[BUG] Write permission gets stripped from files, stopping the install.

[cinderblockgames]

Is there an existing issue for this?

• [X] I have searched the existing issues

Current Behavior

Once I get to the install piece, I get a permission denied error:

Setting Default Listening Port as 443
Setting Default Admin Password from stdin -P
Setting Default User Password from stdin -U
Checking if docker and docker compose are installed.
Docker is installed
23.0.3 is a supported version of docker.
Docker compose is installed
2.5.0 is a supported version of docker compose
Commands docker and docker compose detected.
Skipping Dependency Installation.
Installing All Services
Error: failed copying from /tmp/temp1074351667 to /opt/kasm/1.13.0/conf/database/seed_data/default_properties.yaml: open /opt/kasm/1.13.0/conf/database/seed_data/default_properties.yaml: permission denied

When I check the permissions on the files under seed_data, I saw that they didn't have any write permissions:

-rwxrwxr-x

So, I added those:

chmod -R u+w *
chmod -R g+w *

And ended up with:

-rwxrwxr-x

However, when I start the install again, I hit the same error, and it looks like the installer is stripping the write permissions (I'm assuming by copying files that don't have write permissions):

-r-xr-xr-x

Expected Behavior

Should be able to install.

Steps To Reproduce

1. Run in Docker.
2. Go to :3000.
3. Set passwords.
4. Select Chrome as app.
5. Click Install.

Environment

- OS: Ubuntu 22.04.2 LTS
- How docker service was installed: lscr.io/linuxserver/kasm:latest

CPU architecture

x86-64

Docker creation

kasm:
    image: 'lscr.io/linuxserver/kasm:latest'
    container_name: 'kasm'
    privileged: true
    restart: unless-stopped
    ports:
      - 3000:3000
    environment:
      - PUID=1000
      - PGID=1001
      - TZ=America/New_York
      - KASM_PORT=443
    volumes:
      - '/etc/localtime:/etc/localtime:ro'
      - '/run/homelab/apps/opt:/opt'
      - '/run/homelab/apps/profiles:/profiles'
    network_mode: 'bridge'

Container logs

[migrations] started
[migrations] no migrations found
───────────────────────────────────────

      ██╗     ███████╗██╗ ██████╗ 
      ██║     ██╔════╝██║██╔═══██╗
      ██║     ███████╗██║██║   ██║
      ██║     ╚════██║██║██║   ██║
      ███████╗███████║██║╚██████╔╝
      ╚══════╝╚══════╝╚═╝ ╚═════╝ 

   Brought to you by linuxserver.io
───────────────────────────────────────

To support LSIO projects visit:
https://www.linuxserver.io/donate/

───────────────────────────────────────
GID/UID
───────────────────────────────────────

User UID:    1000
User GID:    1001
───────────────────────────────────────

.+.............+..+............+.+...+.........+.....+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++*....+..........+..+.+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++*.+............+...+......................+..+.+.....+......................+............+..........................+...+.........+......+......+.+...+..+..........+...+...........+...................+..+.......+...+..+..................+...+.+......+.....+.......+...+...+..+.........+..........+.....+......+...+.........+.+...........+.+..+......+.+......+..+..........+........+....+.....+....+.....+.......+..+.......+...+..................+...+.....+.........+......+......+....+......+...+...+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
.......+...+..+...+..........+......+..+.......+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++*....+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++*............+.......+.....+.......+.....+...................+.........+...+..+......+.+.....+...+.+..+..........+.....+....+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
-----
[custom-init] No custom files found, skipping...
[ls.io-init] done.
time="2023-04-17T17:21:56.231974717-04:00" level=error msg="failed to initialize a tracing processor \"otlp\"" error="no OpenTelemetry endpoint: skip plugin"
time="2023-04-17T17:21:56.339456128-04:00" level=error msg="failed to mount overlay: invalid argument" storage-driver=overlay2

[github-actions[bot]]

Thanks for opening your first issue here! Be sure to follow the relevant issue templates, or risk having this issue marked as invalid.

[thelamer]

I cannot replicate this, what is your underlying storage driver? I am testing on overlay2.

-rw-rw-r-- default_images_amd64.yaml
-rw-rw-r-- default_images_arm64.yaml

[cinderblockgames]

I've got it bind mounted to a NAS. I can try having /opt mounted to the local fs; if I keep the /profiles on the NAS, is that all I need for a backup of the user space?

[thelamer]

This is a DinD container that spins up an isolated docker environment. It needs a real disk for /opt. You can just try not mounting anything on opt and use a docker volume. That should fall back to fuse-overlayfs and it would let you know if it at least functions and that's your issue.

[cinderblockgames]

Okay, I used local fs for /opt and it installed and I can now get to the :443 UI. I should be able to log in with the user@kasm.local or admin@kasm.local accounts, right?

[thelamer]

Yes it will be the passwords you entered in the wizard.

[cinderblockgames]

I get login failed, but I wonder if it's because it can't register the service worker because of the self-signed cert.

Is there a way to disable SSL in the container so I can have traefik in front of it? If I use traefik in front of 3000, I get a Bad Gateway, and, if I use it in front of 443, I get 400 Bad Request: The plain HTTP request was sent to HTTPS port.

[cinderblockgames]

Okay, I need to specify for traefik to connect to the container using https:

- 'traefik.http.services.kasm.loadbalancer.server.scheme=https'
- 'traefik.http.services.kasm-install.loadbalancer.server.scheme=https'

I also needed to allow invalid certs in the traefik config:

[serversTransport]
  insecureSkipVerify = true

I think it would be better to be able to turn off TLS inside the container altogether, but the above works to serve the container as it is, at least.

However, I still can't log in.

[cinderblockgames]

I'll close this issue, though, since it's been resolved by having /opt locally. Thanks!