docker-qbittorrent
docker-qbittorrent copied to clipboard
emmercm
[Suggestion] add GID UID UMASK
I completely changed this ticket, I asked to include unrar to the image, but I found Unpackerr. Will use that in stead.
I do have another question: I am impressed by this image because it is only 150MB and fully functional, but now see all my downloads are owned by root. Is it possible to support something like GID and GPID like Linuxserver does, to set correct user permissions?
I'll be fully honest, I don't know the most about user and group permissioning when it comes to Docker. Are you saying that because the Docker daemon is run as root that any files created in the mount are owned by root?
Hi yes that is what it looks like, but I guess I need to do further testing.. I will install hotio qbittorrent and see what the difference is. Every download related package, both from hotio and linuxserver force you to change the IDs. I guess its for a reason. Still I prefer yours because the image is half the size compared to others.
Assuming you're using user 1000 and group 1000, add user: 1000:1000 to your docker compose (or --user 1000:1000 to your docker run command) to run the whole thing as a certain user ID. The quirk is that you should either pre-create the volume folders, as they get created as root (by docker) and so the 1000 user won't have the ability to write to them. This is why many other scripts run as root and then drop privileges, as they chown the various volume mount points and then use su to run the start command as the user.
EDIT: I stand corrected. The way this container is set up, it is very oriented around the /root folder. When mounting /config, docker oddly follows the symbolic link and mounts at /root/.config/qBittorrent (same with the data folder at /root/.local/share/qBittorrent). This makes it fully reliant on /root and the restrictive 700 permissions of /root.
There is really no need I can see to run qBittorrent as root.
Possible solution 1 The easiest solution would be if these symbolic links were the other way around [so /config is the folder and /root/.config/qBittorrent was the symbolic link]. This could even be created at runtime by the entrypoint script. At that point, the user could add 'user 1000:1000' to their start command and shouldn't have any permission issues (assuming the folder itself has the right permissions at a system level).
Possible solution 2
- opening up /root 's permissions (
chmod 777 /root /root/.local/share/qBittorrent /root/.config/qBittorrent) - Having an
adduser -h '/root' -u PUID-D -H user[where the PUID is supplied via a variable] in the entrypoint script. The username doesn't really matter within the container, so I've just used user - Running
su -m -c "$@" userinstead of just the exec.
I figured out how to run qBittorrent rootless :
docker-compose.yml
version: "3"
services:
qbittorrent:
image: emmercm/qbittorrent:latest
container_name: qbittorent
#restart: unless-stopped
user: 1000:1000
networks:
- torrent
environment:
- TZ=Europe/Paris
- HOME=/home/abc
ports:
- 30000:30000
- 8080:8080
- 6881:6881/tcp
- 6881:6881/udp
volumes:
- /etc/localtime:/etc/localtime:ro
- ./etc_passwd:/etc/passwd:ro
- ./entrypoint.sh:/entrypoint.sh
- ./config:/home/abc/
networks:
torrent:
external: true
entrypoint.sh
#!/usr/bin/env sh
set -euo pipefail
PING_IPS=${PING_IPS:-1.1.1.1 1.0.0.1}
IP_URL=${IP_URL:-http://whatismyip.akamai.com}
# Wait for internet connection
# Note: can't use `ping` due to a known issue (https://forums.docker.com/t/ping-from-within-a-container-does-not-actually-ping/11787)
echo "Waiting for internet connection ..."
while true; do
for PING_IP in ${PING_IPS}; do
if curl --silent --output /dev/null --max-time 1 ${PING_IP}; then
break 2
fi
done
sleep 1
done
# Print external IP
EXTERNAL_IP=$(curl --max-time 10 --silent "${IP_URL}")
echo
echo "*****************$(printf "%${#EXTERNAL_IP}s\n" | tr " " "*")****"
echo "* $(printf "%${#EXTERNAL_IP}s\n" | tr " " " ") *"
echo "* External IP: ${EXTERNAL_IP} *"
echo "* $(printf "%${#EXTERNAL_IP}s\n" | tr " " " ") *"
echo "*****************$(printf "%${#EXTERNAL_IP}s\n" | tr " " "*")****"
echo
# Default qBittorrent config
if [[ ! -f /config/qBittorrent.conf ]]; then
cp /qBittorrent.conf /home/abc/.config/qBittorrent/qBittorrent.conf
fi
exec "$@"
etc_passwd:
root:x:0:0:root:/root:/bin/ash
bin:x:1:1:bin:/bin:/sbin/nologin
daemon:x:2:2:daemon:/sbin:/sbin/nologin
adm:x:3:4:adm:/var/adm:/sbin/nologin
lp:x:4:7:lp:/var/spool/lpd:/sbin/nologin
sync:x:5:0:sync:/sbin:/bin/sync
shutdown:x:6:0:shutdown:/sbin:/sbin/shutdown
halt:x:7:0:halt:/sbin:/sbin/halt
mail:x:8:12:mail:/var/mail:/sbin/nologin
news:x:9:13:news:/usr/lib/news:/sbin/nologin
uucp:x:10:14:uucp:/var/spool/uucppublic:/sbin/nologin
operator:x:11:0:operator:/root:/sbin/nologin
man:x:13:15:man:/usr/man:/sbin/nologin
postmaster:x:14:12:postmaster:/var/mail:/sbin/nologin
cron:x:16:16:cron:/var/spool/cron:/sbin/nologin
ftp:x:21:21::/var/lib/ftp:/sbin/nologin
sshd:x:22:22:sshd:/dev/null:/sbin/nologin
at:x:25:25:at:/var/spool/cron/atjobs:/sbin/nologin
squid:x:31:31:Squid:/var/cache/squid:/sbin/nologin
xfs:x:33:33:X Font Server:/etc/X11/fs:/sbin/nologin
games:x:35:35:games:/usr/games:/sbin/nologin
cyrus:x:85:12::/usr/cyrus:/sbin/nologin
vpopmail:x:89:89::/var/vpopmail:/sbin/nologin
ntp:x:123:123:NTP:/var/empty:/sbin/nologin
smmsp:x:209:209:smmsp:/var/spool/mqueue:/sbin/nologin
guest:x:405:100:guest:/dev/null:/sbin/nologin
nobody:x:65534:65534:nobody:/:/sbin/nologin
abc:x:1000:1000:abc:/home/abc:/bin/ash
then you've to create directories with the right permission (1000:1000 or UUID:GUID of your choice) :
mkdir -p ./config/.config/qBittorrent ./config/.local/share/qBittorrent
chown -R 1000:1000 .config
and finally run qBittorrent
docker-compose pull
docker-compose up -d
