Unsure about the expected sequence at startup

[markNZed]

Hi, I'm using docker image accetto/ubuntu-vnc-xfce-firefox-g3 and it is unclear for me what the expected startup sequence is. The dockerfile should switch to the user headless at the end of the Dockerfile but does this mean all processes will run as user header? I am getting permission errors for /dockerstartup/vnc.log because that directory is owned by root. My assumption is that some things should be launched as root at startup but the desktop should be for the headless user but I do not see where this happens in the startup script. Thanks for any pointers!

[accetto]

Hello @markNZed,

thank you for your feedback. However, I'm a little bit confused and I'll need more iformation.

What actually happens? Are you able to start the container? If so, what is the output of the following test?

cd /home/headless
./tests/test-01.sh

It should look similar to this:

+ id
uid=1000(headless) gid=1000(headless) groups=1000(headless)
+ ls -l /etc/passwd /etc/group
-rw-r--r-- 1 root root  481 Feb 20 15:03 /etc/group
-rw-r--r-- 1 root root 1029 Feb 19 16:25 /etc/passwd
+ tail -n2 /etc/passwd
messagebus:x:101:101::/nonexistent:/usr/sbin/nologin
headless:x:1000:1000:Default:/home/headless:/bin/bash
+ tail -n2 /etc/group
messagebus:x:101:
headless:x:1000:
+ ls -ld /dockerstartup /home /home/headless
drwxr-xr-x 1 headless headless 4096 Feb 20 15:03 /dockerstartup
drwxr-xr-x 1 root     root     4096 Feb 19 16:25 /home
drwxr-xr-x 1 headless headless 4096 Feb 20 15:10 /home/headless
+ ls -l /dockerstartup
total 56
-rw-r--r-- 1 headless headless 3090 Mar 18  2021 help.rc
-rw-r--r-- 1 headless headless  433 Feb 20 15:03 novnc.log
-rw-r--r-- 1 headless headless 6721 Oct  4 12:41 parser.rc
-rwxr--r-- 1 headless headless  872 Feb 16 17:43 set_user_permissions.sh
-rwxr-xr-x 1 headless headless 4700 Feb 16 17:43 startup.sh
-rw-r--r-- 1 headless headless 3877 Feb 16 17:43 user_generator.rc
-rwxr--r-- 1 headless headless 5216 Feb 17 18:16 version_of.sh
-rwxr--r-- 1 headless headless 3336 Feb 17 18:16 version_sticker.sh
-rw-r--r-- 1 headless headless 1865 Feb 20 15:03 vnc.log
-rw-r--r-- 1 headless headless 4958 Feb 14 17:49 vnc_startup.rc
+ mkdir -p /home/headless/new-dir
+ touch /home/headless/new-file
+ ls -l /home/headless
total 56
drwxr-xr-x 1 headless headless 4096 Feb 19 16:25 Desktop
drwxr-xr-x 2 headless headless 4096 Feb 20 15:03 Documents
drwxr-xr-x 2 headless headless 4096 Feb 20 15:03 Downloads
drwxr-xr-x 2 headless headless 4096 Feb 20 15:03 Music
drwxr-xr-x 2 headless headless 4096 Feb 20 15:03 Pictures
drwxr-xr-x 2 headless headless 4096 Feb 20 15:03 Public
drwxr-xr-x 2 headless headless 4096 Feb 20 15:03 Templates
drwxr-xr-x 2 headless headless 4096 Feb 20 15:03 Videos
drwxr-xr-x 2 headless headless 4096 Feb 20 15:10 new-dir
-rw-r--r-- 1 headless headless    0 Feb 20 15:10 new-file
-rw-r--r-- 1 headless headless  185 Mar 18  2021 readme.md
-rw-r--r-- 1 headless headless 1364 Feb 20 15:10 test-01.log
drwxr-xr-x 1 headless headless 4096 Feb 19 16:25 tests

As you can see, the file /dockerstartup/vnc.log should belonng to the user headless:headless (1000:1000).

Or are you not able to start the container at all?

I've tested the images on WIndows/WSL and Linux/Debian and I did not have any similar problems yet.

Are you on a cloud?

Please provide more information about the use case and your environment.

About the startup sequence:

The script set_user_permissions.sh (see the Dockerfile) is executed in the build-time during the image building. The user at that time is root.

The startup script startup.sh calls the procedure generate_container_user (from the sourced file user_generator.rc. This happens in the run-time during the first container start.

One of the things that happen there is switching the ownership of files in selected folders. Notice the following code in the procedure generate_container_user:

chown -R "${user_id}:${group_id}" "${STARTUPDIR}" "${HOME}"

Does it answer your question?

If the file vnc.log still belongs to the root, then it could mean, that the startup script has failed or you've skipped it.

Regards, accetto

[markNZed]

Thanks for the clarifications. The /dockerstartup dir was owned by root. I created the files vnc.log and novnc.log set the positions and then things worked. I guess what happened is:

I ran docker which created a /home/headless directory and then I copied this and from then on mounted the /home/headless as a volume. But I guess the .initial_sudo_password file had already been deleted. Then after rebuilding the next time I ran the script user_generator.rc but

        ### make the newly created user the owner of the following folders including their content
        cat "${HOME}"/.initial_sudo_password | sudo -S chown -R "${user_id}:${group_id}" "${STARTUPDIR}" "${HOME}" 2>/dev/null

probably failed so the STARTUPDIR permissions did not allow for the creation of the log files.

One solution might be to add this in my Dockerfile extension:

RUN chown -R "${HEADLESS_USER_ID}:${HEADLESS_USER_ID}" "${STARTUPDIR}"

[accetto]

You're rigt, it should work. I'm glad you've solved it. Be sure I'll welcome your feedback also in the future. For example, I didn't have any time yet to test it on the cloud. ;-)

Btw, your feedback inspired me to bring back the posssibility to build images without noVNC. I expect to release the update in the next few days.