Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Allow the Setting of GUID / PUID via Configuration #134

Open
E-t-z opened this issue Apr 12, 2022 · 5 comments
Open

Allow the Setting of GUID / PUID via Configuration #134

E-t-z opened this issue Apr 12, 2022 · 5 comments
Labels
enhancement

Comments

@E-t-z
Copy link
Collaborator

E-t-z commented Apr 12, 2022

It would be great if we could GUID / PUID in the environment variables (similar to all images produced by LinuxServer.io images.
https://docs.linuxserver.io/general/understanding-puid-and-pgid

It would make way easier to assign proper permissions for mapped volumes and create actual corresponding isolated users on host, in case needed.
@jarischaefer
Copy link
Owner

Good idea, similar to #131. There is some support already, see #50. I will add documentation. Support for docker run --user=... would be nice.

Do you want every process in the container to run as PUID & PGID? Or is it only about ensuring file permissions on the volumes?

jarischaefer added a commit that referenced this issue May 13, 2022
@jarischaefer
add documentation for PUID and PGID (issue #134)
0881e58
@E-t-z
Copy link
Collaborator Author

E-t-z commented May 13, 2022
edited
Loading

It is mostly about permissions for the volumes. It adds ability to spawn an actual user in the system and write files with correct permissions on host.
Also, current implementation can have clashes with underlying host, if those id’s would match on existing user on host, who’s account has nothing to do with docker and who actually should not even have access to those files.

Running all processes inside container with same PUID and PGID would be nice, but is not very important in this case. (I know, security experts would disagree, but it is completely different topic alltogether)

@E-t-z
Copy link
Collaborator Author

E-t-z commented Sep 23, 2022

Ok, tried this out, but container fails to start:

2022-09-23T05:10:36.012722000Z | stdout | *** /etc/my_init.d/librenms_001_early_permissions failed with status 4
2022-09-23T05:10:36.012494000Z | stdout | groupadd: GID '100' already exists
2022-09-23T05:10:36.007687279Z | stdout | Done.
2022-09-23T05:10:35.765885263Z | stdout | Removing group `librenms' ...
2022-09-23T05:10:35.688004083Z | stdout | Done.
2022-09-23T05:10:35.518352022Z | stdout | Removing user `www-data' from group `librenms' ...
2022-09-23T05:10:35.434356438Z | stdout | Done.
2022-09-23T05:10:35.082543237Z | stdout | userdel: group librenms not removed because it has other members.
2022-09-23T05:10:35.051962465Z | stdout | Removing user `librenms' ...
2022-09-23T05:10:34.941606664Z | stdout | *** Running /etc/my_init.d/librenms_001_early_permissions...
2022-09-23T05:10:34.932411237Z | stdout | *** Running /etc/my_init.d/librenms_000_environment...
2022-09-23T05:10:33.959092010Z | stdout | Sep 23 08:10:33 LibreNMS syslog-ng[13]: syslog-ng starting up; version='3.35.1'
2022-09-23T05:10:33.877696103Z | stdout | *** Running /etc/my_init.d/10_syslog-ng...

@E-t-z
Copy link
Collaborator Author

E-t-z commented Sep 23, 2022

Unfortunately had yet no chance to debug it.

@jarischaefer
Copy link
Owner

@E-t-z There are some default users and groups in /etc/passwd and /etc/group. The number of reserved IDs could be reduced in the future. For now it is best to use IDs greater than 1000.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@jarischaefer @E-t-z