After each container restart permissions on config,db,log are reset

mdijkens commented 7 months ago

Is there an existing issue for this?

[X] I have searched the existing open and closed issues and I checked the docs https://github.com/jokob-sk/NetAlertX/tree/main/docs

Current Behavior

Since migrated to NetAlertX and changed my docker-compose.yaml to use app/ after every docker-restart the permissions on folders db,config,log are reset to only 'Unknown: 101 Allow Custom' and 'Unknown: 82 Allow Read' (running on Synology) Although this does work for NetAlertX to run perfectly fine, my backup scripts cannot access the folders db,config,log anymore. When I add backup-user with read permission to the folders, these permissions are removed when container restarts

Expected Behavior

When restarting container (on Synology) I expect the permissions on config/db/log are retained

Steps To Reproduce

restart container and try to access config,db,log with other user

app.conf

#-----------------AUTOGENERATED FILE-----------------#
#                                                    #
#         Generated:  2024-04-06_12-15-05            #
#                                                    #
#   Config file for the LAN intruder detection app:  #
#      https://github.com/jokob-sk/Pi.Alert          #
#                                                    #
#-----------------AUTOGENERATED FILE-----------------#

# General
#---------------------------
LOG_LEVEL='minimal'
LOG_LEVEL__metadata="{}"
TIMEZONE='Europe/Amsterdam'
TIMEZONE__metadata="{}"
PLUGINS_KEEP_HIST=250
PLUGINS_KEEP_HIST__metadata="{}"
PIALERT_WEB_PROTECTION=True
PIALERT_WEB_PROTECTION__metadata="{}"
PIALERT_WEB_PASSWORD='....'
PIALERT_WEB_PASSWORD__metadata="{}"
REPORT_DASHBOARD_URL='http://...'
REPORT_DASHBOARD_URL__metadata="{}"
UI_LANG='English'
UI_LANG__metadata="{}"
UI_PRESENCE=['online','offline','archived']
UI_PRESENCE__metadata="{}"
UI_MY_DEVICES=['online','offline','archived','new','down']
UI_MY_DEVICES__metadata="{}"
UI_NOT_RANDOM_MAC=[]
UI_NOT_RANDOM_MAC__metadata="{}"
DAYS_TO_KEEP_EVENTS=90
DAYS_TO_KEEP_EVENTS__metadata="{}"
HRS_TO_KEEP_NEWDEV=0
HRS_TO_KEEP_NEWDEV__metadata="{}"
API_CUSTOM_SQL='SELECT * FROM Devices'
API_CUSTOM_SQL__metadata="{}"
NETWORK_DEVICE_TYPES=['AP','Gateway','Firewall','Hypervisor','Powerline','Switch','WLAN','PLC','Router','USB LAN Adapter','USB WIFI Adapter','Internet']
NETWORK_DEVICE_TYPES__metadata="{}"

docker-compose.yml

version: "3.9"
services:
  pialert:
    container_name: pialert
    image: "jokobsk/pi.alert:latest"      
    network_mode: "host"        
    restart: on-failure:5
    healthcheck:
      test: curl -f http://???/ || exit 1
    mem_limit: 2g
    cpu_shares: 768
    volumes:
      - /volume1/docker/pialert/config:/app/config:rw
      - /volume1/docker/pialert/db:/app/db:rw
      - /volume1/docker/pialert/logs:/app/front/log:rw
    environment:
      - TZ=Europe/Amsterdam      
      - HOST_USER_ID=1034
      - HOST_USER_GID=100
      - PORT=???

What branch are you running?

Production

app.log

10:09:29 [MAIN] Setting up ... 10:09:29 [conf.tz] Setting up ... 10:09:29

10:09:29 The container restarted (started). If this is unexpected check https://bit.ly/NetAlertX_debug for troubleshooting tips. 10:09:29

10:09:29 Permissions check (All should be True) 10:09:29 ------------------------------------------------ 10:09:29 /config/app.conf | READ | True 10:09:29 /config/app.conf | WRITE | True 10:09:29 /db/app.db | READ | True 10:09:29 /db/app.db | WRITE | True 10:09:29 ------------------------------------------------ 10:09:29 [Setup] Attempting to fix permissions. 10:09:29 [Setup] Attempting to fix permissions. 10:09:29 [Database] Opening DB 10:09:31 [upgradeDB] Adding dev_Network_Node_MAC_ADDR to the Devices table 10:09:31 [upgradeDB] Adding dev_Network_Node_port to the Devices table 10:09:31 [upgradeDB] Adding dev_Icon to the Devices table 10:09:31 [upgradeDB] Re-creating Settings table 10:09:31 [upgradeDB] Re-creating Pholus_Scan table 10:09:32 [upgradeDB] Re-creating Parameters table 10:09:37 [Version check] Running the latest version. 10:09:38 [Config] reading config file 10:09:38 [Config] Plugins: Number of dynamically loaded plugins: 29 10:09:38 [Plugin utils] --------------------------------------------- 10:09:38 [Plugin utils] display_name: Apprise publisher 10:09:38 [Plugin utils] description: A plugin to publish a notification via the Apprise gateway. 10:09:51 [Plugin utils] --------------------------------------------- 10:09:51 [Plugin utils] display_name: Email publisher (SMTP) 10:09:51 [Plugin utils] description: A plugin to publish a notification via Email (SMTP) gateway. 10:10:12 [Plugin utils] --------------------------------------------- 10:10:12 [Plugin utils] display_name: MQTT publisher 10:10:12 [Plugin utils] description: A plugin to publish a notification via the Apprise gateway. 10:10:34 [Plugin utils] --------------------------------------------- 10:10:34 [Plugin utils] display_name: NTFY publisher 10:10:34 [Plugin utils] description: A plugin to publish a notification via the NTFY gateway. 10:10:49 [Plugin utils] --------------------------------------------- 10:10:49 [Plugin utils] display_name: Pushover publisher 10:10:49 [Plugin utils] description: A plugin to publish a notification via the pushover.net 10:11:01 [Plugin utils] --------------------------------------------- 10:11:01 [Plugin utils] display_name: Pushsafer publisher 10:11:01 [Plugin utils] description: A plugin to publish a notification via the Pushsafer gateway. 10:11:14 [Plugin utils] --------------------------------------------- 10:11:14 [Plugin utils] display_name: Webhook publisher 10:11:14 [Plugin utils] description: A plugin to publish a notification via Webhooks. 10:11:29 [Plugin utils] --------------------------------------------- 10:11:29 [Plugin utils] display_name: Arp-Scan (Network scan) 10:11:29 [Plugin utils] description: This plugin is to execute an arp-scan on the local network 10:11:50 [Plugin utils] --------------------------------------------- 10:11:50 [Plugin utils] display_name: CSV backup 10:11:50 [Plugin utils] description: A plugin to auto-generate devices.csv backups. 10:12:02 [Plugin utils] --------------------------------------------- 10:12:02 [Plugin utils] display_name: DB cleanup 10:12:02 [Plugin utils] description: A plugin to schedule database cleanup & upkeep tasks. 10:12:10 [Plugin utils] --------------------------------------------- 10:12:10 [Plugin utils] display_name: DDNS update 10:12:10 [Plugin utils] description: A plugin update the DDNS record. 10:12:29 [Plugin utils] --------------------------------------------- 10:12:29 [Plugin utils] display_name: DHCP Leases (Device import) 10:12:29 [Plugin utils] description: This plugin is to import devices from dhcp.leases files. 10:12:52 [Plugin utils] --------------------------------------------- 10:12:52 [Plugin utils] display_name: Rogue DHCP 10:12:52 [Plugin utils] description: This plugin is to use NMAP to monitor for rogue DHCP servers. 10:13:08 [Plugin utils] --------------------------------------------- 10:13:08 [Plugin utils] display_name: Internet-Check 10:13:08 [Plugin utils] description: A plugin to check your internet connectivity and IP. 10:13:24 [Plugin utils] --------------------------------------------- 10:13:24 [Plugin utils] display_name: Internet speedtest 10:13:24 [Plugin utils] description: A plugin to perform a scheduled internet speedtest. 10:13:48 [Plugin utils] --------------------------------------------- 10:13:48 [Plugin utils] display_name: Maintenance 10:13:48 [Plugin utils] description: A plugin for maintenance tasks. 10:13:55 [Plugin utils] --------------------------------------------- 10:13:55 [Plugin utils] display_name: New Devices 10:13:55 [Plugin utils] description: The template used for new devices. 10:14:12 [Plugin utils] --------------------------------------------- 10:14:12 [Plugin utils] display_name: Services & Ports (NMAP) 10:14:12 [Plugin utils] description: This plugin shows all services discovered by NMAP scans. 10:14:27 [Plugin utils] --------------------------------------------- 10:14:27 [Plugin utils] display_name: Notification Processing 10:14:27 [Plugin utils] description: A plugin to for advanced notification processing. 10:14:30 [Plugin utils] --------------------------------------------- 10:14:30 [Plugin utils] display_name: NSLOOKUP (Name discovery) 10:14:30 [Plugin utils] description: A plugin to discover device names. 10:14:41 [Plugin utils] --------------------------------------------- 10:14:41 [Plugin utils] display_name: Pholus (Name discovery) 10:14:41 [Plugin utils] description: This plugin is to execute a Pholus (name discovery) on the local network 10:14:54 [Plugin utils] --------------------------------------------- 10:14:54 [Plugin utils] display_name: PiHole (Device sync) 10:14:54 [Plugin utils] description: This plugin syncs devices from the PiHole database 10:15:04 [Plugin utils] --------------------------------------------- 10:15:04 [Plugin utils] display_name: Set password 10:15:04 [Plugin utils] description: A simple plugin to set the web ui password on app start. 10:15:09 [Plugin utils] --------------------------------------------- 10:15:09 [Plugin utils] display_name: SNMP discovery 10:15:09 [Plugin utils] description: This plugin is used to discover devices via the arp table(s) of a RFC1213 compliant router or switch. 10:15:25 [Plugin utils] --------------------------------------------- 10:15:25 [Plugin utils] display_name: Un-Discoverable Devices 10:15:25 [Plugin utils] description: This plugin is to import undiscoverable devices from a file. 10:15:47 [Plugin utils] --------------------------------------------- 10:15:47 [Plugin utils] display_name: UniFi import 10:15:47 [Plugin utils] description: This plugin is used to import devices from an UNIFI controller. 10:16:18 [Plugin utils] --------------------------------------------- 10:16:18 [Plugin utils] display_name: Vendor update 10:16:18 [Plugin utils] description: A plugin to schedule vendor database updates for mac based vendor resolution. 10:16:35 [Plugin utils] --------------------------------------------- 10:16:35 [Plugin utils] display_name: Website monitor 10:16:35 [Plugin utils] description: This plugin is to monitor status changes of services or websites. 10:16:54 [Plugin utils] --------------------------------------------- 10:16:54 [Plugin utils] display_name: Workflows 10:16:54 [Plugin utils] description: A plugin to adjust behavior of workflows. 10:19:01 [API] Updating table_settings.json file in /front/api 10:19:01 [Config] Imported new config 10:19:01 [API] Updating table_appevents.json file in /front/api 10:19:01 [API] Updating table_devices.json file in /front/api 10:19:01 [API] Updating table_events_pending_alert.json file in /front/api 10:19:01 [API] Updating table_plugins_events.json file in /front/api 10:19:01 [API] Updating table_plugins_history.json file in /front/api 10:19:01 [API] Updating table_plugins_objects.json file in /front/api 10:19:01 [API] Updating table_plugins_language_strings.json file in /front/api 10:19:01 [Database] - SQL ERROR: no such table: Notifications 10:19:01 [API] Updating table_notifications.json file in /front/api 10:19:01 [API] Updating table_custom_endpoint.json file in /front/api 10:19:01 [Plugin utils] --------------------------------------------- 10:19:01 [Plugin utils] display_name: Arp-Scan (Network scan) 10:19:01 [Plugins] Executing: python3 /app/front/plugins/arp_scan/script.py userSubnets={subnets} 10:19:01 [ARP Scan] In script 10:19:01 [ARP Scan] values.userSubnets: ["userSubnets=b'???'"] 10:19:01 [ARP Scan] userSubnetsParamBase64: '???' 10:19:01 [ARP Scan] userSubnetsParam: 192.168.1.0/24 --interface=eth1 10:19:01 [Database] Opening DB 10:19:13 [ARP Scan] arpscan_output: Interface: eth1, type: EN10MB, MAC: 0???, IPv4: ??? Starting arp-scan 1.10.0 with 256 hosts (https://github.com/royhills/arp-scan)

0 packets received by filter, 0 packets dropped by kernel Ending arp-scan 1.10.0: 256 hosts scanned in 11.167 seconds (22.92 hosts/sec). 0 responded

10:19:13 [ARP Scan] Found: Devices without duplicates 0 10:19:13 Devices List len:0 10:19:13 Devices List:[] 10:19:13 [Plugins] No output received from the plugin ARPSCAN - enable LOG_LEVEL=debug and check logs 10:19:13 [Plugin utils] --------------------------------------------- 10:19:13 [Plugin utils] display_name: Internet-Check 10:19:13 [Plugins] Executing: python3 /app/front/plugins/internet_ip/script.py prev_ip={prev_ip} INTRNT_DIG_GET_IP_ARG={INTRNT_DIG_GET_IP_ARG} 10:19:13 [INTRNT] In script 10:19:13 [INTRNT] INTRNT_DIG_GET_IP_ARG: -4 myip.opendns.com @resolver1.opendns.com 10:19:13 [INTRNT] - Retrieving Internet IP 10:19:13 [INTRNT] DIG result : ???

10:19:13 [INTRNT] Current internet_IP : ??? 10:19:13 [INTRNT] previous_IP : 0.0.0.0 10:19:13 [INTRNT] Finished 10:19:13 [Plugins] SUCCESS, received 1 entries 10:19:14 [API] Updating table_appevents.json file in /front/api 10:19:14 [API] Updating table_plugins_events.json file in /front/api 10:19:14 [API] Updating table_plugins_history.json file in /front/api 10:19:14 [API] Updating table_plugins_objects.json file in /front/api 10:19:14 [Process Scan] Processing scan results 10:19:15 [Process Scan] Print Stats 10:19:15 [Scan Stats] Devices Detected.......: 2 10:19:15 [Scan Stats] New Devices............: 1 10:19:15 [Scan Stats] Down Alerts............: 0 10:19:15 [Scan Stats] New Down Alerts........: 0 10:19:15 [Scan Stats] New Connections........: 0 10:19:15 [Scan Stats] Disconnections.........: 0 10:19:15 [Scan Stats] IP Changes.............: 1 10:19:15 [Scan Stats] Scan Method Statistics: 10:19:15 INTRNT: 1 10:19:15 local_MAC: 1 10:19:15 [Process Scan] Stats end 10:19:15 [Process Scan] Sessions Events (connect / discconnect) 10:19:15 [Process Scan] Creating new devices 10:19:16 [Process Scan] Updating Devices Info 10:19:17 [Process Scan] Voiding false (ghost) disconnections 10:19:17 [Process Scan] Pairing session events (connection / disconnection) 10:19:17 [Process Scan] Creating sessions snapshot 10:19:18 [Process Scan] Inserting scan results into Online_History 10:19:19 [Process Scan] Skipping repeated notifications 10:19:19 [Skip Repeated Notifications] Skip Repeated 10:19:19 [Plugin utils] --------------------------------------------- 10:19:19 [Plugin utils] display_name: NSLOOKUP (Name discovery) 10:19:19 [Plugins] Executing: python3 /app/front/plugins/nslookup_scan/nslookup.py 10:19:20 [NSLOOKUP] In script 10:19:20 [Database] Opening DB 10:19:20 [NSLOOKUP] Unknown devices count: 1 10:19:20 [NSLOOKUP]No PTR record found for IP: ??? 10:19:20 [NSLOOKUP] Script finished 10:19:20 [Plugins] No output received from the plugin NSLOOKUP - enable LOG_LEVEL=debug and check logs 10:19:20 [Update Device Name] Trying to resolve devices without name. Unknown devices count: 1 10:19:20 [Update Device Name] Pholus entries from prev scans: 0 10:19:20 [Update Device Name] Names Found (DiG/NSLOOKUP/Pholus): 0 (0/0/0) 10:19:20 [Update Device Name] Names Not Found : 1 10:19:20 [Plugin utils] --------------------------------------------- 10:19:20 [Plugin utils] display_name: Pholus (Name discovery) 10:19:20 [Plugins] Executing: python3 /app/front/plugins/pholus_scan/script.py userSubnets={subnets} timeoutSec={timeout} 10:19:21 [PHOLUS] In script 10:19:21 [PHOLUS] Subnets: ["userSubnets=b'???'"] 10:19:21 [PHOLUS] len Subnets: 1 10:19:21 [PHOLUS] '???' 10:19:21 [PHOLUS] 300 10:19:21 [PHOLUS] userSubnetsParam 192.168.1.0/24 --interface=eth1 10:19:21 [PHOLUS] 300.0 10:19:21 [PHOLUS] Scan: Pholus for 300.0s (5.0min) 10:19:21 [PHOLUS] Pholus scan on [interface] eth1 [mask] 192.168.1.0/24 10:20:01 [PHOLUS] Scan: Pholus SUCCESS 10:20:01 [PHOLUS] [] 10:20:01 [PHOLUS] Pholus output number of entries:0 10:20:01 [PHOLUS] List:[] 10:20:01 [Plugins] No output received from the plugin PHOLUS - enable LOG_LEVEL=debug and check logs 10:20:01 [Notification] Check if something to report 10:20:01 [Notification] Included sections: ['new_devices', 'down_devices', 'events'] 10:20:01 [Notification] Open text Template 10:20:01 [Notification] Open html Template 10:20:01 [Notification] Using template/app/front/report_templates/reporttemplate.html 10:20:01 [Notification] New Devices sections done. 10:20:01 [Notification] Down Devices sections done. 10:20:01 [Notification] Events sections done. 10:20:01 [Notification] Plugins sections done. 10:20:01 [Send API] Updating notification* files in /app/front/api/ 10:20:01 [Notification] Udating API files 10:20:03 [Notification] Notifications changes: 1 10:20:03 [MAIN] Process: Wait 10:20:08 [API] Updating table_appevents.json file in /front/api 10:20:08 [API] Updating table_devices.json file in /front/api 10:20:08 [API] Updating table_plugins_events.json file in /front/api 10:20:08 [API] Updating table_notifications.json file in /front/api 10:20:08 [Plugin utils] --------------------------------------------- 10:20:08 [Plugin utils] display_name: Arp-Scan (Network scan) 10:20:08 [Plugins] Executing: python3 /app/front/plugins/arp_scan/script.py userSubnets={subnets} 10:20:08 [ARP Scan] In script 10:20:08 [ARP Scan] values.userSubnets: ["userSubnets=b'???'"] 10:20:08 [ARP Scan] userSubnetsParamBase64: '???' 10:20:08 [ARP Scan] userSubnetsParam: 192.168.1.0/24 --interface=eth1 10:20:08 [Database] Opening DB 10:20:19 [ARP Scan] arpscan_output: Interface: eth1, type: EN10MB, MAC: ???, IPv4: ??? Starting arp-scan 1.10.0 with 256 hosts (https://github.com/royhills/arp-scan)

0 packets received by filter, 0 packets dropped by kernel Ending arp-scan 1.10.0: 256 hosts scanned in 11.141 seconds (22.98 hosts/sec). 0 responded

10:20:19 [ARP Scan] Found: Devices without duplicates 0 10:20:19 Devices List len:0 10:20:19 Devices List:[] 10:20:19 [Plugins] No output received from the plugin ARPSCAN - enable LOG_LEVEL=debug and check logs 10:20:19 [Plugin utils] --------------------------------------------- 10:20:19 [Plugin utils] display_name: Internet-Check 10:20:19 [Plugins] Executing: python3 /app/front/plugins/internet_ip/script.py prev_ip={prev_ip} INTRNT_DIG_GET_IP_ARG={INTRNT_DIG_GET_IP_ARG} 10:20:19 [INTRNT] In script 10:20:19 [INTRNT] INTRNT_DIG_GET_IP_ARG: -4 myip.opendns.com @resolver1.opendns.com 10:20:19 [INTRNT] - Retrieving Internet IP 10:20:19 [INTRNT] DIG result : ???

10:20:19 [INTRNT] Current internet_IP : ??? 10:20:19 [INTRNT] previous_IP : ??? 10:20:19 [INTRNT] Finished 10:20:19 [Plugins] SUCCESS, received 1 entries 10:20:21 [API] Updating table_appevents.json file in /front/api 10:20:21 [API] Updating table_plugins_history.json file in /front/api 10:20:21 [API] Updating table_plugins_objects.json file in /front/api 10:20:21 [Process Scan] Processing scan results 10:20:21 [Process Scan] Print Stats 10:20:21 [Scan Stats] Devices Detected.......: 2 10:20:21 [Scan Stats] New Devices............: 0 10:20:21 [Scan Stats] Down Alerts............: 0 10:20:21 [Scan Stats] New Down Alerts........: 0 10:20:21 [Scan Stats] New Connections........: 0 10:20:21 [Scan Stats] Disconnections.........: 0 10:20:21 [Scan Stats] IP Changes.............: 0 10:20:21 [Scan Stats] Scan Method Statistics: 10:20:21 INTRNT: 1 10:20:21 local_MAC: 1 10:20:21 [Process Scan] Stats end 10:20:21 [Process Scan] Sessions Events (connect / discconnect) 10:20:21 [Process Scan] Creating new devices 10:20:21 [Process Scan] Updating Devices Info 10:20:21 [Process Scan] Voiding false (ghost) disconnections 10:20:21 [Process Scan] Pairing session events (connection / disconnection) 10:20:22 [Process Scan] Creating sessions snapshot 10:20:22 [Process Scan] Inserting scan results into Online_History 10:20:23 [Process Scan] Skipping repeated notifications 10:20:23 [Skip Repeated Notifications] Skip Repeated 10:20:23 [Plugin utils] --------------------------------------------- 10:20:23 [Plugin utils] display_name: NSLOOKUP (Name discovery) 10:20:23 [Plugins] Executing: python3 /app/front/plugins/nslookup_scan/nslookup.py 10:20:23 [NSLOOKUP] In script 10:20:23 [Database] Opening DB 10:20:23 [NSLOOKUP] Unknown devices count: 1 10:20:23 [NSLOOKUP]No PTR record found for IP: ??? 10:20:23 [NSLOOKUP] Script finished 10:20:23 [Plugins] No output received from the plugin NSLOOKUP - enable LOG_LEVEL=debug and check logs 10:20:23 [Update Device Name] Trying to resolve devices without name. Unknown devices count: 1 10:20:23 [Update Device Name] Pholus entries from prev scans: 0 10:20:23 [Update Device Name] Names Found (DiG/NSLOOKUP/Pholus): 0 (0/0/0) 10:20:23 [Update Device Name] Names Not Found : 1 10:20:23 [Notification] Check if something to report 10:20:23 [Notification] Included sections: ['new_devices', 'down_devices', 'events'] 10:20:23 [Notification] No changes to report 10:20:23 [MAIN] Process: Wait 10:20:28 [API] Updating table_appevents.json file in /front/api 10:21:13 [Plugin utils] --------------------------------------------- 10:21:13 [Plugin utils] display_name: NSLOOKUP (Name discovery) 10:21:13 [Plugins] Executing: python3 /app/front/plugins/nslookup_scan/nslookup.py 10:21:14 [NSLOOKUP] In script 10:21:14 [Database] Opening DB 10:21:14 [NSLOOKUP] Unknown devices count: 1 10:21:14 [NSLOOKUP]No PTR record found for IP: ??? 10:21:14 [NSLOOKUP] Script finished 10:21:14 [Plugins] No output received from the plugin NSLOOKUP - enable LOG_LEVEL=debug and check logs 10:21:14 [Update Device Name] Trying to resolve devices without name. Unknown devices count: 1 10:21:14 [Update Device Name] Pholus entries from prev scans: 0 10:21:14 [Update Device Name] Names Found (DiG/NSLOOKUP/Pholus): 0 (0/0/0) 10:21:14 [Update Device Name] Names Not Found : 1 10:21:14 [Notification] Check if something to report 10:21:14 [Notification] Included sections: ['new_devices', 'down_devices', 'events'] 10:21:14 [Notification] No changes to report 10:21:14 [MAIN] Process: Wait 10:22:14 [Plugin utils] --------------------------------------------- 10:22:14 [Plugin utils] display_name: NSLOOKUP (Name discovery) 10:22:14 [Plugins] Executing: python3 /app/front/plugins/nslookup_scan/nslookup.py 10:22:14 [NSLOOKUP] In script 10:22:14 [Database] Opening DB 10:22:14 [NSLOOKUP] Unknown devices count: 1 10:22:15 [NSLOOKUP]No PTR record found for IP: ??? 10:22:15 [NSLOOKUP] Script finished 10:22:15 [Plugins] No output received from the plugin NSLOOKUP - enable LOG_LEVEL=debug and check logs 10:22:15 [Update Device Name] Trying to resolve devices without name. Unknown devices count: 1 10:22:15 [Update Device Name] Pholus entries from prev scans: 0 10:22:15 [Update Device Name] Names Found (DiG/NSLOOKUP/Pholus): 0 (0/0/0) 10:22:15 [Update Device Name] Names Not Found : 1 10:22:15 [Notification] Check if something to report 10:22:15 [Notification] Included sections: ['new_devices', 'down_devices', 'events'] 10:22:15 [Notification] No changes to report 10:22:15 [MAIN] Process: Wait 10:23:15 [Plugin utils] --------------------------------------------- 10:23:15 [Plugin utils] display_name: NSLOOKUP (Name discovery) 10:23:15 [Plugins] Executing: python3 /app/front/plugins/nslookup_scan/nslookup.py 10:23:15 [NSLOOKUP] In script 10:23:15 [Database] Opening DB 10:23:15 [NSLOOKUP] Unknown devices count: 1 10:23:15 [NSLOOKUP]No PTR record found for IP: ??? 10:23:15 [NSLOOKUP] Script finished 10:23:15 [Plugins] No output received from the plugin NSLOOKUP - enable LOG_LEVEL=debug and check logs 10:23:15 [Update Device Name] Trying to resolve devices without name. Unknown devices count: 1 10:23:15 [Update Device Name] Pholus entries from prev scans: 0 10:23:15 [Update Device Name] Names Found (DiG/NSLOOKUP/Pholus): 0 (0/0/0) 10:23:15 [Update Device Name] Names Not Found : 1 10:23:15 [Notification] Check if something to report 10:23:15 [Notification] Included sections: ['new_devices', 'down_devices', 'events'] 10:23:15 [Notification] No changes to report 10:23:15 [MAIN] Process: Wait 10:24:16 [Plugin utils] --------------------------------------------- 10:24:16 [Plugin utils] display_name: NSLOOKUP (Name discovery) 10:24:16 [Plugins] Executing: python3 /app/front/plugins/nslookup_scan/nslookup.py 10:24:16 [NSLOOKUP] In script 10:24:16 [Database] Opening DB 10:24:16 [NSLOOKUP] Unknown devices count: 1 10:24:16 [NSLOOKUP]No PTR record found for IP: ??? 10:24:16 [NSLOOKUP] Script finished 10:24:16 [Plugins] No output received from the plugin NSLOOKUP - enable LOG_LEVEL=debug and check logs 10:24:16 [Update Device Name] Trying to resolve devices without name. Unknown devices count: 1 10:24:16 [Update Device Name] Pholus entries from prev scans: 0 10:24:16 [Update Device Name] Names Found (DiG/NSLOOKUP/Pholus): 0 (0/0/0) 10:24:16 [Update Device Name] Names Not Found : 1 10:24:16 [Notification] Check if something to report 10:24:16 [Notification] Included sections: ['new_devices', 'down_devices', 'events'] 10:24:16 [Notification] No changes to report 10:24:16 [MAIN] Process: Wait 10:25:22 [Plugin utils] --------------------------------------------- 10:25:22 [Plugin utils] display_name: Arp-Scan (Network scan) 10:25:22 [Plugins] Executing: python3 /app/front/plugins/arp_scan/script.py userSubnets={subnets} 10:25:22 [ARP Scan] In script 10:25:22 [ARP Scan] values.userSubnets: ["userSubnets=b'MTkyLjE2OC4xLjAvMjQgLS1pbnRlcmZhY2U9ZXRoMQ=='"] 10:25:22 [ARP Scan] userSubnetsParamBase64: 'MTkyLjE2OC4xLjAvMjQgLS1pbnRlcmZhY2U9ZXRoMQ==' 10:25:22 [ARP Scan] userSubnetsParam: 192.168.1.0/24 --interface=eth1 10:25:22 [Database] Opening DB 10:25:33 [ARP Scan] arpscan_output: Interface: eth1, type: EN10MB, MAC: 00:11:32:d9:f4:cf, IPv4: 169.254.193.1 Starting arp-scan 1.10.0 with 256 hosts (https://github.com/royhills/arp-scan)

Debug enabled

[X] I have read and followed the steps in the wiki link above and provided the required debug logs and the log section covers the time when the issue occurs.

jokob-sk commented 7 months ago

Hi there,

This was discussed here: https://github.com/jokob-sk/NetAlertX/issues/597

I don't plan to change the permission handling as it could break other peoples installations. Another reason being, I faced way too many permission related support requests in the past.

If possible, can you have a look at possibly changing how your script accesses the files? I use kopia myself and don't face any permission issues when backing up those files.

Thanks, J

mdijkens commented 7 months ago

Thanks; Do I understand correct that removing

HOST_USER_ID=1034
HOST_USER_GID=100 Might resolve the reset of permissions when restarted?

I don't see much else I can do to solve this from my end, since existing permissions are revoked

vladaurosh commented 7 months ago

@mdijkens Can you add your backup-user into gid 82? That should give that user at least read access.

mdijkens commented 7 months ago

I don't see that group in my user/group management of the Synology NAS control panel

vladaurosh commented 7 months ago

Can you create it?

jokob-sk commented 7 months ago

Hi @vladaurosh ,

Can you possibly write up a quick guide about the permissions? It seems a recurring question.

vladaurosh commented 7 months ago

Hey @jokob-sk

Sure. Is couple of sentences ok?

jokob-sk commented 7 months ago

Hey @vladaurosh ,

Of course, thanks a lot! We can add it to the docker readme, maybe under this section: https://github.com/jokob-sk/NetAlertX/tree/main/dockerfiles#docker-paths

jokob-sk commented 6 months ago

Hey @vladaurosh , did you have a chance to have a look? Happy for you to write it in a comment and I will a find place for it :)

vladaurosh commented 6 months ago

Hey @jokob-sk My apologies, I've completely forgotten to write this. I'll have something today.

jokob-sk commented 6 months ago

@vladaurosh haha, all good - thanks for the help as always 💪

vladaurosh commented 6 months ago

Hey @jokob-sk

Here's short guide. Feel free to modify it:

Netalertx runs on nginx webserver, which on Alpine linux is ran by nginx user (id 101, group id 82 - www-data). Because of this, files accessed/written by netalertx application are owned by nginx:www-data .  
When netalertx starts, ownership of files on host system that are mapped to /app/config and /app/db in container will be changed to nginx:www-data, as we want to be sure that nginx can access/write those files.
And since user in docker container is mapped to user on host system by id:gid, files in /app/config and /app/db on host system are owner by user with same id and gid (id 101 and gid 82). On different systems this id:gid will belong to different users (on debian, user with id 82 is uuidd), or sometimes there will not be user with id 82. 
While this is not problem at all, it can cause issues for users on host system accessing these files (for example, backup scripts or similar). In case these files need to be accessed by users other than root, recommended way would be adding that user into group with gid 82. If that group doesn't exist, it should be created.

jokob-sk commented 6 months ago

Thanks a lot @vladaurosh ! I rewrote it a bit with ChatGPT, let me know if you would change anything 🙂

https://github.com/jokob-sk/NetAlertX/blob/main/docs/FILE_PERMISSIONS.md

jokob-sk commented 6 months ago

closing as resolved for now -> guide available: https://github.com/jokob-sk/NetAlertX/blob/main/docs/FILE_PERMISSIONS.md

vladaurosh commented 6 months ago

Looks great @jokob-sk

ShanuDey commented 5 months ago

In my case, the group with GID 82 was not present, but the www-data group existed with GID 33, and the messagebus group existed with GID 101. 😕 Thus, I couldn't create the www-data group with GID 82 due to its existing status. 😞 Consequently, I created a new group called netalertx-data with GID 82 and added my user to this netalertx-data group. 🎉 Finally, the issue was resolved. If someone else encounters the same issue as I did, this solution may be helpful. 😊

vladaurosh commented 5 months ago

Hey @ShanuDey Good that you've resolved it. GID is only what's important here, name can be anything.

jokob-sk / NetAlertX