search

vgist / dockerfiles

🐳 A collection of delicious docker recipes.
https://hub.docker.com/u/gists/
Apache License 2.0
164 stars 62 forks source link

DNSCrypt user nobody #12

Closed modem7 closed 4 years ago

modem7 commented 4 years ago

When I uncomment the "user_name = 'nobody'" line in the toml file, the container throws up this message: 

[2020-01-26 17:58:23] [NOTICE] Dropping privileges
[2020-01-26 17:58:23] [FATAL] Unable to drop additional groups: [operation not permitted]

The container then stops due to the fatal error.

Unsure if I'm being a muppet here?


docker run -d \
  --name dnscrypt-proxy \
  --hostname DNSCrypt-Proxy \
  --network docker-macvlan \
  --net-alias=DNSCrypt-Proxy \
  --ip 192.168.0.3 \
  -p 5353:5353/tcp \
  -p 5353:5353/udp \
  -v /opt/DNSCrypt-Proxy/dnscrypt-proxy.toml:/etc/dnscrypt-proxy/dnscrypt-proxy.toml \
  -e PUID=3000 \
  -e PGID=3000 \
  -e TZ=Europe/London \
  --restart always \
  gists/dnscrypt-proxy

This occurs even without the additional settings I've put in there for the macvlan and pgid/puid

e6e6 commented 4 years ago

try this

dockr run -d \
    --name dnscrypt-proxy \
    -v /opt/DNSCrypt-Proxy/dnscrypt-proxy.toml:/etc/dnscrypt-proxy/dnscrypt-proxy.toml \
    -v /etc/localtime:/etc/localtime \
    -p 5353:5353/tcp \
    -p 5353:5353/udp \
    --restart always \
    gists/dnscrypt-proxy
e6e6 commented 4 years ago

default user & group:

dnscrypt:dnscrypt

modem7 commented 4 years ago

Unfortunately still getting the same issue:

docker run -d \ --name Dnscrypt-proxy \ --hostname DNSCrypt-Proxy \ -p 5353:5353/tcp \ -p 5353:5353/udp \ -v DNSCrypt:/etc/dnscrypt-proxy/ \ -v /etc/localtime:/etc/localtime \ --restart always \ gists/dnscrypt-proxy

[~]$ id dnscrypt uid=3000(dnscrypt) gid=3000(dnscrypt) groups=3000(dnscrypt)

[2020-01-30 16:53:27] [NOTICE] config option refused_code_in_responses is deprecated, use blocked_query_response [2020-01-30 16:53:27] [NOTICE] dnscrypt-proxy 2.0.35 [2020-01-30 16:53:27] [NOTICE] Network connectivity detected [2020-01-30 16:53:27] [NOTICE] Source [quad9-resolvers] loaded [2020-01-30 16:53:27] [NOTICE] Source [public-resolvers] loaded [2020-01-30 16:53:27] [NOTICE] Firefox workaround initialized [2020-01-30 16:53:27] [NOTICE] Dropping privileges [2020-01-30 16:53:27] [FATAL] Unable to drop additional groups: [operation not permitted]

Are you able to link me to your toml config at all (taking out any personal information/infrastructure info)? I'm wondering if my toml file is causing this particular issue

modem7 commented 4 years ago

Looks like even from last year the username feature wasn't very reliable (https://github.com/DNSCrypt/dnscrypt-proxy/issues/629) - I might have to forget that particular feature for now!

vertikally commented 3 years ago

This installation allowed "nobody" as a user:

https://sorenpoulsen.com/install-dnscrypt-proxy-2-on-ubuntu-1604#

and gave me this output for lost (I changed "listen" to 127.0.2.1 in resolving.conf and the tool file.)