Group permissions in Downloads changing to 100999

At certain points (that I have not narrowed down yet) during the container execution it changes the ~/Downloads directory to have permissions such as:

drwxrwxr-x  2 100999 100999       4096 May 18 05:56 dir/

I am not sure what could be causing this, as I would expect my compose.yml to be configured to avoid this. This also impacts the config directory which leads to other issues, such as failure to save log data or saveresume data.

compose.yml

services:
  qbittorrentvpn:
    image: trigus42/qbittorrentvpn:qbt4.4.5
    container_name: qbittorrentvpn
    volumes:
      - "${HOME}/Documents/qb-docker-cfg:/config"
      - "${HOME}/Downloads:/downloads"
      - "/media/mount-1:/output-1"
    environment:
      - DEBUG=yes
      - DOWNLOAD_DIR_CHOWN=yes
      - HEALTH_CHECK_TIMEOUT=20
      - LAN_NETWORK=10.0.0.0/24
      - PUID=${docker_puid}
      - PGID=${docker_pgid}
      - WEBUI_PASSWORD=adminadminpasswordpassword
      - VPN_ENABLED=yes
      - VPN_TYPE=openvpn
    ports:
      - 8080:8080
    cap_add:
      - NET_ADMIN
    sysctls:
      - net.ipv4.conf.all.src_valid_mark=1
    restart: unless-stopped
    devices:
      - "/dev/net/tun"

Note the docker log

qbittorrentvpn  | [s6-init] making user provided files available at /var/run/s6/etc...exited 0.
qbittorrentvpn  | [s6-init] ensuring user provided files have correct perms...exited 0.
qbittorrentvpn  | [fix-attrs.d] applying ownership & permissions fixes...
qbittorrentvpn  | [fix-attrs.d] done.
qbittorrentvpn  | [cont-init.d] executing container initialization scripts...
qbittorrentvpn  | [cont-init.d] 01-environment.sh: executing... 
qbittorrentvpn  | 2024-05-18 12:03:07 [INFO] LAN_NETWORK defined as '10.0.0.0/24'
qbittorrentvpn  | 2024-05-18 12:03:07 [DEBUG] Docker interface defined as eth0
qbittorrentvpn  | 2024-05-18 12:03:07 [DEBUG] Docker IP defined as 172.20.0.2
qbittorrentvpn  | 2024-05-18 12:03:07 [DEBUG] Docker netmask defined as 255.255.0.0
qbittorrentvpn  | 2024-05-18 12:03:07 [INFO] Docker network defined as 172.20.0.0/16
qbittorrentvpn  | 2024-05-18 12:03:07 [DEBUG] Default gateway defined as 172.20.0.1
qbittorrentvpn  | 2024-05-18 12:03:07 [INFO] PUID defined as 1000
qbittorrentvpn  | 2024-05-18 12:03:07 [INFO] PGID defined as 1000
qbittorrentvpn  | 2024-05-18 12:03:07 [INFO] An user with PUID 1000 does not exist, adding an user called 'qbittorrent' with PUID 1000
qbittorrentvpn  | 2024-05-18 12:03:07 [INFO] VPN_ENABLED defined as 'yes'
qbittorrentvpn  | 2024-05-18 12:03:07 [INFO] VPN_TYPE defined as 'openvpn'
qbittorrentvpn  | 2024-05-18 12:03:07 [WARNING] NAME_SERVERS not defined (via -e NAME_SERVERS), defaulting to CloudFlare and Google name servers
qbittorrentvpn  | 2024-05-18 12:03:07 [INFO] Adding 1.1.1.1 to resolv.conf
qbittorrentvpn  | 2024-05-18 12:03:07 [INFO] Adding 8.8.8.8 to resolv.conf
qbittorrentvpn  | 2024-05-18 12:03:07 [INFO] Adding 1.0.0.1 to resolv.conf
qbittorrentvpn  | 2024-05-18 12:03:07 [INFO] Adding 8.8.4.4 to resolv.conf
qbittorrentvpn  | [cont-init.d] 01-environment.sh: exited 0.
qbittorrentvpn  | [cont-init.d] 02-vpn.sh: executing... 
qbittorrentvpn  | 2024-05-18 12:03:07 [INFO] Choosen VPN config: 'us9570.nordvpn.com.udp1194.ovpn'
qbittorrentvpn  | 2024-05-18 12:03:07 [INFO] Using credentials from /config/openvpn/us9570.nordvpn.com.udp1194_credentials.conf
qbittorrentvpn  | dos2unix: converting file /config/openvpn/us9570.nordvpn.com.udp1194.ovpn to Unix format...
qbittorrentvpn  | 2024-05-18 12:03:07 [INFO] VPN remote line defined as '92.119.19.140 1194'
qbittorrentvpn  | 2024-05-18 12:03:07 [INFO] VPN_REMOTE defined as '92.119.19.140'
qbittorrentvpn  | 2024-05-18 12:03:07 [INFO] VPN_PORT defined as '1194'
qbittorrentvpn  | 2024-05-18 12:03:07 [INFO] VPN_PROTOCOL defined as 'udp'
qbittorrentvpn  | 2024-05-18 12:03:07 [INFO] VPN_DEVICE_TYPE defined as 'tun0'
qbittorrentvpn  | 2024-05-18 12:03:07 [INFO] Starting OpenVPN...
qbittorrentvpn  | --------------------
qbittorrentvpn  | 2024-05-18 12:03:07 DEPRECATED OPTION: --cipher set to 'AES-256-CBC' but missing in --data-ciphers (AES-256-GCM:AES-128-GCM). Future OpenVPN version will ignore --cipher for cipher negotiations. Add 'AES-256-CBC' to --data-ciphers or change --cipher 'AES-256-CBC' to --data-ciphers-fallback 'AES-256-CBC' to silence this warning.
qbittorrentvpn  | 2024-05-18 12:03:07 WARNING: file '/config/openvpn/us9570.nordvpn.com.udp1194_credentials.conf' is group or others accessible
qbittorrentvpn  | 2024-05-18 12:03:07 OpenVPN 2.5.6 x86_64-alpine-linux-musl [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [MH/PKTINFO] [AEAD] built on Mar 24 2022
qbittorrentvpn  | 2024-05-18 12:03:07 library versions: OpenSSL 1.1.1q  5 Jul 2022, LZO 2.10
qbittorrentvpn  | 2024-05-18 12:03:07 WARNING: --ping should normally be used with --ping-restart or --ping-exit
qbittorrentvpn  | 2024-05-18 12:03:07 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
qbittorrentvpn  | 2024-05-18 12:03:07 Outgoing Control Channel Authentication: Using 512 bit message hash 'SHA512' for HMAC authentication
qbittorrentvpn  | 2024-05-18 12:03:07 Incoming Control Channel Authentication: Using 512 bit message hash 'SHA512' for HMAC authentication
qbittorrentvpn  | 2024-05-18 12:03:07 TCP/UDP: Preserving recently used remote address: [AF_INET]92.119.19.140:1194
qbittorrentvpn  | 2024-05-18 12:03:07 Socket Buffers: R=[212992->212992] S=[212992->212992]
qbittorrentvpn  | 2024-05-18 12:03:07 UDP link local: (not bound)
qbittorrentvpn  | 2024-05-18 12:03:07 UDP link remote: [AF_INET]92.119.19.140:1194
qbittorrentvpn  | 2024-05-18 12:03:07 TLS: Initial packet from [AF_INET]92.119.19.140:1194, sid=cca57fda 650d0504
qbittorrentvpn  | 2024-05-18 12:03:07 VERIFY OK: depth=2, C=PA, O=NordVPN, CN=NordVPN Root CA
qbittorrentvpn  | 2024-05-18 12:03:07 VERIFY OK: depth=1, O=NordVPN, CN=NordVPN CA9
qbittorrentvpn  | 2024-05-18 12:03:07 VERIFY KU OK
qbittorrentvpn  | 2024-05-18 12:03:07 Validating certificate extended key usage
qbittorrentvpn  | 2024-05-18 12:03:07 ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication
qbittorrentvpn  | 2024-05-18 12:03:07 VERIFY EKU OK
qbittorrentvpn  | 2024-05-18 12:03:07 VERIFY X509NAME OK: CN=us9570.nordvpn.com
qbittorrentvpn  | 2024-05-18 12:03:07 VERIFY OK: depth=0, CN=us9570.nordvpn.com
qbittorrentvpn  | 2024-05-18 12:03:08 Control Channel: TLSv1.3, cipher TLSv1.3 TLS_AES_256_GCM_SHA384, peer certificate: 4096 bit RSA, signature: RSA-SHA512
qbittorrentvpn  | 2024-05-18 12:03:08 [us9570.nordvpn.com] Peer Connection Initiated with [AF_INET]92.119.19.140:1194
qbittorrentvpn  | 2024-05-18 12:03:09 SENT CONTROL [us9570.nordvpn.com]: 'PUSH_REQUEST' (status=1)
qbittorrentvpn  | 2024-05-18 12:03:09 PUSH: Received control message: 'PUSH_REPLY,redirect-gateway def1,dhcp-option DNS 103.86.96.100,dhcp-option DNS 103.86.99.100,explicit-exit-notify,comp-lzo no,route-gateway 10.100.0.1,topology subnet,ping 60,ping-restart 180,ifconfig 10.100.0.2 255.255.255.0,peer-id 0,cipher AES-256-GCM'
qbittorrentvpn  | 2024-05-18 12:03:09 OPTIONS IMPORT: timers and/or timeouts modified
qbittorrentvpn  | 2024-05-18 12:03:09 OPTIONS IMPORT: explicit notify parm(s) modified
qbittorrentvpn  | 2024-05-18 12:03:09 OPTIONS IMPORT: compression parms modified
qbittorrentvpn  | 2024-05-18 12:03:09 OPTIONS IMPORT: --ifconfig/up options modified
qbittorrentvpn  | 2024-05-18 12:03:09 OPTIONS IMPORT: route options modified
qbittorrentvpn  | 2024-05-18 12:03:09 OPTIONS IMPORT: route-related options modified
qbittorrentvpn  | 2024-05-18 12:03:09 OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified
qbittorrentvpn  | 2024-05-18 12:03:09 OPTIONS IMPORT: peer-id set
qbittorrentvpn  | 2024-05-18 12:03:09 OPTIONS IMPORT: adjusting link_mtu to 1657
qbittorrentvpn  | 2024-05-18 12:03:09 OPTIONS IMPORT: data channel crypto options modified
qbittorrentvpn  | 2024-05-18 12:03:09 Data Channel: using negotiated cipher 'AES-256-GCM'
qbittorrentvpn  | 2024-05-18 12:03:09 Outgoing Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
qbittorrentvpn  | 2024-05-18 12:03:09 Incoming Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
qbittorrentvpn  | 2024-05-18 12:03:09 ROUTE_GATEWAY 172.20.0.1/255.255.0.0 IFACE=eth0 HWADDR=02:42:ac:14:00:02
qbittorrentvpn  | 2024-05-18 12:03:09 TUN/TAP device tun0 opened
qbittorrentvpn  | 2024-05-18 12:03:09 /sbin/ip link set dev tun0 up mtu 1500
qbittorrentvpn  | 2024-05-18 12:03:09 /sbin/ip link set dev tun0 up
qbittorrentvpn  | 2024-05-18 12:03:09 /sbin/ip addr add dev tun0 10.100.0.2/24
qbittorrentvpn  | 2024-05-18 12:03:09 /helper/resume-after-connect tun0 1500 1585 10.100.0.2 255.255.255.0 init
qbittorrentvpn  | --------------------
qbittorrentvpn  | 2024-05-18 12:03:09 /sbin/ip route add 92.119.19.140/32 via 172.20.0.1
qbittorrentvpn  | 2024-05-18 12:03:09 /sbin/ip route add 0.0.0.0/1 via 10.100.0.1
qbittorrentvpn  | 2024-05-18 12:03:09 /sbin/ip route add 128.0.0.0/1 via 10.100.0.1
qbittorrentvpn  | [cont-init.d] 02-vpn.sh: exited 0.
qbittorrentvpn  | 2024-05-18 12:03:09 WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
qbittorrentvpn  | 2024-05-18 12:03:09 Initialization Sequence Completed
qbittorrentvpn  | [cont-init.d] 03-network.sh: executing... 
qbittorrentvpn  | 2024-05-18 12:03:09 [INFO] Adding 10.0.0.0/24 as route via docker eth0
qbittorrentvpn  | 2024-05-18 12:03:09 [DEBUG] 'main' routing table defined as follows...
qbittorrentvpn  | --------------------
qbittorrentvpn  | 0.0.0.0/1 via 10.100.0.1 dev tun0 
qbittorrentvpn  | default via 172.20.0.1 dev eth0 
qbittorrentvpn  | 10.0.0.0/24 via 172.20.0.1 dev eth0 
qbittorrentvpn  | 10.100.0.0/24 dev tun0 proto kernel scope link src 10.100.0.2 
qbittorrentvpn  | 92.119.19.140 via 172.20.0.1 dev eth0 
qbittorrentvpn  | 128.0.0.0/1 via 10.100.0.1 dev tun0 
qbittorrentvpn  | 172.20.0.0/16 dev eth0 proto kernel scope link src 172.20.0.2 
qbittorrentvpn  | --------------------
qbittorrentvpn  | 2024-05-18 12:03:09 [DEBUG] ip rules defined as follows...
qbittorrentvpn  | --------------------
qbittorrentvpn  | 0:from all lookup local
qbittorrentvpn  | 32766:from all lookup main
qbittorrentvpn  | 32767:from all lookup default
qbittorrentvpn  | --------------------
qbittorrentvpn  | 2024-05-18 12:03:09 [DEBUG] iptables table 'filter' defined as follows...
qbittorrentvpn  | --------------------
qbittorrentvpn  | -P INPUT DROP
qbittorrentvpn  | -P FORWARD ACCEPT
qbittorrentvpn  | -P OUTPUT DROP
qbittorrentvpn  | -A INPUT -i tun0 -m comment --comment "Accept input from tunnel adapter" -j ACCEPT
qbittorrentvpn  | -A INPUT -s 172.20.0.0/16 -d 172.20.0.0/16 -m comment --comment "Accept input from internal Docker network" -j ACCEPT
qbittorrentvpn  | -A INPUT -s 92.119.19.140/32 -i eth0 -p udp -m udp --sport 1194 -m comment --comment "Accept input of VPN gateway" -j ACCEPT
qbittorrentvpn  | -A INPUT -i eth0 -p tcp -m tcp --dport 8080 -m comment --comment "Accept input to qBittorrent webui port" -j ACCEPT
qbittorrentvpn  | -A INPUT -i lo -m comment --comment "Accept input to internal loopback" -j ACCEPT
qbittorrentvpn  | -A OUTPUT -o tun0 -m comment --comment "Accept output to tunnel adapter" -j ACCEPT
qbittorrentvpn  | -A OUTPUT -s 172.20.0.0/16 -d 172.20.0.0/16 -m comment --comment "Accept output to internal Docker network" -j ACCEPT
qbittorrentvpn  | -A OUTPUT -d 92.119.19.140/32 -o eth0 -p udp -m udp --dport 1194 -m comment --comment "Accept output of VPN gateway" -j ACCEPT
qbittorrentvpn  | -A OUTPUT -o eth0 -p tcp -m tcp --sport 8080 -m comment --comment "Accept output from qBittorrent webui port" -j ACCEPT
qbittorrentvpn  | -A OUTPUT -o lo -m comment --comment "Accept output from internal loopback" -j ACCEPT
qbittorrentvpn  | --------------------
qbittorrentvpn  | 2024-05-18 12:03:09 [DEBUG] iptables table 'mangle' defined as follows...
qbittorrentvpn  | --------------------
qbittorrentvpn  | -P PREROUTING ACCEPT
qbittorrentvpn  | -P INPUT ACCEPT
qbittorrentvpn  | -P FORWARD ACCEPT
qbittorrentvpn  | -P OUTPUT ACCEPT
qbittorrentvpn  | -P POSTROUTING ACCEPT
qbittorrentvpn  | --------------------
qbittorrentvpn  | [cont-init.d] 03-network.sh: exited 0.
qbittorrentvpn  | [cont-init.d] 04-qbittorrent-setup.sh: executing... 
qbittorrentvpn  | 2024-05-18 12:03:09 [WARNING] ENABLE_SSL is set to , SSL is not enabled. This could cause issues with logging if other apps use the same Cookie name (SID).
qbittorrentvpn  | 2024-05-18 12:03:09 [WARNING] If you manage the SSL config yourself, you can ignore this.
qbittorrentvpn  | 2024-05-18 12:03:09 [WARNING] UMASK not defined (via -e UMASK), defaulting to '002'
qbittorrentvpn  | [cont-init.d] 04-qbittorrent-setup.sh: exited 0.
qbittorrentvpn  | [cont-init.d] 05-install.sh: executing... 
qbittorrentvpn  | [cont-init.d] 05-install.sh: exited 0.
qbittorrentvpn  | [cont-init.d] done.
qbittorrentvpn  | [services.d] starting services
qbittorrentvpn  | 2024-05-18 12:03:09 [INFO] Log file /config/qBittorrent/data/logs/qbittorrent.log doesn't exist. Creating it...
qbittorrentvpn  | [services.d] done.
qbittorrentvpn  | 2024-05-18 12:03:09 [INFO] Logfile created. Logging to /config/qBittorrent/data/logs/qbittorrent.log
qbittorrentvpn  | 2024-05-18 12:03:09 [INFO] Trying to ping 1.1.1.1 and 8.8.8.8 over the docker interface for 500ms each...
qbittorrentvpn  | Terminated
qbittorrentvpn  | Terminated
qbittorrentvpn  | 2024-05-18 12:03:11 [INFO] Success: Could not connect. This means the firewall is most likely working properly.
qbittorrentvpn  | 2024-05-18 12:03:11 [INFO] qBittorrent started with PID 486
qbittorrentvpn  | 2024-05-18 12:03:11 [INFO] HEALTH_CHECK_HOST is not set. Using default host one.one.one.one
qbittorrentvpn  | 2024-05-18 12:03:11 [INFO] HEALTH_CHECK_INTERVAL is not set. Using default interval of 5s
qbittorrentvpn  | 2024-05-18 12:03:17 AEAD Decrypt error: cipher final failed

Note the following lines from the log:

qbittorrentvpn  | 2024-05-18 12:03:07 [INFO] PUID defined as 1000
qbittorrentvpn  | 2024-05-18 12:03:07 [INFO] PGID defined as 1000
qbittorrentvpn  | 2024-05-18 12:03:07 [INFO] An user with PUID 1000 does not exist, adding an user called 'qbittorrent' with PUID 1000

Trigus42 / alpine-qbittorrentvpn

Group permissions in Downloads changing to 100999 #69