linkding icon indicating copy to clipboard operation
linkding copied to clipboard
verified publisher icon sissbruecker

Media Features not working when running container as non-root user (latest-plus image)

Open YahiaJr opened this issue 1 year ago • 8 comments

The following media-related features (Tasks) hangs indefinitely when running the container as non root user:

  • Featching Previews for bookmarks.
  • Fetching Favicons of links.
  • Creating a snapshot of the bookmark locally.

These features are not reporting errors but their tasks hangs forever, but If I ran the same image with all the same configurations/envVars but with normal root user, it works fine.

I'm running the latest-plus image.

YahiaJr avatar Oct 28 '24 16:10 YahiaJr

Can confirm, I'm also facing the issue when running sissbruecker/linkding:1.36.0 as non-root in a K8s cluster.

KentaKariya avatar Dec 27 '24 12:12 KentaKariya

I checked this and the icons are working for me with a non-root user. I am in Docker. Where is the link preview? I've never seen this.

electricmessiah avatar Jan 03 '25 19:01 electricmessiah

The preview can be enabled under Settings by checking Enable Preview Images which is right under Enable Favicons.

KentaKariya avatar Jan 12 '25 15:01 KentaKariya

Thanks. I had an older version. I enabled this and see the placeholder images. Working.

electricmessiah avatar Jan 12 '25 16:01 electricmessiah

Also running as non-root (hard requirement for public facing services) and can confirm that favicons and preview images do not load. Issue present on both 1.40.0 and 1.40.0-alpine images.

elaurensx avatar May 18 '25 19:05 elaurensx

same, no favicons or images loaded. Only placeholder for images.

LE: disregard my comment, I had LD_DISABLE_BACKGROUND_TASKS: True in my config 🥇

C8opmBM avatar May 21 '25 15:05 C8opmBM

Its because supervisord can't start when running non-root (https://github.com/sissbruecker/linkding/blob/578680c3c174c8f8d9b70356628f6707d7eafc4b/supervisord.conf#L2)

2025-05-25 18:24:29.901770+00:00Error: Can't drop privilege as nonroot user
2025-05-25 18:24:29.901792+00:00For help, use /opt/venv/bin/supervisord -h

stavros-k avatar May 27 '25 14:05 stavros-k

To get around this, I'm overriding the bootstrap.sh script which gets executed on start. As a result the supervisord process still runs as root, but the uwsgi server runs as user www-data. Would still much rather be able to set runAsUser: 1000 in k8s deployment manifest.

Alpine image

#!/usr/bin/env bash
# Bootstrap script that gets executed in new Docker containers

apk add --no-cache su-exec

...

# Start uwsgi server
exec su-exec www-data:www-data uwsgi --http $LD_SERVER_HOST:$LD_SERVER_PORT uwsgi.ini

elaurensx avatar May 29 '25 13:05 elaurensx