FATAL: data directory "/var/lib/postgresql/data" has invalid permissions

[notimadam123]

Trying to use immich in docker but i get this error message from the postgres14 container but i get the messages

postgres14  | This user must also own the server process.
postgres14  | 
postgres14  | The database cluster will be initialized with locale "en_US.utf8".
postgres14  | The default database encoding has accordingly been set to "UTF8".
postgres14  | The default text search configuration will be set to "english".
postgres14  | 
postgres14  | Data page checksums are disabled.
postgres14  | 
postgres14  | fixing permissions on existing directory /var/lib/postgresql/data ... ok
postgres14  | creating subdirectories ... ok
postgres14  | selecting dynamic shared memory implementation ... posix
postgres14  | selecting default max_connections ... 20
postgres14  | selecting default shared_buffers ... 400kB
postgres14  | selecting default time zone ... Etc/UTC
postgres14  | creating configuration files ... ok
postgres14  | 2024-12-11 17:21:53.661 UTC [82] FATAL:  data directory "/var/lib/postgresql/data" has invalid permissions
postgres14  | 2024-12-11 17:21:53.661 UTC [82] DETAIL:  Permissions should be u=rwx (0700) or u=rwx,g=rx (0750).
postgres14  | child process exited with exit code 1
postgres14  | initdb: removing contents of data directory "/var/lib/postgresql/data"
postgres14  | running bootstrap script ... 
postgres14 exited with code 1```

[perry-mitchell]

I have the same issue. How can I disable these checks? Using this image on k8s with nfs mounts is a nightmare right now 😅

[VoVAllen]

This usually has nothing to do with pgvecto.rs. It's related to the original folder permission and the user id used in the docker image. We need more information about the issue (like the folder permission on the host environment, the user's permission, etc.) to help.

[perry-mitchell]

Well, it has to do with the docker image pgvecto.rs is build with, as it forcibly tries to change permissions and fails to do so. I'm running it on a k8s cluster with NFS CSI, and it does not have permission to change ownership of that share, yet it tries to.

I can't run the container as another uid/gid as it breaks it entirely. No matter what ownership/permissions I give the files on the share, it seems to want to change them and probably dies when trying the find command here: https://github.com/tensorchord/pgvecto.rs/blob/main/docker/pg-slim/docker-entrypoint.sh#L58 - The chmod/chown commands there don't die (though they warn), but the find command is not similarly protected.

I'd just like more control over this ownership processing on startup.

EDIT: I went back to just allowing it to set its own permissions, using no squashing on the NFS side. Far from ideal but this project's entrypoint simply kills any chance of controlling the permissions used when interacting with the filesystem, and imo, rendering it risky to use in terms of using mounted filesystems within its container. Hopefully this gets addressed in a future update. Ultimately we should be able to control the permissions it uses to interact with the mounted data directory (or any directory that makes sense to use a volume for). Note that this is not a problem for standard postgres which seems to somehow manage with slightly different permissions.