Can't launch the container via podman: Wrong permissions on /data

[xuchunyang]

I'm trying to use the docker image via podman on fedora and encounter this issue

[xcy@pc ~]$ mkdir /tmp/etebase-data
[xcy@pc ~]$ podman run -d -e SUPER_USER=admin -p 3735:3735 -v /tmp/etebase-data:/data victorrds/etesync
Trying to pull registry.fedoraproject.org/victorrds/etesync...
  manifest unknown: manifest unknown
Trying to pull registry.access.redhat.com/victorrds/etesync...
  name unknown: Repo not found
Trying to pull registry.centos.org/victorrds/etesync...
  manifest unknown: manifest unknown
Trying to pull docker.io/victorrds/etesync...
Getting image source signatures
Copying blob 0a5e725150a2 done
Copying blob e4c3d3e4f7b0 done
Copying blob 8275efcd805f done
Copying blob 397dba5694db done
Copying blob 751620502a7a done
Copying blob 101c41d0463b done
Copying blob b1d09d0eabcb done
Copying blob 475299e7c7f3 done
Copying blob ede3eeefc571 done
Copying blob 857376888101 done
Copying blob 4b1e108c39b3 done
Copying blob 5d67812923ed done
Copying blob ed6051ff3b25 done
Copying config 4013e98465 done
Writing manifest to image destination
Storing signatures
f18072de547a5cd62f25fc6addd592fa5676aa6be653bbf9514b7bbf7a07af83
[xcy@pc ~]$ podman ps
CONTAINER ID  IMAGE   COMMAND  CREATED  STATUS  PORTS   NAMES
[xcy@pc ~]$ podman ps -a
CONTAINER ID  IMAGE                               COMMAND  CREATED         STATUS                     PORTS                   NAMES
f18072de547a  docker.io/victorrds/etesync:latest           28 seconds ago  Exited (1) 28 seconds ago  0.0.0.0:3735->3735/tcp  nifty_germain
[xcy@pc ~]$ podman logs nifty_germain
2020-11-13T04:02:00+00:00 [ERROR] [Entrypoint]:
-----------------------------------------------------------------
Wrong permissions on /data, can't create settings file, without
the correct permissions the container won't start.
Please change the permissions or the user runnning the container.
By default the image runs with 373 as UID and GID.
More details about changing container user:
https://docs.docker.com/engine/reference/run/#user
-----------------------------------------------------------------
[xcy@pc ~]$

I followed https://docs.docker.com/engine/reference/run/#user and tried -u root and -u root:root but it didn't fix the issue.

[xcy@pc ~]$ podman logs vigorous_lewin
2020-11-13T04:08:20+00:00 [ERROR] [Entrypoint]: PUID or GUID values not supported!

[victor-rds]

The don't used PUID or GUID values, they are detected at runtime, for security reasons the container won't run as root anymore.

There are 2 alternatives:

1. Use the same id of the owner and permissions of the /tmp/etebase-data:

[xcy@pc ~]$ export ETE_USER=$(ls -lnd /tmp/etebase-data | awk '{print $3}')
[xcy@pc ~]$ echo $ETE_USER
[xcy@pc ~]$  podman run -d -u ${ETE_USER}:${ETE_USER} -e SUPER_USER=admin -p 3735:3735 -v /tmp/etebase-data:/data victorrds/etesync

You can ignore the error PermissionError: [Errno 13] Permission denied: '/srv/etebase/static/admin'

2. Just change /tmp/etebase-data owner to 373

[xcy@pc ~]$ chown -R 373 `/tmp/etebase-data`
[xcy@pc ~]$  podman run -d -e SUPER_USER=admin -p 3735:3735 -v /tmp/etebase-data:/data victorrds/etesync

Please test his and tell me if it work

[xuchunyang]

2 . Just change /tmp/etebase-data owner to 373

not work

[xcy@pc ~]$ mkdir /tmp/etebase-data
[xcy@pc ~]$ chown -R 373 /tmp/etebase-data
chown: 正在更改'/tmp/etebase-data' 的所有者: 不允许的操作
[xcy@pc ~]$ sudo chown -R 373 /tmp/etebase-data
[xcy@pc ~]$ podman run -d -e SUPER_USER=admin -p 3735:3735 -v /tmp/etebase-data:/data victorrds/etesync
02df272615140ad3443f1b6e1e93c0f0fe932a19d255c079019bdf647e5c2873
[xcy@pc ~]$ podman ps
CONTAINER ID  IMAGE   COMMAND  CREATED  STATUS  PORTS   NAMES
[xcy@pc ~]$ podman ps -a
CONTAINER ID  IMAGE                               COMMAND  CREATED        STATUS                    PORTS                   NAMES
02df27261514  docker.io/victorrds/etesync:latest           5 seconds ago  Exited (1) 5 seconds ago  0.0.0.0:3735->3735/tcp  recursing_davinci
[xcy@pc ~]$ podman logs recursing_davinci
2020-11-13T15:58:05+00:00 [ERROR] [Entrypoint]:
-----------------------------------------------------------------
Wrong permissions on /data, can't create settings file, without
the correct permissions the container won't start.
Please change the permissions or the user runnning the container.
By default the image runs with 373 as UID and GID.
More details about changing container user:
https://docs.docker.com/engine/reference/run/#user
-----------------------------------------------------------------
[xcy@pc ~]$

---

1. Use the same id of the owner and permissions of the /tmp/etebase-data:

also not work

[xcy@pc ~]$ sudo rm -rf /tmp/etebase-data/
[xcy@pc ~]$ mkdir /tmp/etebase-data/
[xcy@pc ~]$ export ETE_USER=$(ls -lnd /tmp/etebase-data | awk '{print $3}')
[xcy@pc ~]$ echo $ETE_USER
1000
[xcy@pc ~]$ podman run -d -u ${ETE_USER}:${ETE_USER} -e SUPER_USER=admin -p 3735:3735 -v /tmp/etebase-data:/data victorrds/etesync
41a0eb1b33facf30b8e513eb15b420d1c4025573c1aeac65fdd647f54921b13d
[xcy@pc ~]$ podman ps
CONTAINER ID  IMAGE   COMMAND  CREATED  STATUS  PORTS   NAMES
[xcy@pc ~]$ podman ps -a
CONTAINER ID  IMAGE                               COMMAND  CREATED        STATUS                    PORTS                   NAMES
41a0eb1b33fa  docker.io/victorrds/etesync:latest           5 seconds ago  Exited (1) 5 seconds ago  0.0.0.0:3735->3735/tcp  distracted_fermi
[xcy@pc ~]$ podman logs distracted_fermi
2020-11-13T16:00:49+00:00 [ERROR] [Entrypoint]:
-----------------------------------------------------------------
Wrong permissions on /data, can't create settings file, without
the correct permissions the container won't start.
Please change the permissions or the user runnning the container.
By default the image runs with 373 as UID and GID.
More details about changing container user:
https://docs.docker.com/engine/reference/run/#user
-----------------------------------------------------------------
[xcy@pc ~]$

[victor-rds]

I'll have to install and test using podman, I've tried both examples with standard docker and worked, can you test using volumes instead of bind mounts?

[victor-rds]

The entrypoint error only show in the following conditions: If the /data/etebase-server.ini doesn't exists AND the /data directory isn't writable

[victor-rds]

I'll have to install and test using podman, I've tried both examples with standard docker and worked, can you test using volumes instead of bind mounts?

Can you try use the :z on the mount point? Just to rule out a SELinux problem

podman run -d -u "1000:1000" -e SUPER_USER=admin -p 3735:3735 -v /tmp/etebase-data:/data:z victorrds/etesync

[xuchunyang]

I tried :z

[xcy@pc ~]$ mkdir /tmp/etebase-data
[xcy@pc ~]$ podman run -d -u "1000:1000" -e SUPER_USER=admin -p 3735:3735 -v /tmp/etebase-data:/data:z victorrds/etesync
75c59b55a46b8020f832cd1bb70ca284de4f31175f13be2fe0ebb347e36559bf
[xcy@pc ~]$ podman ps
CONTAINER ID  IMAGE   COMMAND  CREATED  STATUS  PORTS   NAMES
[xcy@pc ~]$ podman ps -a
CONTAINER ID  IMAGE                               COMMAND  CREATED        STATUS                    PORTS                   NAMES
75c59b55a46b  docker.io/victorrds/etesync:latest           4 seconds ago  Exited (1) 4 seconds ago  0.0.0.0:3735->3735/tcp  quizzical_rhodes
[xcy@pc ~]$ podman logs 75c59b55a46b
2020-11-13T17:38:32+00:00 [ERROR] [Entrypoint]:
-----------------------------------------------------------------
Wrong permissions on /data, can't create settings file, without
the correct permissions the container won't start.
Please change the permissions or the user runnning the container.
By default the image runs with 373 as UID and GID.
More details about changing container user:
https://docs.docker.com/engine/reference/run/#user
-----------------------------------------------------------------
[xcy@pc ~]$

[xuchunyang]

If the /data/etebase-server.ini doesn't exists AND the /data directory isn't writable

[xcy@pc ~]$ curl -o /tmp/etebase-data/etebase-server.ini https://raw.githubusercontent.com/etesync/server/master/etebase-server.ini.example
[xcy@pc ~]$ podman run -d -e SUPER_USER=admin -p 3735:3735 -v /tmp/etebase-data:/data victorrds/etesync
37a2a02a312042a3fc8b8bb5ec0f860bf59c929b3ced4c3bc97d385cab49efc4
[xcy@pc ~]$ podman logs 37a2a02a312042a3fc8b8bb5ec0f860bf59c929b3ced4c3bc97d385cab49efc4
2020-11-13T17:43:53+00:00 [Note] [Entrypoint]: Settings file permissions: Ok
2020-11-13T17:43:53+00:00 [ERROR] [Entrypoint]: Failed to create on the /data/db.sqlite3 databbase file, please check the permissions
[xcy@pc ~]$

[victor-rds]

If the /data/etebase-server.ini doesn't exists AND the /data directory isn't writable

All this errors are the same, for some reason podman refuses or ignores permission to /data, I will try to research more about this, but to be honest if chown -R 373:373 /tmp/etebase-data or chmod 777 /tmp/etebase-data doesn't work I really don't know whats is the error.

Since I don't have a podman installation available, could you please test this for me?

[xcy@pc ~]$ export TEST_DIR=/tmp/write_test; export TEST_FILE=${TEST_DIR}/test
[xcy@pc ~]$ mkdir -p ${TEST_DIR}
[xcy@pc ~]$ chown 1000:1000 ${TEST_DIR}
[xcy@pc ~]$ podman  run --rm -v ${TEST_DIR}:/data alpine /bin/sh -c 'echo "User ID is `id -u`" | tee /data/test'
User ID is 0
[xcy@pc ~]$ ls -lnd ${TEST_FILE} | awk '{print $3}'
0
[xcy@pc ~]$ rm ${TEST_FILE}
[xcy@pc ~]$ podman  run --rm  -u "1000:1000" -v ${TEST_DIR}:/data alpine /bin/sh -c 'echo "User ID is `id -u`" | tee /data/test'
User ID is 1000
[xcy@pc ~]$ ls -lnd ${TEST_FILE} | awk '{print $3}'
1000
[xcy@pc ~]$ rm ${TEST_FILE}
[xcy@pc ~]$ podman  run --rm -u "373:373" -v ${TEST_DIR}:/data alpine /bin/sh -c 'echo "User ID is `id -u`" | tee /data/test'
tee: /data/test: Permission denied
User ID is 373
[xcy@pc ~]$ ls -lnd ${TEST_FILE} | awk '{print $3}'
ls: cannot access '/tmp/write_test/test': No such file or directory
[xcy@pc ~]$  

I now is a simple test, but I want to rule out some issues

[xuchunyang]

chmod 777 /tmp/etebase-data

I tried when I first encountered the issue, and just tried again (sudo chmod 777 /tmp/etebase-data/), it does not help.

Since I don't have a podman installation available, could you please test this for me?

[xcy@pc ~]$ export TEST_DIR=/tmp/write_test; export TEST_FILE=${TEST_DIR}/test
[xcy@pc ~]$ mkdir -p ${TEST_DIR}
[xcy@pc ~]$ chown 1000:1000 ${TEST_DIR}
[xcy@pc ~]$ podman  run --rm -v ${TEST_DIR}:/data alpine /bin/sh -c 'echo "User ID is `id -u`" | tee /data/test'
Trying to pull registry.fedoraproject.org/alpine...
  manifest unknown: manifest unknown
Trying to pull registry.access.redhat.com/alpine...
  name unknown: Repo not found
Trying to pull registry.centos.org/alpine...
  manifest unknown: manifest unknown
Trying to pull docker.io/library/alpine...
Getting image source signatures
Copying blob 188c0c94c7c5 [--------------------------------------] 0.0b / 0.0b
Copying config d6e46aa247 done
Writing manifest to image destination
Storing signatures
User ID is 0
tee: /data/test: Permission denied
[xcy@pc ~]$ ls -lnd ${TEST_FILE} | awk '{print $3}'
ls: 无法访问 '/tmp/write_test/test': 没有那个文件或目录
[xcy@pc ~]$ rm ${TEST_FILE}
rm: 无法删除 '/tmp/write_test/test': 没有那个文件或目录
[xcy@pc ~]$ podman  run --rm  -u "1000:1000" -v ${TEST_DIR}:/data alpine /bin/sh -c 'echo "User ID is `id -u`" | tee /data/test'
tee: /data/test: Permission denied
User ID is 1000
[xcy@pc ~]$ ls -lnd ${TEST_FILE} | awk '{print $3}'
ls: 无法访问 '/tmp/write_test/test': 没有那个文件或目录
[xcy@pc ~]$ rm ${TEST_FILE}
rm: 无法删除 '/tmp/write_test/test': 没有那个文件或目录
[xcy@pc ~]$ podman  run --rm -u "373:373" -v ${TEST_DIR}:/data alpine /bin/sh -c 'echo "User ID is `id -u`" | tee /data/test'
tee: /data/test: Permission denied
User ID is 373
[xcy@pc ~]$ ls -lnd ${TEST_FILE} | awk '{print $3}'
ls: 无法访问 '/tmp/write_test/test': 没有那个文件或目录
[xcy@pc ~]$

[victor-rds]

Wow! It's refusing to write on the /tmp/write_test even running as root? Almost sure this is SELinux problem

[victor-rds]

Try using this image victorrds/etebase:issue39, this one accepts PUID and GUID vars, and run as root

[xuchunyang]

[xcy@pc ~]$ podman pull docker.io/victorrds/etebase:issue39
Trying to pull docker.io/victorrds/etebase:issue39...
Getting image source signatures
Copying blob 188c0c94c7c5 skipped: already exists
Copying blob 55578f60cda7 done
Copying blob 599e2857d4f0 done
Copying blob 692da2fcb614 done
Copying blob 8c3f3cede5b3 done
Copying blob 486b9abd645a done
Copying blob 6f9cccf8acef done
Copying blob 3d45088599c0 done
Copying blob 5ddba248401b done
Copying config d82bf2f36b done
Writing manifest to image destination
Storing signatures
d82bf2f36b8026a002530c18ddd3f946dfcef0304344fc8b9bf05764dbf6f69c
[xcy@pc ~]$ mkdir /tmp/etebase-data
[xcy@pc ~]$ podman run -e SUPER_USER=admin -p 3735:3735 -v /tmp/etebase-data:/data docker.io/victorrds/etebase:issue39
chown: /data: Permission denied
chmod: /data: Permission denied
chmod: /data: Permission denied
2020-11-13T20:32:24+0000 [ERROR] [Entrypoint]:
-----------------------------------------------------------------
Wrong permissions on /data, can't create settings file, without
the correct permissions the container won't start.
Please change the permissions or the user runnning the container.
By default the image runs with 373 as UID and GID.
More details about changing container user:
https://docs.docker.com/engine/reference/run/#user
-----------------------------------------------------------------
[xcy@pc ~]$

[victor-rds]

See if this can help you: https://github.com/containers/podman/issues/3683

[xuchunyang]

--security-opt label=disable with victorrds/etebase:issue39 works

[xcy@pc ~]$ podman run -e SUPER_USER=admin -p 3735:3735 -v /tmp/etebase-data:/data --security-opt label=disable docker.io/victorrds/etebase:issue39
2020-11-13T21:03:43+0000 [Note] [Entrypoint]: Settings file permissions: Ok
2020-11-13T21:03:43+0000 [Note] [Entrypoint]: Database file permissions: Ok
2020-11-13T21:03:43+0000 [Note] [Entrypoint]: Generated /data/etebase-server.ini

...

[xcy@pc ~]$ curl localhost:3735
<!DOCTYPE html>
<html lang="en">
  <head>
    <title>It works!</title>
  </head>
  <body>
    <h1>It works!</h1>
    <p>
    Please refer to the <a href="https://github.com/etesync/server-skeleton/">README</a> to complete the final steps if you haven't done so already.
    </p>
  </body>
</html>
[xcy@pc ~]$

[victor-rds]

--security-opt label=disable with victorrds/etebase:issue39 works

[xcy@pc ~]$ podman run -e SUPER_USER=admin -p 3735:3735 -v /tmp/etebase-data:/data --security-opt label=disable docker.io/victorrds/etebase:issue39

And with the :latest? Using -u 1000:1000 or chmod 373:373 /tmp/etebase-data?

[xuchunyang]

Does not work with the :latest

[xcy@pc ~]$ sudo rm -rf /tmp/etebase-data/
[sudo] xcy 的密码：
[xcy@pc ~]$ mkdir /tmp/etebase-data/
[xcy@pc ~]$ podman run -e SUPER_USER=admin -p 3735:3735 -v /tmp/etebase-data:/data --security-opt label=disable docker.io/victorrds/etebase:latest
2020-11-13T21:18:23+00:00 [ERROR] [Entrypoint]:
-----------------------------------------------------------------
Wrong permissions on /data, can't create settings file, without
the correct permissions the container won't start.
Please change the permissions or the user runnning the container.
By default the image runs with 373 as UID and GID.
More details about changing container user:
https://docs.docker.com/engine/reference/run/#user
-----------------------------------------------------------------
[xcy@pc ~]$ podman run -u 1000:1000 -e SUPER_USER=admin -p 3735:3735 -v /tmp/etebase-data:/data --security-opt label=disable docker.io/victorrds/etebase:latest
2020-11-13T21:18:56+00:00 [ERROR] [Entrypoint]:
-----------------------------------------------------------------
Wrong permissions on /data, can't create settings file, without
the correct permissions the container won't start.
Please change the permissions or the user runnning the container.
By default the image runs with 373 as UID and GID.
More details about changing container user:
https://docs.docker.com/engine/reference/run/#user
-----------------------------------------------------------------
[xcy@pc ~]$ chown 373:373 /tmp/etebase-data
chown: 正在更改'/tmp/etebase-data' 的所有者: 不允许的操作
[xcy@pc ~]$ sudo chown 373:373 /tmp/etebase-data
[xcy@pc ~]$ podman run -e SUPER_USER=admin -p 3735:3735 -v /tmp/etebase-data:/data --security-opt label=disable docker.io/victorrds/etebase:latest
2020-11-13T21:19:30+00:00 [ERROR] [Entrypoint]:
-----------------------------------------------------------------
Wrong permissions on /data, can't create settings file, without
the correct permissions the container won't start.
Please change the permissions or the user runnning the container.
By default the image runs with 373 as UID and GID.
More details about changing container user:
https://docs.docker.com/engine/reference/run/#user
-----------------------------------------------------------------
[xcy@pc ~]$ podman run -u 1000:1000 -e SUPER_USER=admin -p 3735:3735 -v /tmp/etebase-data:/data --security-opt label=disable docker.io/victorrds/etebase:latest
2020-11-13T21:19:36+00:00 [ERROR] [Entrypoint]:
-----------------------------------------------------------------
Wrong permissions on /data, can't create settings file, without
the correct permissions the container won't start.
Please change the permissions or the user runnning the container.
By default the image runs with 373 as UID and GID.
More details about changing container user:
https://docs.docker.com/engine/reference/run/#user
-----------------------------------------------------------------
[xcy@pc ~]$

[victor-rds]

Before I publish a new official please try the victorrds/etebase:issue39.2 image forcing root ( -u 0:0 ) user:

[xcy@pc ~]$ podman run -u 0:0 -e SUPER_USER=admin -p 3735:3735 -v /tmp/etebase-data:/data --security-opt label=disable docker.io/victorrds/etebase:issue39.2

[xuchunyang]

The command does work.

full output of the command

```console [xcy@pc ~]$ mkdir /tmp/etebase-data [xcy@pc ~]$ podman run -u 0:0 -e SUPER_USER=admin -p 3735:3735 -v /tmp/etebase-data:/data --security-opt label=disable docker.io/victorrds/etebase:issue39.2 Trying to pull docker.io/victorrds/etebase:issue39.2... Getting image source signatures Copying blob 55578f60cda7 skipped: already exists Copying blob 188c0c94c7c5 skipped: already exists Copying blob 599e2857d4f0 skipped: already exists Copying blob 8c3f3cede5b3 skipped: already exists Copying blob 692da2fcb614 skipped: already exists Copying blob ef1ea42ddfca done Copying blob 76de3a63b35d done Copying blob 98317b4cf781 done Copying blob c8c968ae4bd5 done Copying config ae9b8e06a1 done Writing manifest to image destination Storing signatures 2020-11-14T13:13:56+0000 [Warn] [Entrypoint]: Running container as Root is not recommended, please avoid if possible. 2020-11-14T13:13:56+0000 [Note] [Entrypoint]: File permissions: Ok 2020-11-14T13:13:56+0000 [Note] [Entrypoint]: Generated /data/etebase-server.ini admin [ ] 0001_initial [ ] 0002_logentry_remove_auto_add [ ] 0003_logentry_add_action_flag_choices auth [ ] 0001_initial [ ] 0002_alter_permission_name_max_length [ ] 0003_alter_user_email_max_length [ ] 0004_alter_user_username_opts [ ] 0005_alter_user_last_login_null [ ] 0006_require_contenttypes_0002 [ ] 0007_alter_validators_add_error_messages [ ] 0008_alter_user_username_max_length [ ] 0009_alter_user_last_name_max_length [ ] 0010_alter_group_name_max_length [ ] 0011_update_proxy_permissions [ ] 0012_alter_user_first_name_max_length contenttypes [ ] 0001_initial [ ] 0002_remove_content_type_name django_etebase [ ] 0001_initial [ ] 0002_userinfo [ ] 0003_collectioninvitation [ ] 0004_collectioninvitation_version [ ] 0005_auto_20200526_1021 [ ] 0006_auto_20200526_1040 [ ] 0007_auto_20200526_1336 [ ] 0008_auto_20200526_1535 [ ] 0009_auto_20200526_1535 [ ] 0010_auto_20200526_1539 [ ] 0011_collectionmember_stoken [ ] 0012_auto_20200527_0743 [ ] 0013_collectionmemberremoved [ ] 0014_auto_20200602_1558 [ ] 0015_collectionitemrevision_salt [ ] 0016_auto_20200623_0820 [ ] 0017_auto_20200623_0958 [ ] 0018_auto_20200624_0748 [ ] 0019_auto_20200626_0748 [ ] 0020_remove_collectionitemrevision_salt [ ] 0021_auto_20200626_0913 [ ] 0022_auto_20200804_1059 [ ] 0023_collectionitemchunk_collection [ ] 0024_auto_20200804_1209 [ ] 0025_auto_20200804_1216 [ ] 0026_auto_20200907_0752 [ ] 0027_auto_20200907_0752 [ ] 0028_auto_20200907_0754 [ ] 0029_auto_20200907_0801 [ ] 0030_auto_20200922_0832 [ ] 0031_auto_20201013_1336 [ ] 0032_auto_20201013_1409 myauth [ ] 0001_initial [ ] 0002_auto_20200515_0801 sessions [ ] 0001_initial token_auth [ ] 0001_initial Operations to perform: Apply all migrations: admin, auth, contenttypes, django_etebase, myauth, sessions, token_auth Running migrations: Applying contenttypes.0001_initial... OK Applying contenttypes.0002_remove_content_type_name... OK Applying auth.0001_initial... OK Applying auth.0002_alter_permission_name_max_length... OK Applying auth.0003_alter_user_email_max_length... OK Applying auth.0004_alter_user_username_opts... OK Applying auth.0005_alter_user_last_login_null... OK Applying auth.0006_require_contenttypes_0002... OK Applying auth.0007_alter_validators_add_error_messages... OK Applying auth.0008_alter_user_username_max_length... OK Applying auth.0009_alter_user_last_name_max_length... OK Applying auth.0010_alter_group_name_max_length... OK Applying auth.0011_update_proxy_permissions... OK Applying myauth.0001_initial... OK Applying admin.0001_initial... OK Applying admin.0002_logentry_remove_auto_add... OK Applying admin.0003_logentry_add_action_flag_choices... OK Applying auth.0012_alter_user_first_name_max_length... OK Applying django_etebase.0001_initial... OK Applying django_etebase.0002_userinfo... OK Applying django_etebase.0003_collectioninvitation... OK Applying django_etebase.0004_collectioninvitation_version... OK Applying django_etebase.0005_auto_20200526_1021... OK Applying django_etebase.0006_auto_20200526_1040... OK Applying django_etebase.0007_auto_20200526_1336... OK Applying django_etebase.0008_auto_20200526_1535... OK Applying django_etebase.0009_auto_20200526_1535... OK Applying django_etebase.0010_auto_20200526_1539... OK Applying django_etebase.0011_collectionmember_stoken... OK Applying django_etebase.0012_auto_20200527_0743... OK Applying django_etebase.0013_collectionmemberremoved... OK Applying django_etebase.0014_auto_20200602_1558... OK Applying django_etebase.0015_collectionitemrevision_salt... OK Applying django_etebase.0016_auto_20200623_0820... OK Applying django_etebase.0017_auto_20200623_0958... OK Applying django_etebase.0018_auto_20200624_0748... OK Applying django_etebase.0019_auto_20200626_0748... OK Applying django_etebase.0020_remove_collectionitemrevision_salt... OK Applying django_etebase.0021_auto_20200626_0913... OK Applying django_etebase.0022_auto_20200804_1059... OK Applying django_etebase.0023_collectionitemchunk_collection... OK Applying django_etebase.0024_auto_20200804_1209... OK Applying django_etebase.0025_auto_20200804_1216... OK Applying django_etebase.0026_auto_20200907_0752... OK Applying django_etebase.0027_auto_20200907_0752... OK Applying django_etebase.0028_auto_20200907_0754... OK Applying django_etebase.0029_auto_20200907_0801... OK Applying django_etebase.0030_auto_20200922_0832... OK Applying django_etebase.0031_auto_20201013_1336... OK Applying django_etebase.0032_auto_20201013_1409... OK Applying myauth.0002_auto_20200515_0801... OK Applying sessions.0001_initial... OK Applying token_auth.0001_initial... OK 2020-11-14T13:13:59+0000 [Note] [Entrypoint]: Creating Super User 2020-11-14T13:13:59+0000 [Note] [Entrypoint]: ---------------------------------------------------- | Admin Password: L14n9RIy61AIfXHLixSS9y3IBAoQfCHw | ---------------------------------------------------- 165 static files copied to '/srv/etebase/static'. 2020-11-14T13:14:00+0000 [Note] [Entrypoint]: Starting Etebase [uWSGI] getting INI configuration from /uwsgi-etebase.ini [uwsgi-static] added mapping for /static => /srv/etebase/static [uwsgi-static] added mapping for /user-media => /srv/etebase/media *** Starting uWSGI 2.0.19.1 (64bit) on [Sat Nov 14 13:14:00 2020] *** compiled with version: 9.3.0 on 14 November 2020 04:35:46 os: Linux-5.8.18-200.fc32.x86_64 #1 SMP Mon Nov 2 19:49:11 UTC 2020 nodename: ce8d8325e7d6 machine: x86_64 clock source: unix detected number of CPU cores: 4 current working directory: /etebase detected binary path: /usr/local/bin/uwsgi !!! no internal routing support, rebuild with pcre support !!! uWSGI running as root, you can use --uid/--gid/--chroot options setgid() to 373 setuid() to 373 chdir() to /etebase your processes number limit is 31453 your memory page size is 4096 bytes detected max file descriptor number: 524288 building mime-types dictionary from file /etc/mime.types...1293 entry found lock engine: pthread robust mutexes thunder lock: disabled (you can enable it with --thunder-lock) uWSGI http bound on 0.0.0.0:3735 fd 4 uwsgi socket 0 bound to TCP address 127.0.0.1:40773 (port auto-assigned) fd 3 Python version: 3.9.0 (default, Oct 22 2020, 05:03:39) [GCC 9.3.0] Python main interpreter initialized at 0x562e966c44c0 python threads support enabled your server socket listen backlog is limited to 100 connections your mercy for graceful operations on workers is 60 seconds mapped 485080 bytes (473 KB) for 4 cores *** Operational MODE: preforking *** WSGI app 0 (mountpoint='') ready in 0 seconds on interpreter 0x562e966c44c0 pid: 1 (default app) *** uWSGI is running in multiple interpreter mode *** spawned uWSGI master process (pid: 1) spawned uWSGI worker 1 (pid: 27, cores: 1) spawned uWSGI worker 2 (pid: 28, cores: 1) spawned uWSGI worker 3 (pid: 29, cores: 1) spawned uWSGI worker 4 (pid: 30, cores: 1) spawned uWSGI http 1 (pid: 31) [pid: 28|app: 0|req: 1/2] 127.0.0.1 () {38 vars in 730 bytes} [Sat Nov 14 13:23:10 2020] GET /favicon.ico => generated 179 bytes in 83 msecs (HTTP/1.1 404) 6 headers in 172 bytes (1 switches on core 0) [pid: 28|app: 0|req: 2/13] 127.0.0.1 () {48 vars in 1037 bytes} [Sat Nov 14 13:23:27 2020] POST /admin/login/?next=/admin/ => generated 145 bytes in 227 msecs (HTTP/1.1 500) 7 headers in 224 bytes (1 switches on core 0) ```

[victor-rds]

Thanks, I will clean up and push this version as the official one, it's a middle ground I'm happy with, I will close this issue for now.

Thanks very much for all the help!

[worldofgeese]

@victor-rds I recently started to receive errors accessing /data which persisted even after chown -R 373:373 ./etebase/data. I looked through this thread and ran the container as user 0:0 which got rid of the permissions errors but now seem to be running into new errors.

2020-11-23T11:14:49+00:00 [Warn] [Entrypoint]: Running container as Root is not recommended, please avoid if possible.
chown: invalid spec: ‘373:’
2020-11-23T11:14:49+00:00 [Note] [Entrypoint]: File permissions: Ok
chown: invalid spec: ‘373:’
chown: invalid spec: ‘373:’
chmod: cannot access '.'$'\n''.'$'\n''/data': No such file or directory
2020-11-23T11:14:49+00:00 [Note] [Entrypoint]: File permissions: Ok
2020-11-23T11:14:49+00:00 [Note] [Entrypoint]: File permissions: Ok
admin
auth
contenttypes
django_etebase
myauth
 [ ] 0003_auto_20201119_0810
sessions
token_auth
2020-11-23T11:15:12+00:00 [Warn] [Entrypoint]: If necessary please run: docker exec -it 8dc35c94b773 python manage.py migrate

0 static files copied to '/srv/etebase/static', 165 unmodified.
2020-11-23T11:15:14+00:00 [Note] [Entrypoint]: Starting Etebase
[uWSGI] getting INI configuration from /uwsgi-etebase.ini
[uwsgi-static] added mapping for /static => /srv/etebase/static
[uwsgi-static] added mapping for /user-media => /data/media
*** Starting uWSGI 2.0.19.1 (64bit) on [Mon Nov 23 11:15:14 2020] ***
compiled with version: 8.3.0 on 22 November 2020 17:26:23
os: Linux-4.4.59+ #25426 SMP PREEMPT Wed Jul 8 03:21:29 CST 2020
nodename: 8dc35c94b773
machine: x86_64
clock source: unix
pcre jit disabled
detected number of CPU cores: 2
current working directory: /etebase
detected binary path: /usr/local/bin/uwsgi
uWSGI running as root, you can use --uid/--gid/--chroot options
setgid() to 373
setuid() to 373
chdir() to /etebase
your processes number limit is 63224
your memory page size is 4096 bytes
detected max file descriptor number: 524288
building mime-types dictionary from file /etc/mime.types...565 entry found
lock engine: pthread robust mutexes
thunder lock: disabled (you can enable it with --thunder-lock)
uwsgi socket 0 bound to TCP address 0.0.0.0:3735 fd 3
Python version: 3.9.0 (default, Nov 18 2020, 13:28:38)  [GCC 8.3.0]
Python main interpreter initialized at 0x55fa60b92b40
python threads support enabled
your server socket listen backlog is limited to 100 connections
your mercy for graceful operations on workers is 60 seconds
mapped 485080 bytes (473 KB) for 4 cores
*** Operational MODE: preforking ***
Traceback (most recent call last):
  File "./etebase_server/wsgi.py", line 16, in <module>
    application = get_wsgi_application()
  File "/usr/local/lib/python3.9/site-packages/django/core/wsgi.py", line 12, in get_wsgi_application
    django.setup(set_prefix=False)
  File "/usr/local/lib/python3.9/site-packages/django/__init__.py", line 19, in setup
    configure_logging(settings.LOGGING_CONFIG, settings.LOGGING)
  File "/usr/local/lib/python3.9/site-packages/django/conf/__init__.py", line 83, in __getattr__
    self._setup(name)
  File "/usr/local/lib/python3.9/site-packages/django/conf/__init__.py", line 70, in _setup
    self._wrapped = Settings(settings_module)
  File "/usr/local/lib/python3.9/site-packages/django/conf/__init__.py", line 177, in __init__
    mod = importlib.import_module(self.SETTINGS_MODULE)
  File "/usr/local/lib/python3.9/importlib/__init__.py", line 127, in import_module
    return _bootstrap._gcd_import(name[level:], package, level)
  File "./etebase_server/settings.py", line 144, in <module>
    section = config["global"]
  File "/usr/local/lib/python3.9/configparser.py", line 960, in __getitem__
    raise KeyError(key)
KeyError: 'global'
unable to load app 0 (mountpoint='') (callable not found or import error)
*** no app loaded. going in full dynamic mode ***
*** uWSGI is running in multiple interpreter mode ***
spawned uWSGI master process (pid: 1)
spawned uWSGI worker 1 (pid: 40, cores: 1)
spawned uWSGI worker 2 (pid: 41, cores: 1)
spawned uWSGI worker 3 (pid: 42, cores: 1)
spawned uWSGI worker 4 (pid: 43, cores: 1)
--- no python application found, check your startup logs for errors ---
[pid: 41|app: -1|req: -1/1] 172.22.0.22 () {46 vars in 846 bytes} [Mon Nov 23 11:39:23 2020] POST /api/v1/collection/list_multi/?stoken=eFHSDF9jiBvPyiyHEzfN1I9ss3H_X7X5 => generated 21 bytes in 1 msecs (HTTP/1.1 500) 2 headers in 83 bytes (0 switches on core 0)
--- no python application found, check your startup logs for errors ---
[pid: 42|app: -1|req: -1/2] 172.22.0.22 () {46 vars in 846 bytes} [Mon Nov 23 11:39:23 2020] POST /api/v1/collection/list_multi/?stoken=eFHSDF9jiBvPyiyHEzfN1I9ss3H_X7X5 => generated 21 bytes in 1 msecs (HTTP/1.1 500) 2 headers in 83 bytes (0 switches on core 0)
--- no python application found, check your startup logs for errors ---
[pid: 43|app: -1|req: -1/3] 172.22.0.22 () {46 vars in 846 bytes} [Mon Nov 23 11:39:25 2020] POST /api/v1/collection/list_multi/?stoken=eFHSDF9jiBvPyiyHEzfN1I9ss3H_X7X5 => generated 21 bytes in 0 msecs (HTTP/1.1 500) 2 headers in 83 bytes (1 switches on core 0)
--- no python application found, check your startup logs for errors ---
[pid: 43|app: -1|req: -1/4] 172.22.0.22 () {46 vars in 846 bytes} [Mon Nov 23 11:41:35 2020] POST /api/v1/collection/list_multi/?stoken=eFHSDF9jiBvPyiyHEzfN1I9ss3H_X7X5 => generated 21 bytes in 40 msecs (HTTP/1.1 500) 2 headers in 83 bytes (1 switches on core 0)
--- no python application found, check your startup logs for errors ---
[pid: 41|app: -1|req: -1/5] 172.22.0.22 () {46 vars in 846 bytes} [Mon Nov 23 11:41:35 2020] POST /api/v1/collection/list_multi/?stoken=eFHSDF9jiBvPyiyHEzfN1I9ss3H_X7X5 => generated 21 bytes in 0 msecs (HTTP/1.1 500) 2 headers in 83 bytes (1 switches on core 0)
--- no python application found, check your startup logs for errors ---
[pid: 40|app: -1|req: -1/6] 172.22.0.22 () {46 vars in 846 bytes} [Mon Nov 23 11:41:47 2020] POST /api/v1/collection/list_multi/?stoken=eFHSDF9jiBvPyiyHEzfN1I9ss3H_X7X5 => generated 21 bytes in 0 msecs (HTTP/1.1 500) 2 headers in 83 bytes (0 switches on core 0)
--- no python application found, check your startup logs for errors ---
[pid: 42|app: -1|req: -1/7] 172.22.0.22 () {46 vars in 846 bytes} [Mon Nov 23 11:41:47 2020] POST /api/v1/collection/list_multi/?stoken=eFHSDF9jiBvPyiyHEzfN1I9ss3H_X7X5 => generated 21 bytes in 0 msecs (HTTP/1.1 500) 2 headers in 83 bytes (0 switches on core 0)
--- no python application found, check your startup logs for errors ---
[pid: 41|app: -1|req: -1/8] 172.22.0.22 () {46 vars in 846 bytes} [Mon Nov 23 11:41:47 2020] POST /api/v1/collection/list_multi/?stoken=eFHSDF9jiBvPyiyHEzfN1I9ss3H_X7X5 => generated 21 bytes in 0 msecs (HTTP/1.1 500) 2 headers in 83 bytes (1 switches on core 0)

[victor-rds]

@victor-rds I recently started to receive errors accessing /data which persisted even after chown -R 373:373 ./etebase/data. I looked through this thread and ran the container as user 0:0 which got rid of the permissions errors but now seem to be running into new errors.

Thanks for the feedback, I will take a look ASAP

[victor-rds]

I fixed some mistakes on my entrypoint.sh, and stupid ones to be honest :man_facepalming:, the build has started, you can check the progress here, the new build will affect only the latest, slim, alpine and the 0.5.3 tags

[worldofgeese]

You fixed some stupid mistakes of mine so we'll call it even 😂