ddns-updater icon indicating copy to clipboard operation
ddns-updater copied to clipboard

Published 20 hours ago verified publisher icon qdm12

Help: no permission on /updater/data/updates.json

Open intothefantasy opened this issue 3 years ago • 4 comments

when i am using the docker compose script, i will get an error of permission issue on /updater/data/updates.json.

if i using the command to run the container docker run -d -p 8000:8000/tcp -v "$(pwd)"/data:/updater/data qmcgaw/ddns-updater

i wont have this issue. can i know how to solve this with the compose script? since i can have more options there as well. quite new to docker in this case

i am executing this compose command script with portainer tho. i am not sure if portainer has any problem with it, i have followed the instruction guide in chmod the data files etc. still not working

intothefantasy avatar Dec 16 '21 03:12 intothefantasy

It's most likely not the same paths then. Try to use absolute paths in both instead of relative paths to avoid any confusion.

qdm12 avatar Dec 16 '21 07:12 qdm12

I think the issue is the default UID and GID is hardcoded as 1000, and his id are not, I think it is more suitable not to hardcode that but to pass as a env parameter for users to choose, default as 0, which is root

https://github.com/qdm12/ddns-updater/blob/master/README.md?plain=1#L310

duchenpaul avatar Dec 23 '21 08:12 duchenpaul

I think it is more suitable not to hardcode that but to pass as a env parameter for users to choose

You can't do that, except if your container runs as root. Those images proposing these at runtime do have their entrypoint run as root, and usually drop root for a subprocess. It's better than just running as root, but not as secured as running entirely without root from the start. Also this image is based on scratch so dropping root privileges is not trivial either.

EDIT: I'll see maybe that's possible with more opened files/directories permissions (chmod 777 for most things built-in the image).

qdm12 avatar Dec 23 '21 10:12 qdm12

That might be some interesting code to try out in the future:

https://github.com/boxboat/fixuid/blob/2da266acec27c3ffde018feb7337e7de2c29ba5c/fixuid.go#L287-L305

Although it has little point if the first process doesn't exit after launching the subprocess without root.

qdm12 avatar Mar 09 '22 21:03 qdm12

Just had the same problem on Unraid. Unraid defaults to nobody:users 99:100 for created folders, so i had to manually change ownership to 1000.

fustios avatar Sep 24 '22 22:09 fustios

This is 'by design' (actually not a bug, a feature 😄), and yes running uid and gid are hardcoded in the image since otherwise it will likely run as root by default which is undesirable.

See step 1 of the setup to go around this if you don't want to change permissions of files: https://github.com/qdm12/ddns-updater/#setup

qdm12 avatar Jun 12 '23 09:06 qdm12