxxxxxx>
> To unsubscribe from this list, visit
> https://www.eclipse.org/mailman/listinfo/mosquitto-dev
> <https://www.eclipse.org/mailman/listinfo/mosquitto-dev>
>
>
> _______________________________________________
> mosquitto-dev mailing list
> mosquitto-dev@xxxxxxxxxxx
> To unsubscribe from this list, visit https://www.eclipse.org/mailman/listinfo/mosquitto-dev

--
https://www.hardill.me.uk/wordpress
https://github.com/hardillb
https://about.me/hardillb
https://flickr.com/photos/hardillb/
https://keybase.io/hardillb
_______________________________________________
mosquitto-dev mailing list
mosquitto-dev@xxxxxxxxxxx
To unsubscribe from this list, visit https://www.eclipse.org/mailman/listinfo/mosquitto-dev

References:
- [mosquitto-dev] Unable to open pwfile when using mosquitto Docker image
  - From: Giles Roadnight
- Re: [mosquitto-dev] Unable to open pwfile when using mosquitto Docker image
  - From: Norbert Heußer
- Re: [mosquitto-dev] Unable to open pwfile when using mosquitto Docker image
  - From: Giles Roadnight
- Re: [mosquitto-dev] Unable to open pwfile when using mosquitto Docker image
  - From: Ben Hardill

Prev by Date: Re: [mosquitto-dev] Unable to open pwfile when using mosquitto Docker image
Next by Date: Re: [mosquitto-dev] Unable to open pwfile when using mosquitto Docker image
Previous by thread: Re: [mosquitto-dev] Unable to open pwfile when using mosquitto Docker image
Next by thread: Re: [mosquitto-dev] Unable to open pwfile when using mosquitto Docker image
Index(es):
- Date
- Thread

Breadcrumbs