docker icon indicating copy to clipboard operation
docker copied to clipboard

Published 20 hours ago verified publisher icon nextcloud

I'm having some trouble running Nextcloud in rootless mode with podman.

Open daiaji opened this issue 3 years ago • 7 comments

Since the podman rootless mode maps the root user in the container to the user running podman, preventing Nextcloud from running as root will cause a lot of trouble, mainly in file reading and writing, especially when accessing files created by my current user. Is there a way to get Nextcloud in a container to run as root?

daiaji avatar Jan 29 '22 16:01 daiaji

What OS are you using? Did you setup /etc/subuid and /etc/subgid?

Maybe rootless-containers-with-podman-the-basics and set_up_for_rootless_containers can help...

gunchev avatar Feb 19 '22 23:02 gunchev

Basically I followed the steps of archwiki to set it up. I use Manjaro.

daiaji avatar Feb 20 '22 10:02 daiaji

I've been running with rootless Podman for more than a year, so there shouldn't be any issue. I use Fedora though, so the OS is set up for Podman out of the box. Did you run podman system migrate before creating the containers?

Edit: If you want to manually add files, they should be owned by the container's www-data user. You can change the ownership with podman unshare chown 33:33 filename (I'm not 100% sure if 33 is the uid/gid of www-data inside the container)

0ranki avatar Mar 10 '22 20:03 0ranki

Basically I have backups of some home folders and I want to access them from nextcloud, for which I have to make nextcloud run as root in the container. And those backups will work when my OS suffers a devastating filesystem corruption, I don't want to have to deal with a lot of permission issues then.

PS:Of course my filesystem has been corrupted twice in the last month due to the stability degradation caused by memory OC, and my backups helped me.

daiaji avatar Mar 11 '22 12:03 daiaji

As they are backups, e.g. not in use at the moment, I would just change the ownership of the backup files.

If you download them from Nextcloud via the web UI, desktop client or webdav, they are written to your local disk with the UID of your current user.

If you need to restore them sometimes using some other way, a simple chown -R $(id -u username) ~username should be enough.

0ranki avatar Mar 11 '22 12:03 0ranki

It's just that I simply don't want to have to change the owner of the folder when restoring the filesystem. And it means that the files I want to access from nextcloud all have to change the owner, and some online services have to change the running user too, which is very cumbersome.

daiaji avatar Mar 11 '22 12:03 daiaji

By modifying docker-entrypoint.sh The run_as function is the following.

run_as() {
        sh -c "$1"
}

And use the following dockerfile to compile the docker image.

FROM nextcloud:fpm-alpine
RUN sed -i "s/www-data/root/g" /usr/local/etc/php-fpm.d/www.conf
COPY docker-entrypoint.sh /entrypoint.sh

By running the container, replace the CMD parameter with php-fpm -R.

ps
PID   USER     TIME  COMMAND
    1 root      0:00 php-fpm: master process (/usr/local/etc/php-fpm.conf)
    5 root      0:02 php-fpm: pool www
    9 root      0:02 php-fpm: pool www
   10 root      0:01 php-fpm: pool www
   11 root      0:00 ps

It seems that nextcloud can run as root.

Maybe I can submit a PR to make it easier. For example, provide a variable?

daiaji avatar Mar 12 '22 13:03 daiaji

Please use https://help.nextcloud.com/ for individual deployment questions.

J0WI avatar Jun 23 '23 14:06 J0WI

It seems that the problem has never been resolved.

daiaji avatar Jun 23 '23 16:06 daiaji