docker-pi-hole icon indicating copy to clipboard operation
docker-pi-hole copied to clipboard

Published 20 hours ago verified publisher icon pi-hole

Same UID and GID in passwd and groups for WEB and PIHOLE

Open dschaper opened this issue 1 year ago • 5 comments

Only problem, I tried to get the same UID/GID for WEB and PIHOLE which is not working. After I figured out that it creates the same UID and GID in passwd and groups, I removed WEB_UID and WEB_GID (which is almost useless) all is working.

I'll take a look at that soon.

Originally posted by @dschaper in https://github.com/pi-hole/docker-pi-hole/issues/328#issuecomment-1086930462

dschaper avatar Jul 12 '22 21:07 dschaper

piggy backing off this, setting the uid looks to work, but gid does not.

currently using this in kubernetes with the following configMap to be used as env variables:

   TZ: "America/New_York"                #Set your timezone by replacing America/New_York. See https://en.wikipedia.org/wiki/List_of_tz_database_time_zones for more timezones
    VIRTUAL_HOST: "pi.hole"               #Location of the admin portal
    PROXY_LOCATION: "pi.hole"
    ServerIP: "10.15.15.231"           #Set ServerIP to the External IP address for pihole-web that we got from the above confirmation
    DNSSEC: "true"                       #Default is false, change to true to enable DNSSEC support
    PIHOLE_DNS_: "9.9.9.9;149.112.112.112"        #Upstream DNS Server, seperate by semicolon ";"
    WEB_PORT: "80"                        #container port for Web UI
    DNSMASQ_USER: "root"
    PIHOLE_UID: "0"
    PIHOLE_GID: "0"

PiHole UID changes to 0, but group does not. Output of cat /etc/passwd:

pihole:x:0:999::/home/pihole:/usr/sbin/nologin

Start-up Logs:

[s6-init] making user provided files available at /var/run/s6/etc...exited 0.
[s6-init] ensuring user provided files have correct perms...exited 0.
[fix-attrs.d] applying ownership & permissions fixes...
[fix-attrs.d] 01-resolver-resolv: applying...
[fix-attrs.d] 01-resolver-resolv: exited 0.
[fix-attrs.d] done.
[cont-init.d] executing container initialization scripts...
[cont-init.d] 05-changer-uid-gid.sh: executing...
Changing ID for user: www-data (33 => 1000)
Changing ID for group: www-data (33 => 1000)
Changing ID for user: pihole (999 => 0)
[cont-init.d] 05-changer-uid-gid.sh: exited 0.
[cont-init.d] 20-start.sh: executing...
 ::: Starting docker specific checks & setup for docker pihole/pihole

MujiSayed avatar Jul 26 '22 02:07 MujiSayed

This issue is stale because it has been open 30 days with no activity. Please comment or update this issue or it will be closed in 5 days.

github-actions[bot] avatar Aug 25 '22 08:08 github-actions[bot]

So, playing about with this, it appears that two users can have the same UID, but two groups cannot. Which is why attempting to set it to 0 fails, as root already uses it.

Same thing if you use 1000 for all the values. As we can see in the following snip, the www-data group is set first, so setting pihole to the same id will always fail

https://github.com/pi-hole/docker-pi-hole/blob/0d5a001916335cf4b27408217063ac9e04cc7e0d/src/s6/debian-root/usr/local/bin/_uid-gid-changer.sh#L32-L35

E.g setting PIHOLE_U/GID as 1000 and WEB_U/GID as 1001 works on my side. But to echo some further thoughts - I'm not really sure why WEB_U/GID needed to be added to this id changer

PromoFaux avatar Sep 02 '22 22:09 PromoFaux

I have added some clarifying notes on the readme :

https://github.com/pi-hole/docker-pi-hole/blob/f044e58b5cf9a2cdadf947d8577065285959feef/README.md#experimental-variables

PromoFaux avatar Sep 02 '22 23:09 PromoFaux

Not being able to use 0 as GID or same WEB/PIHOLE ID is also pain in Qnap devices (admin uses 0/0 uid/gid)

jerry1333 avatar Jan 21 '23 22:01 jerry1333