Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

gosu (start.sh) not working in non root container #256

Closed
acht opened this issue Jul 10, 2024 · 10 comments
Closed

gosu (start.sh) not working in non root container #256

acht opened this issue Jul 10, 2024 · 10 comments

Comments

@acht
Copy link

acht commented Jul 10, 2024

I run and start the container as non root user. As result the /start.sh (container entry point) fails on the line

exec gosu deconz /usr/bin/deCONZ $DECONZ_OPTS

The container just stops.

It is not possible to change the user. To change the user is not really needed in my opinion. It is a container that has no special privileges.

So my request would be to test if a "gosu" is possible. If not the command should be executed directly.
I changed /start.sh and changed the line to

exec /usr/bin/deCONZ $DECONZ_OPTS

Now my container starts and is working.

In addition the "chown" commands report errors based on the same missing privileges.

To add an command-line switch to the container to avoid gosu and chown operations would be an other solution.

To reproduce the problem just switch to an ordinary user and run the docker commands as ordinary user.
I am running the stable container from yesterday.
@phdelodder
Copy link
Collaborator

Good proposal!

Can you do a pull request?

@acht
Copy link
Author

acht commented Jul 10, 2024

no, I modified my container (not the image).

A easy solution should be:

exec gosu deconz /usr/bin/deCONZ $DECONZ_OPTS || exec /usr/bin/deCONZ $DECONZ_OPTS

The second part is only executed if the first part is not successful. But I have not tested if it makes problem when stopping the container. (If deconz stops wit an error it will be started again.)

Probably better is:

exec gosu deconz : && exec gosu deconz /usr/bin/deCONZ $DECONZ_OPTS || exec /usr/bin/deCONZ $DECONZ_OPTS

  • it tests gosu (execute a no-op as deconz user)
  • if the test was successful it uses gosu
  • else it executes directly.

Sorry, the code is untested. I have no experience with gosu and not much with docker.

@phdelodder
Copy link
Collaborator

phdelodder commented Jul 10, 2024 via email

@phdelodder phdelodder mentioned this issue Jul 11, 2024
Merged
@phdelodder
Copy link
Collaborator

@acht can you test with https://github.com/deconz-community/deconz-docker/pkgs/container/deconz-docker/242293811?tag=dev ?
Don't know if the approach is going to work.

@acht
Copy link
Author

acht commented Jul 12, 2024

I added
-e NON_ROOT=1
to docker run.

changes in start.sh:
Line 29:
GOSU="gosu deconz"

Line 183:
exec $GOSU /usr/bin/deCONZ $DECONZ_OPTS

(otherwise you execute deconz (username) not the command)

After the changes it is working!
I like the idea.

@phdelodder
Copy link
Collaborator

Thanks for the feedback, made the needed changes. Could please retest?

@acht
Copy link
Author

acht commented Jul 16, 2024

@phdelodder : do you have a new link? Or should I use the image from the link above?

@phdelodder
Copy link
Collaborator

@acht https://github.com/deconz-community/deconz-docker/pkgs/container/deconz-docker/242890055?tag=dev

@acht
Copy link
Author

acht commented Jul 19, 2024

Thanks!
The container starts without problems.

@phdelodder
Copy link
Collaborator

I'll merge it

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@acht @phdelodder