Allow uid/gid change

[nodiaque]

Is there an existing issue for this?

• I have searched the existing open and closed issues

Is your feature request related to a problem? Please describe

With unraid, we normally run all our docker with user 99 and group 100. I tried using the extra-parameters --user=99:100, this result in many error and the service not starting.

Describe the solution you'd like

Implement the use of custom UID/GID as env variable

Describe alternatives you've considered

using --user-99:100. While it did ran with that user, it failed to do anything.

Anything else?

.

Am I willing to test this? 🧪

• I will do my best to test this feature on the netlertx-dev image when requested within 48h and report bugs to help deliver a great user experience for everyone and not to break existing installations.

Can I help implement this? 👩‍💻👨‍💻

• Yes
• No

[jokob-sk]

Hi @nodiaque ,

Thanks for the suggestion.

This was actually available previously, but we removed it due some other issues.

@vladaurosh - are you able to help out here - do you think we should re-introduce it or is there another workaround?

Thanks,
j

[vladaurosh]

What happens when container starts? Does unraid allow user to set user:group on directories?

[nodiaque]

Unraid doesn't block anything as long as the user have the proper permission. On the host (unraid), everything "public" or shared accross docker/services is saved using the account nobody:group which is uis 99 and gid 100. Many container start and do a chown and even some do chmod.

Right now, if I use --user=99:100, it will try but do error.

The whole log file is:

s6-rc: info: service s6rc-oneshot-runner: starting
s6-rc: info: service s6rc-oneshot-runner successfully started
s6-rc: info: service fix-attrs: starting
s6-rc: info: service SetupOneshot: starting
s6-rc-oneshot-run: fatal: unable to exec /app/dockerfiles/setup.sh: Permission denied
s6-rc: warning: unable to start service SetupOneshot: command exited 126
s6-rc: info: service fix-attrs successfully started
s6-rc: info: service legacy-cont-init: starting
s6-rc: info: service legacy-cont-init successfully started

And it just stay there without netalertx running

[vladaurosh]

@nodiaque If they are forcing certain user:group,they are blocking as not every container can run as any user.
In case of netalertx, which is multiprocess container, s6 overlay is used as init system (runs as root), which runs php-fpm, nginx and runs python application.

What is the log output when container start without setting user:group?

[nodiaque]

They are not forcing, dockets will run without doing it. Problem is anything else will have access problem to the file it will write/modify/access outside of the host. For instance the log file that is write in the persistence storage, I can't read it without opening a console with root and doing either a chmod or chown.

The log file is already posted in the reply just above yours

[vladaurosh]

So without uid:gid change container start, it's just the issue with permissions of volumes?

[nodiaque]

No. You can see multiple error in the log and the Gui never load.

Edit: sorry I badly read your question.

Without the uid and gid change, the problem is the file is permission yes. The filesystem of the host server use 99:100 for file permission and this docker using something else break everything else. Can't access the file, can't backup them, etc.