minecraft-overviewer
minecraft-overviewer copied to clipboard
mide
Add Permissions Documentation
Document how to get permissions correct. Discussion here: https://github.com/mide/minecraft-overviewer/issues/51#issuecomment-624988309.
Hi, Thank you for doing the hard work for us! And sorry if tis is a noob question.
I installed a Minecraft server on my Synology NAS using docker and the https://github.com/itzg/docker-minecraft-server image. Using that image I could specify a UID and GID environment variable so it could read/write to a shared folder on my NAS.
Could the same permissions issue with your image be solved by replacing the hard coded ID's with such ENV vars?
https://github.com/mide/minecraft-overviewer/blob/630ee33c1ab5dde6e33c7cc8e947c11face0f5d2/Dockerfile#L38-L39
Hi @ivanvermeyen --
Those IDs (UserID & GroupID) are set at build-time, and not at runtime. That means that even if I use environment variables, in the final image the IDs will have already been set.
Do you know what UID and GID you need to use? Is it possible to create multiple users and put them in the same group?
I know the user ID from the NAS user and I can add new users, but I don't see a way to give Docker access using these. The only solution I found for other images was using a USER_ID, GUID or UID env var... This also keeps coming back when I google this problem.
Eventually (just now) I found a solution by adding read/write permissions to Everyone (as in chmod 777) by
- open File Station
- Right click a specific folder and click properties
- Go to permissions
- Add a new permission
- Select the user/group "Everyone"
- Select read and write privileges
Not sure if this is a good approach, but it works...
Doing a chmod 777 is generally advised against, as it grants all users/processes access to those files. It can be pretty dangerous in some circumstances (I do understand this is only Minecraft, but the principle remains).
I found for other images was using a USER_ID, GUID or UID env var...
Could you link to them? I'm interested to see how they solve the problem. I suppose I could provision the user at runtime, perhaps there is another easy way to achieve the desired result.
I'm having a hard time finding back those repo's... I've been browsing so much... But these two I have used...
This one has a UID and GID option: https://github.com/itzg/docker-minecraft-server#running-as-alternate-usergroup-id
This one has a USER_UID and GROUP_GID option: https://github.com/hexparrot/mineos-node/blob/master/entrypoint.sh
I also found a few blogs about this problem. It seems there is also a built-in --user flag on the docker command (see one of the blog posts), but I cannot find this on the NAS UI... This is probably not supported by the NAS. I also don't know if the code needs to support the --user flag in some way.
- https://medium.com/@mccode/understanding-how-uid-and-gid-work-in-docker-containers-c37a01d01cf
- https://medium.com/redbubble/running-a-docker-container-as-a-non-root-user-7d2e00f8ee15
- https://dev.to/acro5piano/specifying-user-and-group-in-docker-i2e
And a related Gist that may or may not be useful: https://gist.github.com/renzok/29c9e5744f1dffa392cf
- Oh that's very clever. They're modifying the user at runtime to specify a UID/GID. That's doable. https://github.com/itzg/docker-minecraft-server/blob/190e401452f592add4bf3b24bba3267ecc624c79/start#L12-L37
- This one is just provisioning the user/group at runtime, which is also an option but would increase boot times. https://github.com/hexparrot/mineos-node/blob/603d9c58b2b52b66098bbe0dfac2645a115d9c47/entrypoint.sh#L72