Occ run in Docker container cannot connect to DB for www-data user, passes for root

Server
1

I’m using the official Docker container (version 10.13.4.1 currently) hosted in a Kubernetes cluster with an external MySQL database.

As far as I can tell, ownCloud is operating normally except for the cron operation (and I expect any occ commands on the command line)

If I run occ from the container command line as root, there are no problems

root@owncloud-0:/var/www/owncloud# id
uid=0(root) gid=0(root) groups=0(root)
root@owncloud-0:/var/www/owncloud# occ -h
Description:
  List commands
....

However, if I do the same as the www-data user:

root@owncloud-0:/var/www/owncloud# su www-data -c id
uid=33(www-data) gid=33(www-data) groups=33(www-data)
root@owncloud-0:/var/www/owncloud# su www-data -c "occ -vvv -h"
An unhandled exception has been thrown:
Doctrine\DBAL\DBALException: Failed to connect to the database: An exception occurred in driver: SQLSTATE[HY000] [1045] ProxySQL Error: Access denied for user 'owncloud'@'10.2.1.227' (using password: YES) in /var/www/owncloud/lib/private/DB/Connection.php:62
Stack trace:
#0 /var/www/owncloud/lib/composer/doctrine/dbal/lib/Doctrine/DBAL/Connection.php(475): OC\DB\Connection->connect()
#1 /var/www/owncloud/lib/composer/doctrine/dbal/lib/Doctrine/DBAL/Connection.php(437): Doctrine\DBAL\Connection->getDatabasePlatformVersion()
#2 /var/www/owncloud/lib/composer/doctrine/dbal/lib/Doctrine/DBAL/Connection.php(379): Doctrine\DBAL\Connection->detectDatabasePlatform()
#3 /var/www/owncloud/lib/composer/doctrine/dbal/lib/Doctrine/DBAL/Connection.php(844): Doctrine\DBAL\Connection->getDatabasePlatform()
#4 /var/www/owncloud/lib/private/DB/Connection.php(148): Doctrine\DBAL\Connection->setTransactionIsolation()
#5 /var/www/owncloud/lib/composer/doctrine/dbal/lib/Doctrine/DBAL/DriverManager.php(262): OC\DB\Connection->__construct()
#6 /var/www/owncloud/lib/private/DB/ConnectionFactory.php(139): Doctrine\DBAL\DriverManager::getConnection()
#7 /var/www/owncloud/lib/private/Server.php(564): OC\DB\ConnectionFactory->getConnection()
#8 /var/www/owncloud/lib/composer/pimple/pimple/src/Pimple/Container.php(122): OC\Server->OC\{closure}()
#9 /var/www/owncloud/lib/private/AppFramework/Utility/SimpleContainer.php(107): Pimple\Container->offsetGet()
#10 /var/www/owncloud/lib/private/ServerContainer.php(86): OC\AppFramework\Utility\SimpleContainer->query()
#11 /var/www/owncloud/lib/private/Server.php(1289): OC\ServerContainer->query()
#12 /var/www/owncloud/lib/private/Server.php(436): OC\Server->getDatabaseConnection()
#13 /var/www/owncloud/lib/composer/pimple/pimple/src/Pimple/Container.php(122): OC\Server->OC\{closure}()
#14 /var/www/owncloud/lib/private/AppFramework/Utility/SimpleContainer.php(107): Pimple\Container->offsetGet()
#15 /var/www/owncloud/lib/private/ServerContainer.php(86): OC\AppFramework\Utility\SimpleContainer->query()
#16 /var/www/owncloud/lib/private/Server.php(1219): OC\ServerContainer->query()
#17 /var/www/owncloud/lib/private/Server.php(619): OC\Server->getAppConfig()
#18 /var/www/owncloud/lib/composer/pimple/pimple/src/Pimple/Container.php(122): OC\Server->OC\{closure}()
#19 /var/www/owncloud/lib/private/AppFramework/Utility/SimpleContainer.php(107): Pimple\Container->offsetGet()
#20 /var/www/owncloud/lib/private/ServerContainer.php(86): OC\AppFramework\Utility\SimpleContainer->query()
#21 /var/www/owncloud/lib/private/Server.php(1487): OC\ServerContainer->query()
#22 /var/www/owncloud/lib/private/legacy/app.php(344): OC\Server->getAppManager()
#23 /var/www/owncloud/lib/private/legacy/app.php(108): OC_App::getEnabledApps()
#24 /var/www/owncloud/lib/kernel.php(591): OC_App::loadApps()
#25 /var/www/owncloud/lib/kernel.php(1059): OC::init()
#26 /var/www/owncloud/lib/base.php(27): require_once('/var/www/ownclo...')
#27 /var/www/owncloud/console.php(52): require_once('/var/www/ownclo...')
#28 /var/www/owncloud/occ(11): require_once('/var/www/ownclo...')
#29 {main}

Obviously this points to a permissions problem somewhere but I’m at a loss as to how to track this down. It’s getting some of the correct information (DB user, DB Host) but for some reason is failing without any significant logging.

Any advice on where I should be looking or how to enable more verbose logging?

2

Just run it as root. This way, a wrapper script shipped with the container is used, which does the user context switch automatically.

2 Likes
3

This topic was automatically closed 90 days after the last reply. New replies are no longer allowed.