search

bugy / script-server

Web UI for your scripts with execution management
Other
1.52k stars 244 forks source link

Feature Request: UID/GID for docker #661

Closed kdrobnyh closed 1 year ago

kdrobnyh commented 1 year ago

Is it possible to allow custom setup for UID/GID in a docker container? E.g., linuxserver.io uses these. I just tried a rootless docker with a custom user, got a lot of permission denied errors (can't create logs, temp, schedules folders).

bugy commented 1 year ago

Hi @kdrobnyh I expect docker --user to work, according to this article https://medium.com/redbubble/running-a-docker-container-as-a-non-root-user-7d2e00f8ee15

Could it be, that you ran a docker container using root privileges, and then you ran the docker container with your own user, but on the same shared files?

kdrobnyh commented 1 year ago

@bugy, thanks for the quick response! No, it's not possible. I believe the reason is that /app and /app/conf folders are not writable for non-root user (/app has 755, /app/conf has 775 permissions). And when I run the container using --user UID:GID, this user does not have write access there.

bugy commented 1 year ago

Got it, thank you. Unfortunately, I won't be able to work on this feature in the nearest future. If you want/have time, feel free to create a pull request for it.

MNeill73 commented 1 year ago

@bugy, thanks for the quick response! No, it's not possible. I believe the reason is that /app and /app/conf folders are not writable for non-root user (/app has 755, /app/conf has 775 permissions). And when I run the container using --user UID:GID, this user does not have write access there.

@kdrobnyh - which installation are you using? You may be able to compose filesystem permission overrides into the container, so that user permissions do work.

kdrobnyh commented 1 year ago

@MNeill73, that was actually helpful, thank you! My usecase: I want to be able to call scripts on the host system from a docker container (script-server) and looks like the easiest way to do it is to ssh to the host and call a script. And ssh does not work without an explicitly created user inside of the docker container. Solution: For now I decided to build a docker image on top of script-server. Dockerfile:

FROM bugy/script-server:latest
ARG UNAME=noroot
ARG UID=1000
ARG GID=1000
RUN apt-get update && apt-get install -y openssh-client
RUN groupadd -g $GID -o $UNAME
RUN useradd -d /app/home -m -u $UID -g $GID -s /bin/bash $UNAME
RUN chown $UID:$GID /app
RUN chown $UID:$GID /app/conf
RUN chmod -R o+r /app/src
USER $UNAME

docker-compose.yml:

version: "3.6"
services:
  scriptserver:
    build:
      context: .
      args:
        UID: 1200
        GID: 1200
    container_name: scriptserver
    volumes:
      - "./config.json:/app/conf/conf.json"
      - "./runners:/app/conf/runners"
      - "./scripts:/app/scripts"
      - "./ssh:/app/home/.ssh"
    ports:
      - 8000:8000
    networks:
      - scriptserver
    extra_hosts:
      - "host.docker.internal:host-gateway"
    restart: unless-stopped
networks:
  scriptserver:
    driver: bridge

I'd just close the issue and leave my solution here for possible future references.