cat2devnull Posted December 25, 2021 Share Posted December 25, 2021 I think this is a reoccurring issue that people start hitting as they get deeper into the world of Unraid and Dockers. I have started running into issues with users and groups. I see that Unraid normally runs dockers nobody:users (user 99 and group 100). I've been using a lot of linuxserver.io dockers that allow you to set the user/group in the docker GUI. When set to 99 & 100 then permissions on the filesystem all work. Within the docker id is as follows; root@361b22374b0e:/# id uid=0(root) gid=0(root) groups=0(root) I've been playing with some other dockers that don't seem to have any way to set the user/group. In order to get them to boot I have to set permissions on their appdata folder to 777. Then from within the docker the id looks like; /mydocker $ id uid=65534(nobody) gid=65534(nobody) Obviously setting a dockers files to 777 is a security nightmare. Is there anyway to force the user/group of a docker? How does the mapping between the user/group of the docker and the underlying OS (Unraid) work? Is there any good documentation I can read? Thanks, Quote Link to comment
Squid Posted December 25, 2021 Share Posted December 25, 2021 If the container doesn't support setting PUID / PGID then it doesn't support doing it. 4 hours ago, cat2devnull said: In order to get them to boot I have to set permissions on their appdata folder to 777. What containers? This doesn't seem correct that they won't boot if you don't set the permissions on appdata to be 0777. Now, if they boot, but YOU can't access the files within appdata, then that's a different matter.... Quote Link to comment
cat2devnull Posted December 26, 2021 Author Share Posted December 26, 2021 13 hours ago, Squid said: This doesn't seem correct that they won't boot if you don't set the permissions on appdata to be 0777. Now, if they boot, but YOU can't access the files within appdata, then that's a different matter.... Some dockers will exit on boot if they can't write to their appdata folder. In my case I'm playing with prometheus and it was behaving this way. So what's the best way to allow the docker access to its appdata files if its using uid=65534(nobody) gid=65534(nobody)? Should I add these to the Unraid server? Quote Link to comment
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.