Specify the uid/gid of the bitcoin user with an environment variable

[LordShadowen]

As the title says - when the data folder is mounted on the host, the files are created with an unknown UID from the host perspective. Would be nice if we could specify what user ID it maps to.

My preference would be to follow the common format as used by linuxserver.io images (PUID & PGID), but anything will do, as long as we can specify it :)

[h1d3m3]

Ha! I found this comment when I was looking for a way to solve the exact permission problem, trying to set up this container with electrs.

For my own build, I ended up modifying only the files 0.20/Dockerfile and 0.20/docker-entrypoint.sh because they are the only files in the only version I care about at the moment. You can follow this page's advice to ensure the end user can set the UID and GID that bitcoind runs as when it starts. It makes life much easier :-)

diff --git a/0.20/Dockerfile b/0.20/Dockerfile
index 9e3ef89..fd7ec83 100644
--- a/0.20/Dockerfile
+++ b/0.20/Dockerfile
@@ -4,8 +4,12 @@ LABEL maintainer.0="João Fonseca (@joaopaulofonseca)" \
   maintainer.1="Pedro Branco (@pedrobranco)" \
   maintainer.2="Rui Marinho (@ruimarinho)"

-RUN useradd -r bitcoin \
-  && apt-get update -y \
+ARG USER_ID
+ARG GROUP_ID
+RUN addgroup --gid $GROUP_ID bitcoin
+RUN adduser --disabled-password --gecos '' --uid $USER_ID --gid $GROUP_ID bitcoin
+
+RUN apt-get update -y \
   && apt-get install -y curl gnupg gosu \
   && apt-get clean \
   && rm -rf /var/lib/apt/lists/* /tmp/* /var/tmp/*
diff --git a/0.20/docker-entrypoint.sh b/0.20/docker-entrypoint.sh
index 6080aaf..9c62c3c 100755
--- a/0.20/docker-entrypoint.sh
+++ b/0.20/docker-entrypoint.sh
@@ -10,7 +10,7 @@ fi
 if [ $(echo "$1" | cut -c1) = "-" ] || [ "$1" = "bitcoind" ]; then
   mkdir -p "$BITCOIN_DATA"
   chmod 700 "$BITCOIN_DATA"
-  chown -R bitcoin "$BITCOIN_DATA"
+  chown -R bitcoin:bitcoin "$BITCOIN_DATA"

   echo "$0: setting data directory to $BITCOIN_DATA"

Basically, we now have two more env variables USER_ID and GROUP_ID that controls which ids the container's bitcoin user is setup as. The build process will need to include something like --build-arg USER_ID=1000 and --build-arg GROUP_ID=1000 (as default ids), but the user can now override them for their own environment. Permission problems solved! Hopefully this gives you a head start.

[LordShadowen]

I worked around it in a slightly different way - I didn't change any of the existing files. Instead, I created a new Dockerfile that lets the original do its thing, and then I modify the existing bitcoin user to get the uid and gid that I want. These are specified as args, so I can provide the values from my docker-compose file. This seems to be working well, and it should work with any version you want. Still, would be a bit nicer if the original image supported it directly :)

FROM ruimarinho/bitcoin-core:0.20.1

ARG UID
ARG GID

RUN usermod -u $UID -g $GID bitcoin

[rom-burner]

fully agree - what is the intent of the entrypoint setting the data directory permissions to 700? it's a real pita!

edit: actually even after changing the entrypoint script i still got 0700 permissions. digging into this, the 077 umask is hardcoded in bitcoin core init.cpp, so the way to have system permissions for datfiles is to disable wallet and set -sysperms commandline option (for now at least, https://github.com/bitcoin/bitcoin/pull/17127)

[ruimarinho]

Happy to change this behaviour if there are better ways of achieving the same result while adding more flexibility. @rom-burner @LordShadowen do you plan on submitting a PR? Why wouldn't an env var work for UID/GID? Less complex than building a new image.

[ruimarinho]

Can you give https://github.com/ruimarinho/docker-bitcoin-core/pull/120 a try?

[johnmendonca]

I pulled the branch from #120 and built the 0.21 debian image locally. It correctly assigned the uid/gid specified in the env vars to the volume.

For a while I specified the env incorrectly and saw that the default uid/gid was 999. According to the changes in the readme, this would be correct for the alpine image but not for debian. I double checked my docker images, and bullseye-slim is present while there are no alpine images on my system.

[rbartoli]

Any chance #120 could be merged?

[jimmysong]

this would be very useful. Could we get this changed? I'm having to build my own modified docker images based on #120.

[rbartoli]

Sorry to bother you @ruimarinho but is there any chance #120 could be merged? All checks are passing correctly and it has been confirmed as working.

[ruimarinho]

I should be able to merge this EOD today. Sorry for the delay on this one.

[ManuelSchneid3r]

Any news?

[ruimarinho]

Landed in https://github.com/ruimarinho/docker-bitcoin-core/commit/e8a853624c4b2b6497a6f9d015d6935d24621209!

[LordShadowen]

Updated to latest, and the container is failing to start for me.

I get this on the logs:

groupmod: GID '100' already exists
usermod: no changes

And then it goes on a reboot loop....

For reference, the parameters I'm using:

UID=1024
GID=100

I'm no linux guru, but I think this is failing because of the entrypoint line:

groupmod -g "$GID" bitcoin

Since the GID already exists on the host, trying to assign a group inside the container to that same ID will fail, since it must be unique (unless you use -o, but I don't know the consequences of that...)

What I was doing worked, because I'm just saying that the user bitcoin should be on the group GID, which was defined on the host (and not repurposing the group bitcoin inside the container, if that makes sense...)

usermod -u $UID -g $GID bitcoin

Btw, I think this change broke everything, I can't even downgrade to a previous image. The entrypoint change was done to all previous versions as well....