search

NinetailLabs / syncplay-server

Dockerfile for a syncplay server
https://store.docker.com/community/images/ninetaillabs/syncplay-server
The Unlicense
10 stars 17 forks source link

Please make UID and GID of the user editable #6

Closed Oliver3911 closed 3 years ago

Oliver3911 commented 3 years ago

Hello, is it possible to change the uid and gid of the user which is running syncplay-server in the container? e.g. via an docker -e parameter. I am trying to use this with a cert which is linked via a Volume. But the files are not owned from uid/gid 800, so they are not readable inside the container from the syncplay-server user. Changing the ownership of the cert files is not an option.

Log of Syncplay container

Welcome to Syncplay server, ver. 1.6.7
Error while loading the TLS certificates.
[Errno 13] Permission denied: '/etc/letsencrypt/live/example.org/privkey.pem'
TLS support is not enabled.

Permissions inside the container

/app/syncplay $ ls -la /etc/letsencrypt/live/example.org/
total 28
drwxr-xr-x    2 1000     1000          4096 Apr 11 09:25 .
drwxr-xr-x    3 root     root          4096 May 31 10:09 ..
lrwxrwxrwx    1 1000     1000            41 Apr 11 09:25 cert.pem
lrwxrwxrwx    1 1000     1000            42 Apr 11 09:25 chain.pem
lrwxrwxrwx    1 1000     1000            46 Apr 11 09:25 fullchain.pem
-rw-r--r--    1 1000     1000          7122 Apr 11 09:25 priv-fullchain-bundle.pem
lrwxrwxrwx    1 1000     1000            44 Apr 11 09:25 privkey.pem
-rw-------    1 1000     1000          5565 Apr 11 09:25 privkey.pfx

docker-compose.yml

[...]
syncplay:
    image: ninetaillabs/syncplay-server
    container_name: syncplay
    environment:
      - PORT=8999
      - TLS=/etc/letsencrypt/live/example.org
    volumes:
      - /etc/letsencrypt/live/example.org:/etc/letsencrypt/live/example.org:ro
    ports:
      - 8999:8999
    restart: unless-stopped
[...]

FYI I am using the linuxserver/SWAG Proxy to generate the certs and adding them to the syncplay-server as described here: https://github.com/linuxserver/docker-swag#using-certs-in-other-containers

DeadlyEmbrace commented 3 years ago

Unfortunately my skills in this regard is pretty much zero and I don't currently have the time to try and figure it out either. I might get time later, otherwise if someone submits a pull request to address the issue I'd be happy to accept one.

Duckle29 commented 3 years ago

can't you just create the container with the --user argument?

docker create ... --user 1001:1001 ...

DeadlyEmbrace commented 3 years ago

I will take a look and see what happens when I have some time.

Duckle29 commented 3 years ago

I will take a look and see what happens when I have some time.

Oh I meant the user deploying the container. Not for the image itself

Duckle29 commented 3 years ago

For example:

> docker create --name=syncplay --net=host --hostname=syncplay.example.com --user 1001:1001 -e PASSWORD=hunter2 -e PORT=8999 -e TLS=/certs -v /etc/ssl/syncplay:/certs ninetaillabs/syncplay-server
> docker start syncplay
> docker exec syncplay sh -c "id && hostname"
uid=1001 gid=1001
syncplay.example.com