Docker user (puid) and group (pgid) settings


Recommended Posts

I think this is a reoccurring issue that people start hitting as they get deeper into the world of Unraid and Dockers.

I have started running into issues with users and groups.

I see that Unraid normally runs dockers nobody:users (user 99 and group 100).

 

I've been using a lot of linuxserver.io dockers that allow you to set the user/group in the docker GUI. When set to 99 & 100 then permissions on the filesystem all work.

Within the docker id is as follows;

 

root@361b22374b0e:/# id
uid=0(root) gid=0(root) groups=0(root)

 

I've been playing with some other dockers that don't seem to have any way to set the user/group.

In order to get them to boot I have to set permissions on their appdata folder to 777.

Then from within the docker the id looks like;

 

/mydocker $ id
uid=65534(nobody) gid=65534(nobody)

 

Obviously setting a dockers files to 777 is a security nightmare.

Is there anyway to force the user/group of a docker?

How does the mapping between the user/group of the docker and the underlying OS (Unraid) work?

Is there any good documentation I can read?

Thanks,

Link to comment

If the container doesn't support setting PUID / PGID then it doesn't support doing it.

 

4 hours ago, cat2devnull said:

In order to get them to boot I have to set permissions on their appdata folder to 777.

 

What containers?  This doesn't seem correct that they won't boot if you don't set the permissions on appdata to be 0777.   Now, if they boot, but YOU can't access the files within appdata, then that's a different matter....

Link to comment
13 hours ago, Squid said:

This doesn't seem correct that they won't boot if you don't set the permissions on appdata to be 0777.   Now, if they boot, but YOU can't access the files within appdata, then that's a different matter....

Some dockers will exit on boot if they can't write to their appdata folder. In my case I'm playing with prometheus and it was behaving this way.

So what's the best way to allow the docker access to its appdata files if its using uid=65534(nobody) gid=65534(nobody)? Should I add these to the Unraid server?

Link to comment

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.