[Bug]: the connection to the admin account does not work with a docker installation

[jancelin]

What is the bug?

Hi I'm having problems with permission not allowing me to log in. Tested with lizmap-web-client 3.4 and 3.5 Here is the docker-compose part:

lizmap:
    image: 3liz/lizmap-web-client:3.5
    command: 
      - php-fpm
    environment:
      LIZMAP_WPS_URL: http://wps:8080/
      LIZMAP_CACHESTORAGETYPE: sqlite   
      LIZMAP_CACHEREDISDB: '1'
      LIZMAP_USER: '1010'
      LIZMAP_WMSSERVERURL: http://qgiserverS:8080/ows/
      LIZMAP_CACHEREDISHOST: redisS
      LIZMAP_ADMIN_LOGIN: admin
      LIZMAP_ADMIN_EMAIL: julien.ancelin@inrae.fr
      LIZMAP_ADMIN_DEFAULT_PASSWORD_SOURCE: __random
      LIZMAP_HOME: /srv/lizmap
    expose:
      - 9000
    volumes:
      - ./nextcloud/data/sig/files/lizmap:/srv/projects
      - ./lizmap_var/slp4/var/lizmap-theme-config:/www/lizmap/var/lizmap-theme-config
      - ./lizmap_var/slp4/var/lizmap-config:/www/lizmap/var/config
      - ./lizmap_var/slp4/var/lizmap-db:/www/lizmap/var/db
      - ./lizmap_var/slp4/www:/www/lizmap/www
      - ./lizmap_var/slp4/var/log/lizmap:/www/lizmap/var/log
      - ./lizmap_var/slp4/qgiscache:/tmp
    restart: unless-stopped    

The docker log response is Ok:

Updating configuration
Installation start..
[notice] Installation starts for the entry point index
All modules dependencies are ok
All modules are installed or upgraded for the entry point index
[notice] Installation starts for the entry point admin
All modules dependencies are ok
All modules are installed or upgraded for the entry point admin
[notice] Installation starts for the entry point script
All modules dependencies are ok
All modules are installed or upgraded for the entry point script
Installation ended.
admin: ?&EuVeN1u9
User successfully created.
[08-Jul-2021 08:16:46] NOTICE: fpm is running, pid 1
[08-Jul-2021 08:16:46] NOTICE: ready to handle connections

and the errors.log when I try to connect:

2021-07-08 10:17:21 138.102.221.176 warning 2021-07-08 10:17:21 [2] session_start(): open(/tmp/sess_8286u4hh746cujmsc8pei8b40b, O_RDWR) failed: Permission denied (13)  /www/lib/jelix/core/jSession.class.php  99

2021-07-08 10:17:21 138.102.221.176 warning 2021-07-08 10:17:21 [2] session_start(): Failed to read session data: files (path: )    /www/lib/jelix/core/jSession.class.php  99

2021-07-08 10:17:21 138.102.221.176 warning 2021-07-08 10:17:21 [2] session_start(): open(/tmp/sess_8286u4hh746cujmsc8pei8b40b, O_RDWR) failed: Permission denied (13)  /www/lib/jelix/core/jSession.class.php  99

2021-07-08 10:17:21 138.102.221.176 warning 2021-07-08 10:17:21 [2] session_start(): Failed to read session data: files (path: )    /www/lib/jelix/core/jSession.class.php  99

an idea to solve this problem?

Steps to reproduce the issue

lizmap:
    image: 3liz/lizmap-web-client:3.5
    command: 
      - php-fpm
    environment:
      LIZMAP_WPS_URL: http://wps:8080/
      LIZMAP_CACHESTORAGETYPE: sqlite   
      LIZMAP_CACHEREDISDB: '1'
      LIZMAP_USER: '1010'
      LIZMAP_WMSSERVERURL: http://qgiserverS:8080/ows/
      LIZMAP_CACHEREDISHOST: redisS
      LIZMAP_ADMIN_LOGIN: admin
      LIZMAP_ADMIN_EMAIL: julien.ancelin@inrae.fr
      LIZMAP_ADMIN_DEFAULT_PASSWORD_SOURCE: __random
      LIZMAP_HOME: /srv/lizmap
    expose:
      - 9000
    volumes:
      - ./nextcloud/data/sig/files/lizmap:/srv/projects
      - ./lizmap_var/slp4/var/lizmap-theme-config:/www/lizmap/var/lizmap-theme-config
      - ./lizmap_var/slp4/var/lizmap-config:/www/lizmap/var/config
      - ./lizmap_var/slp4/var/lizmap-db:/www/lizmap/var/db
      - ./lizmap_var/slp4/www:/www/lizmap/www
      - ./lizmap_var/slp4/var/log/lizmap:/www/lizmap/var/log
      - ./lizmap_var/slp4/qgiscache:/tmp
    restart: unless-stopped    

Lizmap version

3.4 & 3.5

QGIS desktop version

3.16.8

QGIS server version

3.20

Operating system

docker

Browsers

Firefox

Browsers version

89.0.2

Relevant log output

2021-07-08 10:17:21 138.102.221.176 warning 2021-07-08 10:17:21 [2] session_start(): open(/tmp/sess_8286u4hh746cujmsc8pei8b40b, O_RDWR) failed: Permission denied (13)  /www/lib/jelix/core/jSession.class.php  99

2021-07-08 10:17:21 138.102.221.176 warning 2021-07-08 10:17:21 [2] session_start(): Failed to read session data: files (path: )    /www/lib/jelix/core/jSession.class.php  99

2021-07-08 10:17:21 138.102.221.176 warning 2021-07-08 10:17:21 [2] session_start(): open(/tmp/sess_8286u4hh746cujmsc8pei8b40b, O_RDWR) failed: Permission denied (13)  /www/lib/jelix/core/jSession.class.php  99

2021-07-08 10:17:21 138.102.221.176 warning 2021-07-08 10:17:21 [2] session_start(): Failed to read session data: files (path: )    /www/lib/jelix/core/jSession.class.php  99

[dmarteau]

I never use __random for setting password: but I know that setting a passfile as LIZMAP_ADMIN_DEFAULT_PASSWORD_SOURCE works (used on infrastructure)

So that's probably a Lizmap bug

[jancelin]

@dmarteau even with a password file, Jelix won't let me in:

2021-07-08 12:38:06 138.102.217.118 warning 2021-07-08 12:38:06 [2] session_start(): open(/tmp/sess_8286u4hh746cujmsc8pei8b40b, O_RDWR) failed: Permission denied (13)  /www/lib/jelix/core/jSession.class.php  99

2021-07-08 12:38:06 138.102.217.118 warning 2021-07-08 12:38:06 [2] session_start(): Failed to read session data: files (path: )    /www/lib/jelix/core/jSession.class.php  99

[dmarteau]

It seems that the problem come from volume access permissions: make sure that the mounted volumes are not owned by 'root'

[jancelin]

yep! Docker automatically makes the directory and allocates them to the root.

sudo chown 1010:1010 ./my_volume/* solves problems

Thanks!

[jancelin]

we have fun at 3liz!

[dmarteau]

Docker automatically makes the directory and allocates them to the root.

FYI, always create mounted volumes with proper owner/permissions before lauching docker containers

[jancelin]

Docker automatically makes the directory and allocates them to the root.

FYI, always create mounted volumes with proper owner/permissions before lauching docker containers

Thanks @dmarteau