docker permission issues unraid 6.10

Hi,

I have seen the problem with the container REDIS by bitnami 

with a path add :

Container Path: /bitnami/ 

Host Path: /mnt/user/appdata/redis/bitnami/

when run the container in the log i can find : mkdir: cannot create directory '/bitnami/redis': Permission denied

 

I think it's beaucause bitnami is a non root container

Why use a non-root container?

Non-root container images add an extra layer of security and are generally recommended for production environments. However, because they run as a non-root user, privileged tasks are typically off-limits.

https://docs.bitnami.com/tutorials/work-with-non-root-containers/

 

I suppose with the new version of unraid 6.10.x non root containairs don't have the right to make directory because of the permission now applied to the root directory for the app in appdata. in my case "redis" directory

version unraid 6.10.x = drwxr-xr-x (755) for the redis directory when docker create

version unraid 6.9.2 = drwxrwxrwx (777) for the redis directory when docker create

when I chmod to 777 to the redis directory in unraid 6.10.2 it's working 

 

in unraid 6.10.x non root docker's container's seems to don't work as before.

i have tested with privileded option without success the only solution is to force manualy the privilege of the directory with chmod.

perhapse we can have a better option in a future version of unraid to run non root containers ?

thanks

On 6/13/2022 at 1:41 PM, sebz29a said:

only solution is to force manualy the privilege of the directory with chmod.

How do you do this exactly?

 

I already have the correct dir .../appdata/redis/bitnami/ and yet I'm still receiving the same error.

 

Edited July 15, 2022 by deano_southafrican

Hi,

 

You have to create the directory with command "install" for the non root user 1001 it's the only way I find to execute the container with non root right.

 

With this container I don't find any way to use an other non root user/group like 99/100

 

To create the directory before the container installation with the good owner group and privilege in terminal :

 

sudo install -d -m 0755 -o 1001 -g 0 redis
cd redis/
sudo install -d -m 0755 -o 1001 -g 0 bitnami

 

With this command you will not have any error after the container installation.

 

It's is now more secure than the use of 777 like in previouse unraid versions.

 

5 hours ago, sebz29a said:

With this command you will not have any error after the container installation.

Thank you! That worked for me, got it to run!

Hi Guys, I tried this and still get the error when trying to start my redis container

Hi,

You have to delete if the redis folder allready exist and execute the commands before to install the container. Is there an error in the log of the container when execute it ?

 

I tried this a few times... but then now I realized I can change permissions in the shares tab, which I updated the Nobody to read/write and now it works lol

 

anything wrong with this method?

Share permissions only apply to users you have created for network access to shares. Do you mean you actually created a user named Nobody?

On 7/16/2022 at 3:01 AM, sebz29a said:

Hi,

 

You have to create the directory with command "install" for the non root user 1001 it's the only way I find to execute the container with non root right.

 

To create the directory before the container installation with the good owner group and privilege in terminal :

 

sudo install -d -m 0755 -o 1001 -g 0 redis
cd redis/
sudo install -d -m 0755 -o 1001 -g 0 bitnami

 

 

I had a similar issue with the Ghost docker. Creating the appdata folder in advance with the elevated rights noted above moved me forward. But I also had to create the MariaDB user manually as 'username'@'172.17.0.1'.

Thank you!

you could also just access the web terminal and add

 

chmod -R 777 /mnt/user/appdata/redis/*

Thank you so so much @5EANtheRIGHTway  your a life saver been trying to get this docker app started for the past few days without any luck until now... cant believe i didnt think to try this...... Thak you.