Why is Caddy creating a file as root in my ocsp folder ?

[LeonardMeyer]

So I'm trying to backup some Docker volume data using Duplicacy. Most of my containers run with my user so I have no permissions issue. A problem arise when a file is created as root from one of my containers. Caddy is doing that for a specific file in his /data/caddy/ocsp folder and I want to understand why. See this excerpt from ls -la /data/caddy/ocsp :

-rwxrwxr-- 1 1000 1000 313 May 30 16:24 duplicati.sh1n0sh4.stream-cce56a39
-rw------- 1 root root 313 May 30 16:31 duplicacy.sh1n0sh4.stream-44c33e42
-rwxrwxr-- 1 1000 1000 503 May 29 12:48 portainer.sh1n0sh4.stream-41c43ab1
-rwxrwxr-- 1 1000 1000 503 May 29 00:01 portainer.sh1n0sh4.stream-bd29b72f

What are these files ? Why the duplicacy one the only in root ? For the record I tried deleting it and restarting the container. It just gets recreated.

This is the user of the container apparently (I actually don't know how it gets UID 1000 because I didn't pass it but that's what I wanted so... Cool)

/data/caddy/ocsp $ id
uid=1000 gid=0(root)

Note that this all works otherwise fine (HTTPS, reverse proxing and stuff). You can find all the relevant files here.

Thanks

[francislavoie]

Caddy runs as root in Docker because it needs to bind to low ports, which requires elevated permissions. You'll need to modify your Dockerfile if you don't want it to run as root. But it shouldn't matter what user the files are owned by as long as Caddy can manipulate them.

Somewhat a duplicate of https://github.com/caddyserver/caddy-docker/issues/104