Set PUID and PGID as Variables

[Veldkornet]

This is a...

• [x] Request for a new or modified feature
• [x] Issue trying to run the docker image
• [ ] Issue trying to build / test / develop the docker image

Description

So I'm addressing a few things in this one issue, which I understand is not ideal. Could you please add the PUID (Process User ID) and PGID (Process Group ID) variables? I tell you why. I use Docker on my Synology NAS and for the life of me, I cannot get it to work. I keep getting the following error: [ERROR]: Unable to parse results from queryads.php: Unhandled error message (Invalid domain!) I've therefore set the logs to be external with "/volume1/docker/pihole/logs/:/var/log/", however I then run into the problem that it cannot start because pihole doesn't have access to the logs (even though I set the permission to 777 for the directory and everything in it.)

` 2018-08-31 17:30:36: (log.c.171) opening errorlog '/var/log/lighttpd/error.log' failed: Permission denied	stderr

`

Expected Behavior

Docker processes should run under the user id and group ID values specified in the environmental variables

Actual Behavior

It doesn't

Possible Fix

Add the variables. Many docker images have these variables, especially those from https://www.linuxserver.io/our-images if you need examples

Steps to Reproduce and debugging done

e.g. your docker run command, pages to visit, CLI commands you ran There's not much to do as I can't even access the webpage directly after creating the image. FYI, I do not have DNS or DHCP running on my NAS. This is the create command that I used: sudo docker run -d \ --name pihole \ -p 53:53/tcp -p 53:53/udp \ -p 67:67/udp \ -p 32777:80 \ -p 32778:443 \ -v "/volume1/docker/pihole/pihole/:/etc/pihole/" \ -v "/volume1/docker/pihole/dnsmasq.d/:/etc/dnsmasq.d/" \ -e ServerIP="${IP}" \ -e TZ=Europe/Amsterdam \ -e DNS1=208.67.222.222 \ -e DNS2=208.67.220.220 \ -e PUID=1033 \ -e PGID=65540 \ --restart=unless-stopped \ --cap-add=NET_ADMIN \ pihole/pihole:latest

Debug steps I have tried

• [x] I have tried destroying my container instance, pulling the newest image version, and re-creating a new container
• [x] I have tried running the nearly stock docker run example in the readme (removing any customizations I added)
• [x] I have tried running without my volume data mounts to eliminate volumes as the cause
• [x] I have searched this repository for existing issues and pull requests that look similar

Context and extra information

271 #267 #85

Your Environment

• Docker Host Operating System and OS Version: Synology DS1517+ | DSM 6.2-23739 Update 2
• Docker Version: 17.05.0-ce
• Docker API version: 1.29
• Hardware architecture: linux/amd64

[PromoFaux]

It's also a volunteer-led project, all of whom work not only work full time outside of it, but also have active family lives and responsibilities... it can be a tough one to juggle at times.

Pull Requests and help on the code are always welcome - the beauty of being an open source project is that anyone can contribute to it. Comments along the lines of "You're doing this wrong and you should fix it" don't help anyone, and can lead to developer fatigue and burnout, to the point where working on the project becomes a chore - rather than the fun it is supposed to be.

That's not to say I'm shrugging anything off, or pointing any fingers in the direction of unhelpful contributions. We don't bite, not that hard anyway.

I'll add the Help Wanted label - maybe that will encourage helpful contribution

[imajes]

100%. :) no questions there. I'm trying to carve out some time to spend on my docker stack and will try and tinker with a better fix if i can... :)

[edgd1er]

Hello,

I've had the problem on a system where I needed specif uid and gid to write files to filesystem. Here is the code I've put in cont-init.d as 05-changer-uid-gid.sh As you will guess, the vars will be WEB_UID, WEB_GID, PIHOLE_UID, PIHOLE_GID. I wish I could send a PR but my pihole project is a mess now, trying to debug a building issue. is there someone to test and push a request ?

#!/usr/bin/with-contenv bash
set -e

modifyUser()
{
  declare username=${1:-} newId=${2:-}
  [[ -z ${username} || -z ${newId} ]] && return

  local currentId=$(id -u ${username})
  [[ ${currentId} -eq ${newId} ]] && return

  echo "user ${username} ${currentId} => ${newId}"
  usermod -o -u ${newId} ${username}

  find / -user ${currentId} -print0 2> /dev/null | \
    xargs -0 -n1 chown -h ${username} 2> /dev/null
}

modifyGroup()
{
  declare groupname=${1:-} newId=${2:-}
  [[ -z ${groupname} || -z ${newId} ]] && return

  local currentId=$(id -g ${groupname})
  [[ ${currentId} -eq ${newId} ]] && return

  echo "group ${groupname} ${currentId} => ${newId}"
  groupmod -o -g ${newId} ${groupname}

  find / -group ${currentId} -print0 2> /dev/null | \
    xargs -0 -n1 chgrp -h ${groupname} 2> /dev/null
}

modifyUser www-data ${WEB_UID}
modifyGroup www-data ${WEB_GID}
modifyUser pihole ${PIHOLE_UID}
modifyGroup pihole ${PIHOLE_GID}

[PromoFaux]

Changes in #982 have been merged to dev, which allow for the setting of UID for both www-data and pihole users with env vars. These are experimental changes that will likely require feedback (Changes can be played with on the :dev tag)

[nixmomo]

_pihole_pihole.1.853ecdtwqr5d08e8z9yzuf4zi_logs.txt @edgd1er it is not working... he has isues with the error logs... i tried also to mount the error log directly as volume to set the right permissions but it fails too. But the rest looks ok but not possible to test operations from webinterface

env that i have set: WEB_UID: 1111 WEB_GID: 1111 PIHOLE_UID: 1112 PIHOLE_GID: 1112

[PromoFaux]

@nixmomo are you trying this on the dev image? There were some further tweaks to adjust permissions/ownerships there

[nixmomo]

@PromoFaux yes i used it in dev image from dockerhub

[edgd1er]

@nixmomo, I run pihole on openmediavault system which has ACL set, I had to set uids/gids according to the host. What I can say, databases were in read only, and are accessible now. (ext4s not test with nfs)

without much more details, about your mounting point (compose file), a ls from within the container, a ls from the host, we won't be able to help you.

[nixmomo]

hi @edgd1er here is the part of compose (if ya need the complete compose file, i will attach)

    environment:
      TZ: ${TZ}
      WEBPASSWORD: ${WEBPASSWORD}
      DNS1: ${DNSSERVER1}
      DNS2: ${DNSSERVER2}
      ADMIN_EMAIL: andre@dl-host.info
      WEB_UID: 1111
      WEB_GID: 1111
      PIHOLE_UID: 1112
      PIHOLE_GID: 1112
   #   CONDITIONAL_FORWARDING: ${CONDITIONAL_FORWARDING}
   #   CONDITIONAL_FORWARDING_IP: ${CONDITIONAL_FORWARDING_IP}
   #   CONDITIONAL_FORWARDING_DOMAIN: ${CONDITIONAL_FORWARDING_DOMAIN}
   #   CONDITIONAL_FORWARDING_REVERSE: ${CONDITIONAL_FORWARDING_REVERSE}
    # Volumes store your data between container upgrades
    volumes:
      - /home/nfs/docker/pihole/conf/:/etc/pihole/
      - /home/nfs/docker/pihole/dnsmasq.d/conf/:/etc/dnsmasq.d/

the mounts are nfs mounts here is the ls-la output from host where pihole is running at moment

root@rpi-4gb /home/nfs/docker/pihole/conf # ls -la
total 126816
drwxrwxrwx 3       1112 1112     4096 Jan 27 07:55 .
drwxrwxrwx 6 root       root     4096 Jan 25 07:46 ..
-rw-rw-rw- 1 root       root       65 Dec 28 09:15 adlists.list
-rw-rw-rw- 1 root       root      492 Jan 25 20:16 custom.list
-rw-r--r-- 1       1112 1112        0 Jan 27 07:43 dhcp.leases
-rw-r--r-- 1 root       root      651 Jan 27 07:43 dns-servers.conf
-rw-r--r-- 1 root       root       20 Jan 27 07:43 GitHubVersions
-rw-rw-r-- 1       1112 1112 14069760 Jan 27 07:43 gravity.db
-rw-rw-r-- 1       1112 1112 14020608 Jan 27 07:43 gravity_old.db
-rw-r--r-- 1 root       root   250965 Dec 28 09:38 list.10.v.firebog.net.domains
-rw-r--r-- 1 root       root       84 Dec 28 09:38 list.10.v.firebog.net.domains.sha1
-rw-r--r-- 1 root       root    67622 Dec 28 09:38 list.11.zerodot1.gitlab.io.domains
-rw-r--r-- 1 root       root       89 Dec 28 09:38 list.11.zerodot1.gitlab.io.domains.sha1
-rw-r--r-- 1 root       root  2168819 Jan 27 07:43 list.1.raw.githubusercontent.com.domains
-rw-r--r-- 1 root       root       95 Jan 25 06:51 list.1.raw.githubusercontent.com.domains.sha1
-rw-r--r-- 1 root       root   978572 Jan 27 07:43 list.2.raw.githubusercontent.com.domains
-rw-r--r-- 1 root       root       95 Jan 27 07:43 list.2.raw.githubusercontent.com.domains.sha1
-rw-r--r-- 1 root       root     1172 Jan 27 07:43 list.3.raw.githubusercontent.com.domains
-rw-r--r-- 1 root       root       95 Dec 29 09:12 list.3.raw.githubusercontent.com.domains.sha1
-rw-r--r-- 1 root       root   150216 Jan 27 07:43 list.4.adaway.org.domains
-rw-r--r-- 1 root       root       80 Jan 27 07:43 list.4.adaway.org.domains.sha1
-rw-r--r-- 1 root       root   691748 Jan 27 07:43 list.5.v.firebog.net.domains
-rw-r--r-- 1 root       root       83 Jan 27 07:43 list.5.v.firebog.net.domains.sha1
-rw-r--r-- 1 root       root   271455 Jan 27 07:43 list.6.v.firebog.net.domains
-rw-r--r-- 1 root       root       83 Jan 27 07:43 list.6.v.firebog.net.domains.sha1
-rw-r--r-- 1 root       root    59286 Dec 28 09:38 list.7.v.firebog.net.domains
-rw-r--r-- 1 root       root       83 Dec 28 09:38 list.7.v.firebog.net.domains.sha1
-rw-r--r-- 1 root       root   132829 Jan 27 07:43 list.8.raw.githubusercontent.com.domains
-rw-r--r-- 1 root       root       95 Jan 23 03:29 list.8.raw.githubusercontent.com.domains.sha1
-rw-r--r-- 1 root       root    21016 Jan 27 07:43 list.9.osint.digitalside.it.domains
-rw-r--r-- 1 root       root       90 Jan 27 07:43 list.9.osint.digitalside.it.domains.sha1
-rw-r--r-- 1 root       root       20 Jan 27 07:50 localbranches
-rw-r--r-- 1 root       root       65 Jan 27 07:43 local.list
-rw-r--r-- 1 root       root       42 Jan 27 07:50 localversions
drwxr-xr-x 2 root       root     4096 Dec 28 09:12 migration_backup
-rw-r--r-- 1 rpimonitor spi        20 Jan 27 07:43 pihole-FTL.conf
-rw-rw-r-- 1       1112 1112 96849920 Jan 27 07:55 pihole-FTL.db
-rw-r--r-- 1 root       root      247 Jan 27 07:43 setupVars.conf
-rw-r--r-- 1 root       root      247 Jan 27 07:43 setupVars.conf.update.bak

here is output from ls -la within container

root@7424fd578cb5:/etc/pihole# ls -la
total 126828
drwxrwxrwx 3 pihole pihole     4096 Jan 27 07:57 .
drwxr-xr-x 1 root   root       4096 Jan 27 07:43 ..
-rw-r--r-- 1 root   root         20 Jan 27 07:43 GitHubVersions
-rw-rw-rw- 1 root   root         65 Dec 28 09:15 adlists.list
-rw-rw-rw- 1 root   root        492 Jan 25 20:16 custom.list
-rw-r--r-- 1 pihole pihole        0 Jan 27 07:43 dhcp.leases
-rw-r--r-- 1 root   root        651 Jan 27 07:43 dns-servers.conf
-rw-rw-r-- 1 pihole pihole 14069760 Jan 27 07:43 gravity.db
-rw-rw-r-- 1 pihole pihole 14020608 Jan 27 07:43 gravity_old.db
-rw-r--r-- 1 root   root    2168819 Jan 27 07:43 list.1.raw.githubusercontent.com.domains
-rw-r--r-- 1 root   root         95 Jan 25 06:51 list.1.raw.githubusercontent.com.domains.sha1
-rw-r--r-- 1 root   root     250965 Dec 28 09:38 list.10.v.firebog.net.domains
-rw-r--r-- 1 root   root         84 Dec 28 09:38 list.10.v.firebog.net.domains.sha1
-rw-r--r-- 1 root   root      67622 Dec 28 09:38 list.11.zerodot1.gitlab.io.domains
-rw-r--r-- 1 root   root         89 Dec 28 09:38 list.11.zerodot1.gitlab.io.domains.sha1
-rw-r--r-- 1 root   root     978572 Jan 27 07:43 list.2.raw.githubusercontent.com.domains
-rw-r--r-- 1 root   root         95 Jan 27 07:43 list.2.raw.githubusercontent.com.domains.sha1
-rw-r--r-- 1 root   root       1172 Jan 27 07:43 list.3.raw.githubusercontent.com.domains
-rw-r--r-- 1 root   root         95 Dec 29 09:12 list.3.raw.githubusercontent.com.domains.sha1
-rw-r--r-- 1 root   root     150216 Jan 27 07:43 list.4.adaway.org.domains
-rw-r--r-- 1 root   root         80 Jan 27 07:43 list.4.adaway.org.domains.sha1
-rw-r--r-- 1 root   root     691748 Jan 27 07:43 list.5.v.firebog.net.domains
-rw-r--r-- 1 root   root         83 Jan 27 07:43 list.5.v.firebog.net.domains.sha1
-rw-r--r-- 1 root   root     271455 Jan 27 07:43 list.6.v.firebog.net.domains
-rw-r--r-- 1 root   root         83 Jan 27 07:43 list.6.v.firebog.net.domains.sha1
-rw-r--r-- 1 root   root      59286 Dec 28 09:38 list.7.v.firebog.net.domains
-rw-r--r-- 1 root   root         83 Dec 28 09:38 list.7.v.firebog.net.domains.sha1
-rw-r--r-- 1 root   root     132829 Jan 27 07:43 list.8.raw.githubusercontent.com.domains
-rw-r--r-- 1 root   root         95 Jan 23 03:29 list.8.raw.githubusercontent.com.domains.sha1
-rw-r--r-- 1 root   root      21016 Jan 27 07:43 list.9.osint.digitalside.it.domains
-rw-r--r-- 1 root   root         90 Jan 27 07:43 list.9.osint.digitalside.it.domains.sha1
-rw-r--r-- 1 root   root         65 Jan 27 07:43 local.list
-rw-r--r-- 1 root   root         20 Jan 27 07:50 localbranches
-rw-r--r-- 1 root   root         42 Jan 27 07:50 localversions
drwxr-xr-x 2 root   root       4096 Dec 28 09:12 migration_backup
-rw-r--r-- 1    999    999       20 Jan 27 07:43 pihole-FTL.conf
-rw-rw-r-- 1 pihole pihole 96858112 Jan 27 07:57 pihole-FTL.db
-rw-r--r-- 1 root   root        247 Jan 27 07:43 setupVars.conf
-rw-r--r-- 1 root   root        247 Jan 27 07:43 setupVars.conf.update.bak

I have no idea why the log error is gone but here is the log

[s6-init] making user provided files available at /var/run/s6/etc...exited 0.,
[s6-init] ensuring user provided files have correct perms...exited 0.,
[fix-attrs.d] applying ownership & permissions fixes...,
[fix-attrs.d] 01-resolver-resolv: applying... ,
[fix-attrs.d] 01-resolver-resolv: exited 0.,
[fix-attrs.d] done.,
[cont-init.d] executing container initialization scripts...,
[cont-init.d] 05-changer-uid-gid.sh: executing... ,
Changing ID for user: www-data (33 => 1111),
Changing ID for group: www-data (33 => 1111),
Changing ID for user: pihole (999 => 1112),
Changing ID for group: pihole (999 => 1112),
[cont-init.d] 05-changer-uid-gid.sh: exited 0.,
[cont-init.d] 20-start.sh: executing... ,
 ::: Starting docker specific checks & setup for docker pihole/pihole,
,
  [i] Installing configs from /etc/.pihole...,
  [i] Existing dnsmasq.conf found... it is not a Pi-hole file, leaving alone!,
  [i] Installing /etc/dnsmasq.d/01-pihole.conf...
  [✓] Installed /etc/dnsmasq.d/01-pihole.conf,
  [i] Installing /etc/.pihole/advanced/06-rfc6761.conf...
  [✓] Installed /etc/dnsmasq.d/06-rfc6761.conf,
Converting DNS1 to PIHOLE_DNS_,
Converting DNS2 to PIHOLE_DNS_,
Setting DNS servers based on PIHOLE_DNS_ variable,
::: Pre existing WEBPASSWORD found,
  [✓] Setting admin contact to andre@dl-host.info,
DNSMasq binding to default interface: eth0,
Added ENV to php:,
            "PIHOLE_DOCKER_TAG" => "dev",,
            "PHP_ERROR_LOG" => "/var/log/lighttpd/error.log",,
            "ServerIP" => "0.0.0.0",,
            "CORS_HOSTS" => "",,
            "VIRTUAL_HOST" => "0.0.0.0",,
Using IPv4 and IPv6,
::: Preexisting ad list /etc/pihole/adlists.list detected ((exiting setup_blocklists early)),
https://raw.githubusercontent.com/StevenBlack/hosts/master/hosts,
::: Testing lighttpd config: Syntax OK,
::: All config checks passed, cleared for startup ...,
::: Enabling Query Logging,
  [i] Enabling logging...,

  [✓] Logging has been enabled!,
 ::: Docker start setup complete,
  Checking if custom gravity.db is set in /etc/pihole/pihole-FTL.conf,
  Pi-hole version is v5.8.1 (Latest: v5.8.1),
  AdminLTE version is v5.10.1 (Latest: v5.10.1),
  FTL version is v5.13 (Latest: v5.13),
  Container tag is: dev,
[cont-init.d] 20-start.sh: exited 0.,
[cont-init.d] done.,
[services.d] starting services,
Starting lighttpd,
Starting crond,
Starting pihole-FTL (no-daemon) as pihole,
[services.d] done.

I can use the webinterface now with the dev image but whitelisting is not working with this image .... the rights looking ok for me

[PromoFaux]

-rw-r--r-- 1 999 999 20 Jan 27 07:43 pihole-FTL.conf

This should have been chowned when FTL started. We may have missed it, I'll check later!

What is the exact error you get when whitelisting?

[nixmomo]

Hi @PromoFaux i get this error http://prntscr.com/26k7h1y

[edgd1er]

@nixmomo ,

Could you test with local storage as I suspect your problem may be due to nfs filesystem rights ? I'm new to nfs and I remember having problems with root_squash/no_root_squash/all_squash.

[nixmomo]

@edgd1er its a nfs v3 mount so it is mounted as a local folder but i tried with a real local folder and its the same issue

[PromoFaux]

This experimental support is now in 2022.02.1/latest - Testing and feedback would be greatly appreciated

[dsm1212]

FWIW this worked first try for me. Thanks!!!

[nixmomo]

The "While executing: attempt to write a readonly database Added 0 out of 1 domains" is not fixed in the 2022.2.1 Version

here is the debug log if it helps https://tricorder.pi-hole.net/vfequxfr/

[nixmomo]

ok, it works if i move the files to local folder but there it struggles with the rpimonitor user (both using 999 as uid) thats why i want to change... but i can't believe that its a nfs error.... its a nfs3 share with this options (rw,async,no_subtree_check,no_root_squash,insecure) so where is the missconfiguration? The share is mounted as rw and it works in all other containers.

[edgd1er]

this link: https://serverfault.com/questions/240897/how-to-properly-set-permissions-for-nfs-folder-permission-denied-on-mounting-en may give you some hints on how to tackle right permissions on nfs.

uid/gid must match between the containers and the nfs server. if not, ,anonuid=1000,anongid=1000 may be a solution. uid/gid 1000 must have read,right permissions on the nfs dirs/files.

[nixmomo]

hmm that cant be the point... i have no_root_squash and the ownership on the nfs mounts are the same that i set in pihole configs and on the nfs server are they set to the same uid/guid i configured for pihole and the folder on top has a 777 write permission.... i can create files from within the docker container in the mounted volumes too so it can't be a nfs problem.. that makes absolutly no sense

[dsm1212]

The host volume has to bind mount into the container and it introduces some odd behavior with nfs. But docker supports nfs mounting the volume from within the container. You can do it from the docker command line or from docker compose if you are using that. Just google how to mount nfs into a docker container. Switch to that and this should go away, plus you can drop allowing the root access which is dangerous. I feel compelled to add that there are many reasons for an nfs mount to have issues. Those issues will take out your entire network when pihole stops working. Not to mention that you will have to carefully get that nfs location mounted without dns since you have to do it before pihole is started. I'm not sure what you are gaining here but I wouldn't do this.

[Swiiney]

Working for me, thanks a lot I have a simple config with Pihole running on Rpi with data on external drive connected with USB.

Only problem, I tried to get the same UID/GID for WEB and PIHOLE which is not working. After I figured out that it creates the same UID and GID in passwd and groups, I removed WEB_UID and WEB_GID (which is almost useless) all is working.

[dschaper]

Only problem, I tried to get the same UID/GID for WEB and PIHOLE which is not working. After I figured out that it creates the same UID and GID in passwd and groups, I removed WEB_UID and WEB_GID (which is almost useless) all is working.

I'll take a look at that soon.

[divStar]

Just for reference: all of the sudden I couldn't edit any settings. I suppose it has something to do with me changing the docker-volumes location (didn't change permissions though).

For whatever reason stopping, removing and pruning the pihole-image and redownloading it, helped... I checked on the permissions of /usr/bin/sudo (I have had the error message saying, that /usr/bin/sudo must be owned by uid 0 and have the setuid bit set) and they seemed just fine. I did not change any other settings.

[ilium007]

When I set PIHOLE_GID=1001 it reverts to GID of 999 and messes up my host volume group permissions. If I set PIHOLE_GID=1000 it correctly sets the GID to 1000 but that is not what I want on the host directory group permission.

[nixmomo]

this feature has never worked very well.... thats the reason why i use unbound dns .... i love pihole but it is more a fun project ... in german we call it "frickelei" .... unbound dns is very stable and can handle all the pihole lists too and it has a HA feature and so on.... and all what i need is a stable working dns blocking function and the possibility to add local domains.... if unbound is not working ini your case, just look into adguard....its more stable and handles the gid and uid perfectly. Very hard words from me i know and my heart is crying because i used pihole over 8 years or so and i love it realy but yes, from time to time it needs to look around and validate the new software what comes out

[dschaper]

Sorry you had a bad experience with free open source software. There are a number of other options like AdGuard or NextDNS however you are sending your data to other parties with those.

What ever you decide to do, please make sure that you use some kind of software to help protect your privacy online.

[dschaper]

When I set PIHOLE_GID=1001 it reverts to GID of 999 and messes up my host volume group permissions. If I set PIHOLE_GID=1000 it correctly sets the GID to 1000 but that is not what I want on the host directory group permission.

Can you please post your docker compose or docker run so we can try to assist you? Thanks!

[divStar]

Well, for me pi-Hole is working fine within the docker container. I just had to make sure to forward those few hosts Portainer needs in case no DNS is available (pi-Hole container down when updating or altering settings). I also solved that issue by I think setting permissions on the file system (configs are written to a mounted volume in my case), because I just checked and I haven't specified any GID/PID in the environment arguments section of my docker-compose file.

[nixmomo]

Sorry you had a bad experience with free open source software. There are a number of other options like AdGuard or NextDNS however you are sending your data to other parties with those.

What ever you decide to do, please make sure that you use some kind of software to help protect your privacy online.

thanks for the hint but none of the called software calls home if you don't want to .... at the end it do the same like pihole.

but i always have a pihole instance running to keep an eye on it. i'm sure that i use pihole in feature again as primary resolver / adblocker but before it is needed to fix all the broken things (pid / guid bugs, nfs support for storing configs) and an ha option (master slave sync maybe)

[ilium007]

When I set PIHOLE_GID=1001 it reverts to GID of 999 and messes up my host volume group permissions. If I set PIHOLE_GID=1000 it correctly sets the GID to 1000 but that is not what I want on the host directory group permission.

Can you please post your docker compose or docker run so we can try to assist you? Thanks!

version: '3.9'

services: pihole: container_name: pihole image: pihole/pihole:latest networks:

• sapling ports:
• 53:53/tcp
• 53:53/udp
• 80 environment:
• TZ=Australia/Sydney
• WEBPASSWORD=xxx
• ADMIN_EMAIL=xxx@gmail.com
• PIHOLE_UID=1000
• PIHOLE_GID=1000
• VIRTUAL_HOST=pihole.xxx volumes:
• /data/docker/pihole/etc-pihole:/etc/pihole
• /data/docker/pihole/etc-dnsmasq.d:/etc/dnsmasq.d restart: unless-stopped

This results in correct permissions on etc-pihole but etc-dnsmasq.d are still root/root

❯ ll pihole
drwxr-sr-x -  root        root        14 Jul  9:39 etc-dnsmasq.d
drwxrwsr-x - xxx         xxx          14 Jul  9:41 etc-pihole

[nixmomo]

isn't it the wrong image? i'm not sure but is it merged into latest? The last changes was in :dev or :2022.2.1

[PromoFaux]

The last changes was in :dev or :2022.2.1

?? 7 releases since then!

Do you specifically mean this PR? That was released with 2022.02, but hasn't been removed

[ilium007]

I’m using :latest

I commented on this thread rather than opening a new issue.

[dsm1212]

There is a separate env setting DNSMASQ_USER for changing the dnsmasq user because on some systems dnsmasq won't work right if it is not root. I have it unset and I get root/root like you stated too. Although elsewhere here I see a statement it defaults to pihole, I think that must not be true. Try setting this to pihole.

By the way this reverting to 999 issue doesn't seem to make sense to me and I don't see that in the info you shared. Could you show that one? Is the disk you are mapping a remote mounted volume by any chance?

[PromoFaux]

Although elsewhere here I see a statement it defaults to pihole, I think that must not be true.

https://github.com/pi-hole/docker-pi-hole/blob/master/Dockerfile#L41

on some systems dnsmasq won't work right if it is not root.

Yeah, I have the Pi-hole container running on my Synology (DSM7) and I have to set DNSMASQ: root otherwise things don't work as expected