urbackup-server-docker icon indicating copy to clipboard operation
urbackup-server-docker copied to clipboard
verified publisher icon uroni

fix: improve entrypoint to conditionally chown directories

Open hakong opened this issue 1 year ago • 1 comments

This fix makes the entrypoint only attempt to chown if the directory is not writable to the 'urbackup' user. If the directory is not writable for root (example: rootless container, backup dir on host is NFS mounted and bind mounted into container) the chown will fail, preventing the container from running.

hakong avatar May 11 '24 13:05 hakong

Problem:

[urbackup@container-2 ~]$ podman run \
                            --replace \
                            --name=urbackup \
                            -v /net/nfshost.domain/mnt/urbackup:/backups \
                            -v /home/urbackup/data/urbackup:/var/urbackup:Z \
                            --env PGID=1005 \
                            --env PUID=1005 \
                            -it docker.io/uroni/urbackup-server:latest
chown: changing ownership of '/backups': Operation not permitted
[urbackup@container-2 ~]$

Chown fails even if directory is root:root:

root@43290fbc4904:/# ls -lad backups/
drwxr-xr-x. 2 root root 2 May 11 13:29 backups/
root@43290fbc4904:/# id
uid=0(root) gid=0(root) groups=0(root)
root@43290fbc4904:/# chown urbackup:urbackup /backups
chown: changing ownership of '/backups': Operation not permitted
root@43290fbc4904:/#

More info:

[urbackup@container-2 ~]$ podman run --replace --name=urbackup -v /net/nfshost.domain/mnt/urbackup:/backups -v /home/urbackup/data/urbackup:/var/urbackup:Z  --env PGID=1005 --env PUID=1005 -it --entrypoint=/bin/bash docker.io/uroni/urbackup-server:latest

root@13762144dabd:/# cp -R /web-backup/* /usr/share/urbackup
# Specifying backup-folder location
echo "/backups" > /var/urbackup/backupfolder

root@13762144dabd:/# if [[ $PUID != "" ]]
then
        usermod -u $PUID -o urbackup
else
        usermod -u 101 -o urbackup
fi
if [[ $PGID != "" ]]
then
        groupmod -g $PGID -o urbackup
else
        groupmod -g 101 -o urbackup
fi

root@13762144dabd:/# chown urbackup:urbackup /backups
chown: changing ownership of '/backups': Operation not permitted

root@13762144dabd:/# chown urbackup:urbackup /var/urbackup

root@13762144dabd:/# ls -la /backups
total 1
drwxr-xr-x. 2 urbackup urbackup  3 May 11 13:02 .
dr-xr-xr-x. 1 root     root     39 May 11 13:23 ..
-rw-r--r--. 1 urbackup urbackup  0 May 11 13:02 test-file.txt

root@13762144dabd:/# su -s /bin/bash urbackup
urbackup@13762144dabd:/$ cd /backups
urbackup@13762144dabd:/backups$ ls -la
total 1
drwxr-xr-x. 2 urbackup urbackup  3 May 11 13:02 .
dr-xr-xr-x. 1 root     root     39 May 11 13:23 ..
-rw-r--r--. 1 urbackup urbackup  0 May 11 13:02 test-file.txt
urbackup@13762144dabd:/backups$ touch test-file2.txt
urbackup@13762144dabd:/backups$ ls -la
total 2
drwxr-xr-x. 2 urbackup urbackup  4 May 11 13:25 .
dr-xr-xr-x. 1 root     root     39 May 11 13:23 ..
-rw-r--r--. 1 urbackup urbackup  0 May 11 13:02 test-file.txt
-rw-r--r--. 1 urbackup urbackup  0 May 11 13:25 test-file2.txt
urbackup@13762144dabd:/backups$

hakong avatar May 11 '24 13:05 hakong