panel
panel copied to clipboard
pterodactyl
Server startup command is executed with non-existent user
Is there an existing issue for this?
- [X] I have searched the existing issues before opening this issue.
Current Behavior
When wings is installed, it creates a user named pterodactyl. This user apparently gets the first free UID, which is less than 1000. The UID of the created user is used as user inside the server container e.g. to execute the startup command. However, in almost all cases there is no user with this UID in the containers. Some servers seem to have a problem with the user not having a username and therefore do not start (e.g. DayZ).
Expected Behavior
In every pterodactyl image that I have seen so far, a user named container is created. This user always seems to have the UID 1000. Shouldn't the containers or the start commands be executed with this user? Is the container run with a user that does not exist in the containers for security reasons?
I changed the UID of the user pterodactyl on the host system to 1000 for testing and also adjusted it in the wings configuration. After this change the server starts without any problems. However, I am not sure now if this makes my setup more insecure.
Steps to Reproduce
This behavior occurs with every server. However, it seems to be a problem only on a few servers (e.g. DayZ).
I can also provide my DayZ egg for testing if needed.
Panel Version
1.6.6
Wings Version
1.5.3
Error Logs
No response
I can confirm this. When User and Group pterodactyl is 1000, the dayz egg work now. i test it with other, but it would be great, when this can be changed
User management with containers is a mess, TL;DR is that only the UID and GIDs on the host matter. I still need to look into if we actually need to create the user within the container as it seems when we pass the UID and GID when running the container, there is no need for the container to create and switch to it's own user.
Other than that, this is not really a bug.
Related to https://github.com/pterodactyl/wings/pull/106
There is no need to create a new user in the containers. In each container exists the user container, which has the UID 1000 and GUID 1000, because it is the first and only user. Probably it would be enough to pass 1000 as UID and GID when running the container but the corresponding options in config.yml get overwritten every time wings is started.
@matthewpi it helps keep the file permissions outside of the container correct, which is why it was done that way if I remember correctly.
I've run into this once before and was able to fix it by exporting USER=pterodactyl. No idea if that will work in this particular case, but the symptoms were similar where it would work if the UID was 1000, but if it was under 1000 it only worked when the user variable was set.
Here is the answer from the DayZ Linux Server Dev:
I think I can further narrow down the cause of this problem. Basically, the server works in a Docker container. However, when starting the Docker container, it is possible to set the UID and GID under which the commands are executed within the container. If you use a UID and GID for which there is no user in the container, then the commands are executed under a user that has no user name. Instead of the user name, only "I have no name" is displayed. For most commands and programs this does not seem to be a problem but the DayZ server crashes when executed by a user who does not have a username.
https://feedback.bistudio.com/T162311
So as we have a default user we have in the wings config I do think it's worhwhile to just set the uid in the container to match it.
So we would need to update the useradd to specify uid 988
As seen here - https://github.com/pterodactyl/wings/blob/2b2b5200eb5f208e44f6c5303ace37529d208986/config/config.go
@gOOvER This is not an answer from the developers. I have added this comment to this issue so that the developers can search more specifically for the problem.
@parkervcp The UID is not always 998, it can be different on each system. The default pterodactyl user gets the first free ID under 1000, so which ID he gets depends on how many users already exist on the system when pterodactyl is installed.
