search

skullernet / q2pro

Enhanced Quake 2 client and server
GNU General Public License v2.0
250 stars 87 forks source link

q2pro inside docker: logs/console.log: Permission denied #353

Closed TheShihan closed 2 months ago

TheShihan commented 2 months ago

Hi,

I try to setup a quake 2 server using a docker container. I wrote my own dockerfile so I can use a current q2pro version: https://github.com/TheShihan/docker-quake2server

The docker image can be found here: https://hub.docker.com/repository/docker/theshihan/quake2server/general

I encounter an issue during startup of the server: Couldn't open logs/console.log: Permission denied

Strange is also, that I set "logfile_name " to "console_openffa", so why does it talk about "console.log" - but maybe it's not this kind of log.

It seems that it is not able to write any files, as if the directory is write protected, but those dirs should all be inside the running users home directory or in a directory that have been chown-ed to the running user (+755 -R set).

Here is the full log:

2024/08/29 21:27:17 | stdout | ]  15 minutes remaining in match.
-- | -- | --
2024/08/29 21:27:17 | stdout | ]  0 teams with 0 entities
2024/08/29 21:27:17 | stdout | ]  0 entities inhibited
2024/08/29 21:27:07 | stdout | ]  Next map is q2dm1.
2024/08/29 21:27:07 | stdout | ]  Map queue: 17 entries
2024/08/29 21:27:07 | stdout | ]  Timelimit hit.
2024/08/29 21:26:57 | stdout | ]  10 seconds remaining in match.
2024/08/29 21:26:07 | stdout | ]  1 minute remaining in match.
2024/08/29 21:22:07 | stdout | ]  5 minutes remaining in match.
2024/08/29 21:17:07 | stdout | ]  10 minutes remaining in match.
2024/08/29 21:12:07 | stdout |  
2024/08/29 21:12:07 | stdout |  ]  https://github.com/skullernet/q2pro
2024/08/29 21:12:07 | stdout | ]  q2proded r3470~abe74eed, Aug 29 2024
2024/08/29 21:12:07 | stdout |  
2024/08/29 21:12:07 | stdout | ]  ====== Q2PRO initialized ======
2024/08/29 21:12:07 | stdout | ] ]0;Zurich Quaker - openffa DM (port 27910) -------------------------------------
2024/08/29 21:12:07 | stdout | ]  15 minutes remaining in match.
2024/08/29 21:12:07 | stdout | ]  10 spawn points
2024/08/29 21:12:07 | stdout | ]  0 teams with 0 entities
2024/08/29 21:12:07 | stdout | ]  0 entities inhibited
2024/08/29 21:12:07 | stdout | ]  Couldn't load '/home/quake2-server/.q2pro/openffa/highscores/highscores/q2dm1.txt': No such file or directory
2024/08/29 21:12:07 | stdout | ]  SpawnServer: q2dm1
2024/08/29 21:12:07 | stdout | ]  ------- Server Initialization -------
2024/08/29 21:12:07 | stdout | ]  Loaded motd from /home/quake2-server/.q2pro/openffa/motd/motd.txt
2024/08/29 21:12:07 | stdout | ]  Loaded 17 maps from '/home/quake2-server/.q2pro/openffa/mapcfg/ffamaps.txt'
2024/08/29 21:12:07 | stdout | ]  ==== InitGame ====
2024/08/29 21:12:07 | stdout |  ]  Loaded game library from /home/quake2-server/.q2pro/openffa/gamex86_64.so
2024/08/29 21:12:07 | stdout | ]  Couldn't open logs/console.log: Permission denied
2024/08/29 21:12:07 | stdout | ]  Master server at 142.4.216.103:27900.
2024/08/29 21:12:07 | stdout | ]  Master server at 78.47.113.68:27900.
2024/08/29 21:12:07 | stdout | ] ]0;Zurich Quaker - openffa DM (port 27910, down) Master server at 5.9.88.215:27900.
2024/08/29 21:12:07 | stdout | ]  Execing server.cfg
2024/08/29 21:12:07 | stdout | ]  ----------------------
2024/08/29 21:12:07 | stdout | ]  3943 files in PAK files
2024/08/29 21:12:07 | stdout | ]  /usr/share/q2pro/baseq2
2024/08/29 21:12:07 | stdout | ]  /usr/share/q2pro/baseq2/pak0.pak (3307 files)
2024/08/29 21:12:07 | stdout | ]  /usr/share/q2pro/baseq2/pak1.pak (279 files)
2024/08/29 21:12:07 | stdout | ]  /usr/share/q2pro/baseq2/pak2.pak (2 files)
2024/08/29 21:12:07 | stdout | ]  /usr/share/q2pro/baseq2/q2duel.pak (17 files)
2024/08/29 21:12:07 | stdout | ]  /usr/share/q2pro/baseq2/q2next.pak (94 files)
2024/08/29 21:12:07 | stdout | ]  /usr/share/q2pro/baseq2/q2rdm.pak (244 files)
2024/08/29 21:12:07 | stdout | ]  /home/quake2-server/.q2pro/baseq2
2024/08/29 21:12:07 | stdout | ]  /usr/share/q2pro/openffa
2024/08/29 21:12:07 | stdout | ]  /home/quake2-server/.q2pro/openffa
2024/08/29 21:12:07 | stdout | ]  Current search path:
2024/08/29 21:12:07 | stdout | ] ]0;noname (port 27910, down) ----- FS_Restart -----
2024/08/29 21:12:07 | stdout | ]  Execing default.cfg
2024/08/29 21:12:07 | stdout | ]  -----------------------
2024/08/29 21:12:07 | stdout | ]  3943 files in PAK files
2024/08/29 21:12:07 | stdout | ]  /usr/share/q2pro/baseq2
2024/08/29 21:12:07 | stdout | ]  /usr/share/q2pro/baseq2/pak0.pak (3307 files)
2024/08/29 21:12:07 | stdout | ]  /usr/share/q2pro/baseq2/pak1.pak (279 files)
2024/08/29 21:12:07 | stdout | ]  /usr/share/q2pro/baseq2/pak2.pak (2 files)
2024/08/29 21:12:07 | stdout | ]  /usr/share/q2pro/baseq2/q2duel.pak (17 files)
2024/08/29 21:12:07 | stdout | ]  /usr/share/q2pro/baseq2/q2next.pak (94 files)
2024/08/29 21:12:07 | stdout | ]  /usr/share/q2pro/baseq2/q2rdm.pak (244 files)
2024/08/29 21:12:07 | stdout | ]  /home/quake2-server/.q2pro/baseq2
2024/08/29 21:12:07 | stdout | ]  Current search path:
2024/08/29 21:12:06 | stdout | ] ------- FS_Init -------

And here is the full server config (game is set to "openffa" as startup parameter)

// General server settings
set dedicated 1
set hostname "Zurich Quaker - openffa DM"
set admin "xxxxxxxxxxxxxxx"
set dmflags 16916
set deathmatch 1
set public 1
set maxclients 16
set timelimit 15
set fraglimit 0
set rate 20000
set max_rate 24000
set map_random 0
set allow_download 1
allow_download_maps 1
allow_download_models 1
allow_download_sounds 1
allow_download_players 1
set sdtlogfile 1
set rcon_password "xxxxxxxxxxxxxx"

// Set master servers
setmaster netdome.biz:27900 master.quakeservers.net:27900 master.q2servers.com

// q2pro server settings
set logfile 2
set logfile_flush 0
set logfile_name "console_openffa"
set logfile_prefix "‘[%Y-%m-%d %H:%M]"

// Open FFA settings
set g_idle_time 300
set g_idle_kick 0
set g_maps_random 0
set g_maps_file ffamaps
set g_defaults_file defaults.txt
//set g_skins_file allowedskins.txt
set g_motd_file "motd"
set g_highscores_dir highscores
set g_bugs 0
set g_teleporter_nofreeze 0
set g_spawn_mode 1
set g_item_ban 0
set g_vote_mask 56
set g_vote_time 60
set g_vote_treshold 50
set g_vote_limit 3
set g_vote_flags 11
set g_warmup 0
set g_countdown_time 15
set g_intermission_time 10
set g_admin_password "xxxxxxxxxxxxxx"
set g_team_chat 0
set g_mute_chat 0
set g_protection_time 0
set flood_msgs 4
set flood_persecond 4
set flood_waitdelay 10
set flood_waves 4
set flood_perwave 30
set flood_wavedelay 60
set flood_infos 4
set flood_perinfo 30
set flood_infodelay 60

// Start map
gamemap q2dm1

Any ideas why this could happen? I am not sure if the issue comes from q2pro or docker. But maybe you can help me narrow it down by telling me why this log entry appears anyway.

skullernet commented 2 months ago

Hi,

I'm not familiar with Docker, but don't these lines basically mean you are creating /home/quake2-server/.q2pro/baseq2 path under root account (or whatever account that script runs from) and then launch Q2PRO under quake2-server account? That would explain permission denied error. Normally you shouldn't create .q2pro directory yourself, Q2PRO will create it automatically when writing files.

The reason it tries to open console.log first is because you are enabling logfile cvar before setting logfile_name.

You should also use +set game openffa on the command line rather than +game openffa since the latter would start the server with game variable unset first and then switch to openffa, causing unneeded filesystem restart.

P.S. Took me awhile to comprehend your log is upside down, what an odd convention.

amokmen commented 2 months ago

Is it strange that all paths in log are absolute, and only one path is not: "logs/console.log"?

Btw, I'll advertise my 2 docs about hosting Q2PRO server - it's autotranslated to English PDF's:

  1. How_to_host_Q2PRO_server_based_on_Ubuntu_en.pdf
  2. Systemd_services_for_running_Q2PRO_GTV_Pakserve_en.pdf
darkshade9 commented 2 months ago

Would it help to define your volumes in your docker run ... or a docker-compose.yml file, rather than within the Dockerfile? That way, multiple containers can share the same FS. Alternatively, simply referencing the local filesystem of the machine you're on rather than Docker volumes have the benefit of not needing to exec into the container to clean up old logs.

https://github.com/TheShihan/docker-quake2server/blob/main/Dockerfile#L38-L42

amokmen commented 2 months ago

clean up old logs

Yeap, it would be a problem inside container. There must be logrotating policy. Or simply output all logs to container's STDOUT instead file.

darkshade9 commented 2 months ago

You're welcome to review the main repository for AQ2 (AQtion), we use Docker heavily for distributing official server images https://github.com/aq2world/server/

The main difference here is that we use pre-compiled binaries rather than building within the container

TheShihan commented 2 months ago

Thanks for the feedback. I'm now setting the logfile to 2 after setting the name. I'm also now using "set game openffa" instead of "game openffa" (by the way: in the pdfs about the server setup, they use also the option without "set").

Now the message is: ]  Couldn't open logs/console_openffa.log: Permission denied

But I still have to check out if the issue is because the folder is created with the root user. I guess the user homedir should be setup correctly, but I am not sure what happens when another users creates files in them. Maybe they are indeed owned by the other user.

TheShihan commented 2 months ago

OK, i changed the order of some commands related to directory creation and chown-ing. I also connected into a locally running container with a shell and everything looks good I believe:

quake2-server@cd23d8c1225e:/home$ ls -al
total 20
drwxr-xr-x 1 root          root          4096 Aug 31 12:36 .
drwxr-xr-x 1 root          root          4096 Aug 31 12:47 ..
drwxr-xr-x 1 quake2-server quake2-server 4096 Aug 31 12:36 quake2-server
quake2-server@cd23d8c1225e:/home$ cd  quake2-server/
quake2-server@cd23d8c1225e:~$ ls -al
total 36
drwxr-xr-x 1 quake2-server quake2-server 4096 Aug 31 12:36 .
drwxr-xr-x 1 root          root          4096 Aug 31 12:36 ..
-rw-r--r-- 1 quake2-server quake2-server  220 Mar 29 19:40 .bash_logout
-rw-r--r-- 1 quake2-server quake2-server 3526 Mar 29 19:40 .bashrc
-rw-r--r-- 1 quake2-server quake2-server  807 Mar 29 19:40 .profile
drwxr-xr-x 3 quake2-server quake2-server 4096 Aug 31 12:47 .q2pro
-rwxr-xr-x 1 quake2-server quake2-server  715 Aug 31 12:32 start-quake2-server.sh
quake2-server@cd23d8c1225e:~$ cd .q2pro/
quake2-server@cd23d8c1225e:~/.q2pro$ ls -ak
.  ..  baseq2
quake2-server@cd23d8c1225e:~/.q2pro$ ls -al
total 16
drwxr-xr-x 3 quake2-server quake2-server 4096 Aug 31 12:47 .
drwxr-xr-x 1 quake2-server quake2-server 4096 Aug 31 12:36 ..
drwxr-xr-x 2 quake2-server quake2-server 4096 Aug 31 12:36 baseq2
quake2-server@cd23d8c1225e:~/.q2pro$ mkdir openffa
quake2-server@cd23d8c1225e:~/.q2pro$ cd openffa/
quake2-server@cd23d8c1225e:~/.q2pro/openffa$ mkdir logs
quake2-server@cd23d8c1225e:~/.q2pro/openffa$ cd logs
quake2-server@cd23d8c1225e:~/.q2pro/openffa/logs$ touchet console.log
bash: touchet: command not found
quake2-server@cd23d8c1225e:~/.q2pro/openffa/logs$ vim console.log
bash: vim: command not found
quake2-server@cd23d8c1225e:~/.q2pro/openffa/logs$ vi console.log
bash: vi: command not found
quake2-server@cd23d8c1225e:~/.q2pro/openffa/logs$ echo "test" >> console.log
quake2-server@cd23d8c1225e:~/.q2pro/openffa/logs$ dir
console.log
quake2-server@cd23d8c1225e:~/.q2pro/openffa/logs$ ls -al
total 12
drwxr-xr-x 2 quake2-server quake2-server 4096 Aug 31 12:49 .
drwxr-xr-x 3 quake2-server quake2-server 4096 Aug 31 12:49 ..
-rw-r--r-- 1 quake2-server quake2-server    5 Aug 31 12:49 console.log
quake2-server@cd23d8c1225e:~/.q2pro/openffa/logs$ cd \
> cd /usr/share
bash: cd: too many arguments
quake2-server@cd23d8c1225e:~/.q2pro/openffa/logs$ cd /usr/shrae
bash: cd: /usr/shrae: No such file or directory
quake2-server@cd23d8c1225e:~/.q2pro/openffa/logs$ cd /usr/share
quake2-server@cd23d8c1225e:/usr/share$ cd q2pro
quake2-server@cd23d8c1225e:/usr/share/q2pro$ ls -al
total 16
drwxr-xr-x 1 quake2-server quake2-server 4096 Aug 31 12:36 .
drwxr-xr-x 1 root          root          4096 Aug 31 12:36 ..
drwxr-xr-x 2 quake2-server quake2-server 4096 Aug 31 12:47 baseq2
quake2-server@cd23d8c1225e:/usr/share/q2pro$ cd baseq2
quake2-server@cd23d8c1225e:/usr/share/q2pro/baseq2$ cd ..
quake2-server@cd23d8c1225e:/usr/share/q2pro$ mkdir openffa
quake2-server@cd23d8c1225e:/usr/share/q2pro$ mkdir ope^C
quake2-server@cd23d8c1225e:/usr/share/q2pro$ ^C
quake2-server@cd23d8c1225e:/usr/share/q2pro$ cd openffa
quake2-server@cd23d8c1225e:/usr/share/q2pro/openffa$ echo "test" >> console.log
quake2-server@cd23d8c1225e:/usr/share/q2pro/openffa$ ls -al
total 12
drwxr-xr-x 2 quake2-server quake2-server 4096 Aug 31 12:51 .
drwxr-xr-x 1 quake2-server quake2-server 4096 Aug 31 12:51 ..
-rw-r--r-- 1 quake2-server quake2-server    5 Aug 31 12:51 console.log

And still the error persists. It would maybe help me the exact location of the logfile that is tried to be created:

31mCouldn't open logs/console_openffa.log: Permission denied

As someone mentioned, this is a bit strange as it is the only path that is not absolute. So I don't know currently if the file is tried to be created inside the user's home dir (and there in the mod dir?): ~/.q2pro/logs/console_openffa.log ~/.q2pro/openffa/logs/console_openffa.log

Or if it is inside the dir of q2pro: /usr/share/q2pro/logs/console_openffa.log /usr/share/q2pro/openffa/console_openffa.log /usr/share/q2pro/baseq2/console_openffa.log

Or even another directoy? I see in the log that the server tries to search PAKs and game.so in many different locations. Any hints regarding this?

res2k commented 2 months ago

As someone mentioned, this is a bit strange as it is the only path that is not absolute.

If it's a relative path, there's a good probability it's relative to the current working directory. You could find that out by adding a pwd right before you start the server.

TheShihan commented 2 months ago

pwd gives out

/

So, it's the root of the filesystem... Of course there this user would have no permissions but why would q2 try to create the dir there? shoudln't it be automatically the dir of the mod or the root dir of the quake2 installation?

But yeah, I can now try to change the working directory and see what happens.

Update: changed working dir to /usr/share/q2pro - entry in logfile still exists: Couldn't open logs/console_openffa.log: Permission denied

skullernet commented 2 months ago

Well, I'm not sure why it isn't working for you. Permissions look fine. Unless there is some deeper stuff in play (SELinux or some Docker-specific restrictions). Maybe there is some hint in dmesg output (unlikely)?

It would maybe help me the exact location of the logfile that is tried to be created

You can check the full path with strace, e.g. strace -e file q2proded.

As someone mentioned, this is a bit strange as it is the only path that is not absolute. So I don't know currently if the file is tried to be created inside the user's home dir (and there in the mod dir?)

It should be created in ~/.q2pro/openffa/logs. Printed path is not absolute because it's virtual Q2 filesystem path. It is converted to absolute path internally, and is not relative to current directory. In fact, current directory shouldn't matter at all for Q2PRO and OpenFFA (but may matter for older mods).

skullernet commented 2 months ago

Actually full strace log with -e file would be useful. Maybe it's not open syscall that fails with EACCES, but mkdir when it tries to create the path to file.

TheShihan commented 2 months ago

OK, I was now able to solve the problem. The issue occured because I mount directories from the host to some volumes of the container, for example the mod directory (openffa in this specific case).

By doing this the files and also the permissions of the host directory will be used inside the container. I did not change the permissions of the host folder before but now I changed them with the following commands:

chown -R 1001:1001 /path/to/mounted/directory  # Based on UID/GID of 'quake2-server' inside the container
chmod -R 755 /path/to/mounted/directory

So they are now accessbile to the user of the container and can be written to.