Jump to content
The Unraid Annual Cyber Weekend Sale is here 🔥 ×

Run docker as another user?


Recommended Posts

Posted

So, I've been thinking of running ArchiveBox for archiving some stuff for reference. There is an Unraid docker available, but I'm not a huge fan of having to stop the docker, change the argument, then start it up and guess as to when it has finished with the requested site. Today I decided to give it another go since they announced their 4.9 update. After some fiddling around with it and doing some research, I was able to get the server to run and stay running by putting "server 0.0.0.0:8000" in the Post Arguments box.

That allows me to get to the site and see the GUI, but if you try to click on the Admin or Add Link links, it brings you to a login page. Per that page (and their docs), you are supposed to be able to add a user by running the following from the shell: archivebox manage createsuperuser

But when I did that, it threw the following error: [!] ArchiveBox should never be run as root! It also linked to this page: https://github.com/pirate/ArchiveBox/wiki/Security-Overview#do-not-run-as-root

Now, per that page, I added the ALLOW_ROOT=True variable and also tried the config file, but it wasn't working, so I decided to try their Github issues page: https://github.com/pirate/ArchiveBox/issues/395

I found out from there that apparently the ALLOW_ROOT had been removed from the program (but not from the docs yet) and they asked about running it as another user. I added a user per the devs recommendation and it either did it or had already done it, as it said the user existed. But when I tried to run it by using "-u archivebox" or even trying to change the permissions, it would error out or revert when I changed the configuration of the docker.

So, does anyone have any suggestions or is it possible to run the docker as another user? 

(And feel free to correct me on the incorrect usage of docker vs container, as I don't quite have that correct in my head either :)

TIA!

 

Posted

The user inside a docker is normally controlled by the docker container, not by Unraid.  Some containers are set up to allow you to specify a UID/GID to be used by passing it in as an environment variable but whether that is possible is controlled by the docker developer.

Posted
59 minutes ago, smikwily said:

So, I've been thinking of running ArchiveBox for archiving some stuff for reference. There is an Unraid docker available, but I'm not a huge fan of having to stop the docker, change the argument, then start it up and guess as to when it has finished with the requested site. Today I decided to give it another go since they announced their 4.9 update. After some fiddling around with it and doing some research, I was able to get the server to run and stay running by putting "server 0.0.0.0:8000" in the Post Arguments box.

That allows me to get to the site and see the GUI, but if you try to click on the Admin or Add Link links, it brings you to a login page. Per that page (and their docs), you are supposed to be able to add a user by running the following from the shell: archivebox manage createsuperuser

But when I did that, it threw the following error: [!] ArchiveBox should never be run as root! It also linked to this page: https://github.com/pirate/ArchiveBox/wiki/Security-Overview#do-not-run-as-root

Now, per that page, I added the ALLOW_ROOT=True variable and also tried the config file, but it wasn't working, so I decided to try their Github issues page: https://github.com/pirate/ArchiveBox/issues/395

I found out from there that apparently the ALLOW_ROOT had been removed from the program (but not from the docs yet) and they asked about running it as another user. I added a user per the devs recommendation and it either did it or had already done it, as it said the user existed. But when I tried to run it by using "-u archivebox" or even trying to change the permissions, it would error out or revert when I changed the configuration of the docker.

So, does anyone have any suggestions or is it possible to run the docker as another user? 

(And feel free to correct me on the incorrect usage of docker vs container, as I don't quite have that correct in my head either :)

TIA!

 

If you run the docker as privileged it should be the same as ALLOW_ROOT

  • 9 months later...
Posted (edited)

After entering these commands inside the container as root:

# useradd -r -g archivebox -G audio,video archivebox

# mkdir -p /home/archivebox/data

# chown -R archivebox:archivebox /home/archivebox

(FYI an "archivebox" user already existed for me too)

 

Next do:

# su archivebox

And then:

$ cd /data

And run:

$ archivebox manage createsuperuser

 

# Another route to the same thing:

You can exit the container and do this:

$ sudo docker exec -it --user archivebox <containername> /bin/bash

So your prompt looks like this:

archivebox@<containerid>:/data$

Then run:

archivebox manage createsuperuser

 

Either way, you need to be in the "/data" folder where the index.sqlite3 resides to have this work (eventually...)

 

Also, didn't even need to change any environment variables (e.g. USER=archivebox) in my docker-compose.yml or .env file.

 

Restarted the container and the new login worked in the GUI.

 

Edited by FiddlyRumpus
removed check box?
  • Thanks 2

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...