Closed jason-wilson closed 1 year ago
After a lot of digging (sorry should have dug more) found a script as part of install called: /etc/cont-init.d/10-init-users.sh from the base image jlesage/baseimage-gui:alpine-3.16-v4.4.2 In this script there is this line: echo ${SUP_GROUP_IDS:-},${SUP_GROUP_IDS_INTERNAL:-} | tr ',' '\n' | grep -v '^$' | grep -v '^0$' | grep -vw "$GROUP_ID" | sort -nub | while read GID
Which does add to groups, unless the gid happens to be '0' - which in my case it is. If I instead try SUP_GROUP_IDS=42 (only other group available) then it works and app gets added to group and Crashplan runs with this group added.
Assume there a reason why gid of 0 is forbidden - will work out a different way to add to group
The ID 0
is the ID of root. root has access to everything and cannot be set as a supplementary group.
You can set the GROUP_ID
to 0
, but this is not really a good security practice.
Thanks for that - I know it was not ideal, but the volume I have mounted has the files group readable by group '0' and by a uid that mismatches other systems - adding gid 0 seemed an easier route then changing owners on multiple other Docker projects.
Oh well - will see what else I can do. Closing this as not a bug, deliberate design decision (maybe add to https://github.com/jlesage/docker-baseimage-gui/blob/master/README.md that cannot include 0 as a group id)
So instead of using SUP_GROUP_IDS
, you can use GROUP_ID
and set it to 0
, this should be equivalent to what you are trying to do.
Current Behavior
Setting SUP_GROUP_IDS in the docker environment, but does not seem to do anything
Expected Behavior
Expect the running application to be placed into the group. Possibly user 'app' gets added to /etc/group. Only references to SUP_GROUP_IDS I can find are in the README.md and in appdefs.yml - cannot see any references to this variable anywhere to see how it is trying to be setup/used.
Steps To Reproduce
Add SUP_GROUP_IDS=0 to docker-compose.yml
docker compose up -d
docker exec crashplantest-crashplan-pro-1 groups app
app
docker exec crashplantest-crashplan-pro-1 ps | grep CrashPlanService
695 app 0:29 /usr/local/crashplan/bin/CrashPlanService
docker exec crashplantest-crashplan-pro-1 grep Groups /proc/695/status
Groups:
Environment
Container creation
Using docker-compose.yml docker compose up -d
Container log
Container inspect
Anything else?
docker-compose.yml: version: '3'
services: crashplan-pro: image: jlesage/crashplan-pro