charm
charm copied to clipboard
charmbracelet
Allow for Docker containers to run charm with a specified user/group id.
When running the Docker container, it creates files with root as the owner.
jeff@library:~/charm-r/data$ ls -al total 28 drwxr-xr-x 5 root root 4096 Feb 27 18:08 . drwxr-xr-x 3 jeff jeff 4096 Feb 27 18:08 .. drwx------ 2 root root 4096 Feb 27 18:08 db drwx------ 2 root root 4096 Feb 27 18:08 files drwx------ 2 root root 4096 Feb 27 18:08 .ssh -rw-r--r-- 1 root root 8192 Feb 27 18:08 stats
Ideally, there should be a way to set a uid/gid for the application, like how the linuxserver.io folks do their containers that allow environment variables to be set (PUID/PGID). See https://hub.docker.com/r/linuxserver/radarr and https://github.com/linuxserver/docker-baseimage-ubuntu for examples. The base image is where all the smarts are for PUID/PGID.
I was able to create my own docker image using linuxserver/docker-baseimage-ubuntu and adapting the raddar docker config. I'm not sure if that is the approach that should be taken, but the linuxserver folks have already done the hard work.
"charm with custom docker container" jeff@library:~/charm/data$ ls -al total 28 drwxr-xr-x 5 jeff jeff 4096 Feb 27 17:47 . drwxr-xr-x 3 jeff jeff 4096 Feb 27 18:19 .. drwx------ 2 jeff jeff 4096 Feb 27 17:47 db drwx------ 3 jeff jeff 4096 Feb 27 17:47 files drwx------ 2 jeff jeff 4096 Feb 27 17:46 .ssh -rw-r--r-- 1 jeff jeff 8192 Feb 27 17:47 stats
You should already be able to do this without any changes to the image, by using the --user flag or slightly adjusting your docker-compose.yml:
services:
charm:
image: charmcli/charm:latest
user: "1000:1000"
...
If there are any issues with this approach I'm not aware of, please let me know!
That doesn't seem to work:
jeff@library:~/charm-r$ ls -al
total 12
drwxr-xr-x 2 jeff jeff 4096 Feb 28 20:10 .
drwxr-xr-x 20 jeff jeff 4096 Feb 28 20:08 ..
-rw-r--r-- 1 jeff jeff 205 Feb 28 20:08 docker-compose.yml
jeff@library:~/charm-r$ cat docker-compose.yml
version: "3.1"
services:
soft-serve:
network_mode: host
image: charmcli/charm:latest
user: "1000:1000"
container_name: charm
volumes:
- ./data:/data
restart: unless-stopped
jeff@library:~/charm-r$ docker-compose up -d
Creating charm ... done
jeff@library:~/charm-r$ ls -al
total 16
drwxr-xr-x 3 jeff jeff 4096 Feb 28 20:12 .
drwxr-xr-x 20 jeff jeff 4096 Feb 28 20:08 ..
drwxr-xr-x 2 root root 4096 Feb 28 20:12 data
-rw-r--r-- 1 jeff jeff 205 Feb 28 20:08 docker-compose.yml
jeff@library:~/charm-r$ cd data
jeff@library:~/charm-r/data$ ls -al
total 8
drwxr-xr-x 2 root root 4096 Feb 28 20:12 .
drwxr-xr-x 3 jeff jeff 4096 Feb 28 20:12 ..
jeff@library:~/charm-r/data$ docker-compose logs | head
Attaching to charm
charm | Error: mkdir /data/.ssh: permission denied
charm | Usage:
charm | charm serve [flags]
charm |
jeff@library:~/charm-r/data$ id
uid=1000(jeff) gid=1000(jeff) groups=1000(jeff),24(cdrom),25(floppy),27(sudo),29(audio),30(dip),44(video),46(plugdev),109(netdev),112(docker)
I think that's just standard docker-compose behavior: you need to manually create the data volume dir with the right permissions, otherwise they will be created by the user running docker.
That was indeed the case. Many thanks for the help.
On Tue, Mar 1, 2022 at 12:03 AM Christian Muehlhaeuser < @.***> wrote:
I think that's just standard docker-compose behavior: you need to manually create the data volume dir with the right permissions, otherwise they will be created by the user running docker.
— Reply to this email directly, view it on GitHub https://github.com/charmbracelet/charm/issues/90#issuecomment-1055021552, or unsubscribe https://github.com/notifications/unsubscribe-auth/AAATJFKNUOHTYPXZAKU5UOLU5WQJ3ANCNFSM5PPS2E3Q . Triage notifications on the go with GitHub Mobile for iOS https://apps.apple.com/app/apple-store/id1477376905?ct=notification-email&mt=8&pt=524675 or Android https://play.google.com/store/apps/details?id=com.github.android&referrer=utm_campaign%3Dnotification-email%26utm_medium%3Demail%26utm_source%3Dgithub.
You are receiving this because you authored the thread.Message ID: @.***>
-- Jeff Macdonald Ayer, MA