fzipi
commented
5 days ago Probably this one will fix this issue.
Closed xBounceIT closed 5 days ago
RedXanadu
commented
5 days ago Hi @xBounceIT
I think this is the same issue I ran into and reported on the CRS repo recently. It is a very annoying breaking change.
Try:
chmod o+w
on your logging directory and see if it helps?
xBounceIT
commented
5 days ago Hi @xBounceIT
I think this is the same issue I ran into and reported on the CRS repo recently. It is a very annoying breaking change.
Try:
chmod o+won your logging directory and see if it helps?
Yes this does fix the issue but now every user has rights to write in that directory. Might be a dumb question but isn't it the same as having the container running as root since apache alread runs as httpd?
RedXanadu
commented
5 days ago I think the containers are root-less now, or they run root-less, at least that is my understanding. I believe that is the cause of this problem in the first place.
I'm not a Docker expert, but I think you can use a non-bind mount volume type to get around this problem, if chmod o+w is not an acceptable solution. I think it's the simplicity of the bind mount that is creating the issue (although I personally like the simplicity of a bind mount as it previously always "just worked" and made it easy to access the log files.)
If that is also not a workable solution for you then please do shout here and the Docker image maintainers will have to come up with a more elegant / a permanent fix.
xBounceIT
commented
5 days ago I discovered that you can simply create a docker file and set the user to root
FROM owasp/modsecurity-crs:4.3.0-apache-202406090906
USER rootThis will keep Apache running as httpd but the container will be run by root, so no permissions problem. I also use it to also install mod evasive and upgrade the packages since apt-get requires root. I will close this issue
fzipi
commented
5 days ago The problem is that the user and group id of the files inside the container don't match the ones in the base host, hence you don't have access.
E.g. the user id is probably 1001 or 1002 and yours is different.
Hi,
i tried upgrading my docker container to version 4.3.0-apache from 3.3.5-apache and getting this error.
It is probably due to now being run as an unprivileged user but how can i fix this? I have tried everything but the container refuses to start.
This is the current volume configuration.
I aim to log apache access and error logs in /var/log/apache2/access.log and /var/log/apache2/error.log and the various virtualhosts in subfolders of /var/log/apache2 (like /var/log/apache2/vhost1/vhost1_access.log etc.)
Regards, Daniel D.