search

buanet / ioBroker.docker

Official Docker Image for ioBroker
https://www.iobroker.net
MIT License
196 stars 70 forks source link

[Problem]: /opt/scripts/maintenance.sh: line 84: /opt/.docker_config/.healthcheck: Permission denied #396

Closed viceice closed 10 months ago

viceice commented 10 months ago

Description / Beschreibung

Trying to enable maintenance mode as user iobroker and get this error:

> maintenance on
You are now going to stop ioBroker and activate maintenance mode for this container.
Do you want to continue [yes/no]? yes
Activating maintenance mode...
/opt/scripts/maintenance.sh: line 84: /opt/.docker_config/.healthcheck: Permission denied

Image version

v9.0.1

Docker logs / Docker Protokoll

--------------------------------------------------------------------------------
-------------------------     2023-11-01 21:07:18      -------------------------
--------------------------------------------------------------------------------
-----                                                                      -----
----- ██╗  ██████╗  ██████╗  ██████╗   ██████╗  ██╗  ██╗ ███████╗ ██████╗  -----
----- ██║ ██╔═══██╗ ██╔══██╗ ██╔══██╗ ██╔═══██╗ ██║ ██╔╝ ██╔════╝ ██╔══██╗ -----
----- ██║ ██║   ██║ ██████╔╝ ██████╔╝ ██║   ██║ █████╔╝  █████╗   ██████╔╝ -----
----- ██║ ██║   ██║ ██╔══██╗ ██╔══██╗ ██║   ██║ ██╔═██╗  ██╔══╝   ██╔══██╗ -----
----- ██║ ╚██████╔╝ ██████╔╝ ██║  ██║ ╚██████╔╝ ██║  ██╗ ███████╗ ██║  ██║ -----
----- ╚═╝  ╚═════╝  ╚═════╝  ╚═╝  ╚═╝  ╚═════╝  ╚═╝  ╚═╝ ╚══════╝ ╚═╝  ╚═╝ -----
-----                                                                      -----
-----              Welcome to your ioBroker Docker container!              -----
-----                    Startupscript is now running!                     -----
-----                          Please be patient!                          -----
--------------------------------------------------------------------------------

--------------------------------------------------------------------------------
-----                          System Information                          -----
-----                    arch:                x86_64                       -----
-----                    hostname:            iobroker-master-0            -----
-----                                                                      -----
-----                          Version Information                         -----
-----                    image:               v9.0.1                       -----
-----                    build:               2023-10-26T23:44:44+00:00    -----
-----                    node:                v18.18.2                     -----
-----                    npm:                 9.8.1                        -----
-----                                                                      -----
-----                        Environment Variables                         -----
-----                    PERMISSION_CHECK:    false                        -----
-----                    SETGID:              1000                         -----
-----                    SETUID:              1000                         -----
--------------------------------------------------------------------------------

--------------------------------------------------------------------------------
-----                   Step 1 of 5: Preparing container                   -----
--------------------------------------------------------------------------------

Updating Linux packages on first run... Done.

Registering maintenance script as command... Done.

--------------------------------------------------------------------------------
-----             Step 2 of 5: Detecting ioBroker installation             -----
--------------------------------------------------------------------------------

Existing installation of ioBroker detected in "/opt/iobroker".

--------------------------------------------------------------------------------
-----             Step 3 of 5: Checking ioBroker installation              -----
--------------------------------------------------------------------------------

Replacing ioBroker executable to fix sudo bug... Done.

PERMISSION_CHECK is set to false. Use this at your own risk!

Checking Database connection... Done.

Hostname in ioBroker matches the hostname of this container.
No action required.

--------------------------------------------------------------------------------
-----                Step 4 of 5: Applying special settings                -----
--------------------------------------------------------------------------------

Some adapters have special requirements/ settings which can be activated by the use of environment variables.
For more information see ioBroker Docker Image Docs (https://docs.buanet.de/iobroker-docker-image/docs/).

Userscript for first start detected and this is the first start of a new container.
Running userscript_firststart.sh... 
Done.

--------------------------------------------------------------------------------
-----                    Step 5 of 5: ioBroker startup                     -----
--------------------------------------------------------------------------------

Starting ioBroker...
viceice commented 10 months ago

Workaround is running this as root before switching to iobroker user:

> chown -R iobroker /opt/.docker_config/
buanet commented 10 months ago

PERMISSION_CHECK is set to false. Use this at your own risk!

This is what the permission check is doing... It's not a general problem...

image

See https://github.com/buanet/ioBroker.docker/blob/ce37c61c60d9b7a0a852032bccbdb46d4a759f2b/debian12/scripts/iobroker_startup.sh#L239

# (Re)Setting permissions to "/opt/iobroker" and "/opt/scripts" 
if [[ "$permissioncheck" == "false" ]]; then
  echo "PERMISSION_CHECK is set to false. Use this at your own risk!"
else
  echo -n "(Re)setting permissions (This might take a while! Please be patient!)... "
    chown -R "$setuid":"$setgid" /opt/iobroker
    chown -R "$setuid":"$setgid" /opt/scripts
    chown -R "$setuid":"$setgid" /opt/.docker_config
  echo "Done."
fi
buanet commented 10 months ago

As long as you use PERMISSION_CHECK=false you have to make sure to correct the permissions by yourself. The other solution would be to remove the possibility to disable the permission check/ resetting of permissions.

Regards, André

viceice commented 10 months ago

ok, thanks. I disabled permission check because of the slowness on nfs.