Db2 On Premise and Cloud

Expand all | Collapse all

Root Permissions

  • 1.  Root Permissions

    Posted Wed July 24, 2019 09:40 AM
    Good morning,

    Running this container seems to require root permissions for (as far as I can tell) exposing port 22 and writing to `/database`. This cannot therefore be run on an OpenShift platform which does not allow this as a policy. Is there any intention to remove this awkward requirement to run as root?

    ------------------------------
    Nicholas Courtman
    ------------------------------


  • 2.  RE: Root Permissions

    Posted Thu July 25, 2019 09:32 AM

    Hello @Nicholas Courtman The container (ibmcom/db2) installs Db2 binaries as root, that is the reason why it needs to runAsUser: root

    A sample custom SCC that can be used on OpenShift is as follows:

    kind: SecurityContextConstraints
    apiVersion: v1
    metadata:
    name: db2-scc
    allowHostDirVolumePlugin: true
    allowHostIPC: true
    allowHostNetwork: false
    allowHostPID: false
    allowHostPorts: true
    allowPrivilegedContainer: false
    allowedCapabilities:
    - "SYS_RESOURCE"
    - "IPC_OWNER"
    - "SYS_NICE"
    runAsUser:
    type: RunAsAny
    seLinuxContext:
    type: MustRunAs
    fsGroup:
    type: RunAsAny
    supplementalGroups:
    type: RunAsAny



    ------------------------------
    IRINA DELIDJAKOVA
    ------------------------------



  • 3.  RE: Root Permissions

    Posted Thu October 10, 2019 02:13 PM
    Hi Irina,

    This does not work. 

    /usr/bin/id: cannot find name for user ID 1000250000
    /usr/bin/id: cannot find name for user ID 1000250000
    chmod: changing permissions of '/database': Operation not permitted
    (*) Previous setup has not been detected. Creating the users...
    (*) Creating users ...
    groupadd: Permission denied.
    groupadd: cannot lock /etc/group; try again later.
    groupadd: Permission denied.
    groupadd: cannot lock /etc/group; try again later.
    (*) Creating instance ...
    /var/db2_setup/include/db2_common_functions: line 50: /opt/ibm/db2/V11.5/instance/db2icrt: Permission denied
    (!) There was a problem configuring the instance. Copying over logs and traces to /database/config ...
    cp: cannot stat '/tmp/*db2*': No such file or directory
    db2support: Cannot determine userid

    Is there a way to run DB2 in OpenShift?

    ------------------------------
    Vladimir Remenar
    ------------------------------