Skip to main content

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [List Home]
Re: [mosquitto-dev] Unable to open pwfile when using mosquitto Docker image

Thanks Norbert.

Changing the permissions of the file had no effect:

/volume1/mosquitto/data$ sudo chmod 666 /volume1/mosquitto/data/mosquitto.password_file
/volume1/mosquitto/data$ ls -la
total 4
drwxrwxrwx+ 1 1883 1883  46 Mar 11 05:52 .
drwxrwxrwx+ 1 1883 1883  76 Mar 11 05:28 ..
-rw-rw-rw-  1 1883 1883 121 Mar 11 05:52 mosquitto.password_file

$ sudo docker run --rm -i -p 1883:1883 -v /volume1/mosquitto/config:/mosquitto/config -v /volume1/mosquitto/data:/mosquitto/data --name mosqTemp eclipse-mosquitto:latest
1647005856: mosquitto version 2.0.14 starting
1647005856: Config loaded from /mosquitto/config/mosquitto.conf.
1647005856: Error: Unable to open pwfile "/mosquitto/data/mosquitto.password_file".
1647005856: Error opening password file "/mosquitto/data/mosquitto.password_file".

inside the container:

/mosquitto/data # ls -la
total 4
d---------    1 mosquitt mosquitt        46 Mar 11 05:52 .
drwxr-xr-x    1 mosquitt mosquitt        26 Nov 17 01:20 ..
-rw-rw-rw-    1 mosquitt mosquitt       121 Mar 11 05:52 mosquitto.password_file

but I can't su as mosquitto:

/mosquitto/data # su mosquitto
This account is not available
/mosquitto/data # whoami
root

I notice that the user in the ls output is mosquitt - not mosquitto. I assume that's just a concatenation?


On Fri, 11 Mar 2022 at 11:23, Norbert Heußer <norbert.heusser@xxxxxxxxxx> wrote:
Hi Giles,

changing the ownership of the folder /mosquitto (and recursively all sub folders) inside the container to mosquitto:mosquitto is part of the docker-entrypoint.sh script starting the broker in the container. The intention is to avoid any kind of permission/owership problems.

But the ownership of your file inside the container still looks strange. Could you please try to change permission of the password file to 666 using:
sudo chmod 666 /volume1/mosquitto/data/mosquitto.password_file
(You may need to execute it with root permission as the folder/file might belong to a userid, which does not exist on the host).

Then give it a new try. This would help to see, if we have a permission problem with the file.

If this does not help please try to view the content (e.g. cat) of the file inside the container using the mosquitto user:
su mosquitto
less /mosquitto/data/mosquitto.password_file 
(Use q to quit the less).

Best,
Norbert

Am 11.03.2022 um 11:11 schrieb Giles Roadnight <giles.roadnight@xxxxxxxxx>:

Many thanks for that explanation. I hadn't realised that a docker image expects certain volumes, I thought you could replace any path with any path.

Anyway, I am now running with:

sudo docker run --rm -i -p 1883:1883 -v /volume1/mosquitto/config:/mosquitto/config -v /volume1/mosquitto/data:/mosquitto/data --name mosqTemp eclipse-mosquitto:latest

but unfortunately I still get:

1646993206: mosquitto version 2.0.14 starting
1646993206: Config loaded from /mosquitto/config/mosquitto.conf.
1646993206: Error: Unable to open pwfile "/mosquitto/data/mosquitto.password_file".
1646993206: Error opening password file "/mosquitto/data/mosquitto.password_file".

in the container I can now see the expected file:

/mosquitto/data # pwd
/mosquitto/data
/mosquitto/data # ls -la
total 4
d---------    1 mosquitt mosquitt        46 Mar 11 05:52 .
drwxr-xr-x    1 mosquitt mosquitt        26 Nov 17 01:20 ..
----------    1 mosquitt mosquitt       121 Mar 11 05:52 mosquitto.password_file


On Fri, 11 Mar 2022 at 10:02, Norbert Heußer <norbert.heusser@xxxxxxxxxx> wrote:
Hi Giles,

the mosquitto Docker container is expecting two different volumes to be mounted in the container (as you might be able to check using the "docker image inspect mosquitto:latest“ and check for Volumes)
1. /mosquitto/config 
2. /mosquitto/data

If you simply try to mount your local /volume1/mosquitto to the internal /mosquitto still the subfolders config and data will not be visible in the container (as they are overloaded by the docker engine). This is a general pattern in docker engine: All specified volumes have to be mounted individually. You can’t simply mount the folder above.

To fix your problem you would need to mount your local data and config individually into the container:
sudo docker run --rm -i -p 1883:1883 -v /volume1/mosquitto/config:/mosquitto/config  -v /volume1/mosquitto/data:/mosquitto/data  eclipse-mosquitto:latest

Hope this helps.

BTW: Why are there two different folder ?
Because the folder contain two different types of data. Config contains seldom modified data, which contains highly sensitive data like usernames and password (hashes). The data folder store temporary data and maybe modified very often. Using two different folders allows to use different backend storages (e.g. different RAID configs).

Best,
Norbert

Am 11.03.2022 um 07:01 schrieb Giles Roadnight <giles.roadnight@xxxxxxxxx>:

Hi All

I am trying to get mosquitto docker to work with a password file.  my run command:

sudo docker run --rm -i -p 1883:1883 -v/volume1/mosquitto:/mosquitto eclipse-mosquitto:latest

my config (/volume1/mosquitto/config/mosquitto.conf):

listener 1883
password_file /mosquitto/data/mosquitto.password_file

container file structure:

volume1/
    /config
        /mosquitto.conf
    /data
        /mosquitto.password_file
    /mqtt_passwd
(there are 2 copies of password at 2 different locations)

Within the running container I can see the mqtt_passwd in /mosquitto/ but the mosquitto.password_file is missing from /mosquitto/data - I have no idea how that can happen.

If I change my config to point to the password file at /mosquitto/mqtt_passwd I get the same error:

1646978185: mosquitto version 2.0.14 starting
1646978185: Config loaded from /mosquitto/config/mosquitto.conf.
1646978185: Error: Unable to open pwfile "/mosquitto/mqtt_password".
1646978185: Error opening password file "/mosquitto/mqtt_password".

I am very new to docker and pretty new to linux so I am a bit lost. Any help much appreciated.
_______________________________________________
mosquitto-dev mailing list
mosquitto-dev@xxxxxxxxxxx
To unsubscribe from this list, visit https://www.eclipse.org/mailman/listinfo/mosquitto-dev

-- 
Norbert Heußer
Senior Developer | Cedalo GmbH
Tel: +49 173 936 43 63

Cedalo GmbH
The company behind Eclipse Mosquitto and Eclipse Streamsheets

Geschäftsführer: Philipp Struss, Philip Ackermann, Dr. Stefan Lölkes Registergericht: Amtsgericht Freiburg, HRB 725414

---------------------------------------------------------------------------------------------

Diese E-Mail enthält vertrauliche und/oder rechtlich geschützte Informationen. Wenn Sie nicht der richtige Adressat sind oder diese E-Mail irrtümlich erhalten haben, informieren Sie bitte sofort den Absender und vernichten Sie diese Mail. Das unerlaubte Kopieren sowie die unbefugte Weitergabe dieser Mail ist nicht gestattet.



_______________________________________________
mosquitto-dev mailing list
mosquitto-dev@xxxxxxxxxxx
To unsubscribe from this list, visit https://www.eclipse.org/mailman/listinfo/mosquitto-dev
_______________________________________________
mosquitto-dev mailing list
mosquitto-dev@xxxxxxxxxxx
To unsubscribe from this list, visit https://www.eclipse.org/mailman/listinfo/mosquitto-dev

-- 
Norbert Heußer
Senior Developer | Cedalo GmbH
Tel: +49 173 936 43 63

Cedalo GmbH
The company behind Eclipse Mosquitto and Eclipse Streamsheets

Geschäftsführer: Philipp Struss, Philip Ackermann, Dr. Stefan Lölkes Registergericht: Amtsgericht Freiburg, HRB 725414

---------------------------------------------------------------------------------------------

Diese E-Mail enthält vertrauliche und/oder rechtlich geschützte Informationen. Wenn Sie nicht der richtige Adressat sind oder diese E-Mail irrtümlich erhalten haben, informieren Sie bitte sofort den Absender und vernichten Sie diese Mail. Das unerlaubte Kopieren sowie die unbefugte Weitergabe dieser Mail ist nicht gestattet.




_______________________________________________
mosquitto-dev mailing list
mosquitto-dev@xxxxxxxxxxx
To unsubscribe from this list, visit https://www.eclipse.org/mailman/listinfo/mosquitto-dev

Back to the top