Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Forcing a different user and group in docker-compose results in tmp permission error on startup #63

Open
Undeadllama opened this issue Nov 30, 2023 · 1 comment
Open

Forcing a different user and group in docker-compose results in tmp permission error on startup #63

Undeadllama opened this issue Nov 30, 2023 · 1 comment

Comments

@Undeadllama
Copy link

Undeadllama commented Nov 30, 2023
edited
Loading

By default medaziz11/uptimekuma_restapi appears to run under uid 100.
This results in permissions errors on startup unless uid 100 has access to the /db volume.
sqlite3.OperationalError: unable to open database file

Giving the volume full 777 permissions allows for the sqlite db to be created, but under ownership of uid 100, which on my system is the default 'systemd-timesync' user:

dockeradmin@dockerhost:/dockershared/uptimekuma$ grep "x:100:" /etc/passwd
systemd-timesync:x:100:102:systemd Time Synchronization,,,:/run/systemd:/usr/sbin/nologin

dockeradmin@dockerhost:/dockershared/uptimekuma$ ll apidb
total 24
drwxrwxrwx 2 dockeradmin      docker           4096 Nov 30 22:07 ./
drwxr-xr-x 4 dockeradmin      docker           4096 Nov 30 22:08 ../
-rw-r--r-- 1 systemd-timesync systemd-journal 16384 Nov 30 22:07 db.sqlite3

This is not ideal so I attempted to force use of a different user by adding the following line to my docker-compose file:
user: 1000:1000

Which resulted in the following errors accessing /tmp when attempting to start up the container:

[2023-11-30 22:09:16 +0000] [1] [INFO] Unhandled exception in main loop
Traceback (most recent call last):
  File "/app/venv/lib/python3.9/site-packages/gunicorn/arbiter.py", line 202, in run
    self.manage_workers()
  File "/app/venv/lib/python3.9/site-packages/gunicorn/arbiter.py", line 551, in manage_workers
    self.spawn_workers()
  File "/app/venv/lib/python3.9/site-packages/gunicorn/arbiter.py", line 622, in spawn_workers
    self.spawn_worker()
  File "/app/venv/lib/python3.9/site-packages/gunicorn/arbiter.py", line 569, in spawn_worker
    worker = self.worker_class(self.worker_age, self.pid, self.LISTENERS,
  File "/app/venv/lib/python3.9/site-packages/uvicorn/workers.py", line 23, in __init__
    super(UvicornWorker, self).__init__(*args, **kwargs)
  File "/app/venv/lib/python3.9/site-packages/gunicorn/workers/base.py", line 64, in __init__
    self.tmp = WorkerTmp(cfg)
  File "/app/venv/lib/python3.9/site-packages/gunicorn/workers/workertmp.py", line 29, in __init__
    util.chown(name, cfg.uid, cfg.gid)
  File "/app/venv/lib/python3.9/site-packages/gunicorn/util.py", line 153, in chown
    os.chown(path, uid, gid)
PermissionError: [Errno 1] Operation not permitted: '/tmp/wgunicorn-nyytxa4w'

What is the correct method to change what user the container is running as if I want to avoid uid 100?
@hillout
Copy link

hillout commented Dec 4, 2023

@Undeadllama I stumbled across the same problem. I think the best way to do it now is to rebuild the image with user you want.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@Undeadllama @hillout