From c980300012a42fd8ef787a769639c60a73828456 Mon Sep 17 00:00:00 2001 From: Anja Barz Date: Tue, 8 Apr 2025 12:10:37 +0200 Subject: [PATCH 1/2] add docker permission issues to the common issues section --- docs/admin/50-resources/30-common-issues.md | 36 ++++++++++++++++++++- 1 file changed, 35 insertions(+), 1 deletion(-) diff --git a/docs/admin/50-resources/30-common-issues.md b/docs/admin/50-resources/30-common-issues.md index 387d1b8b..d13265db 100644 --- a/docs/admin/50-resources/30-common-issues.md +++ b/docs/admin/50-resources/30-common-issues.md @@ -18,7 +18,7 @@ Several containers should be listed here, e.g., for opencloud, traefik, etc. --- -### Accept Self-Signed Certificates: +### Accept Self-Signed Certificates As the local environment is self-signed, you must accept the security risk in your browser. @@ -32,3 +32,37 @@ Confirm the risk with **Accept the risk and Continue** Admin general + +--- + +### Docker Permission Issues + +If your Docker Compose setup fails to start and the logs contain messages such as `permission denied`, it's likely due to incorrect ownership of local directories used by the containers. + +**Example log output:** + +``` +opencloud-1 | {"level":"fatal","service":"nats","time":"2025-04-08T09:59:59Z","line":"github.com/opencloud-eu/opencloud/services/nats/pkg/logging/nats.go:33","message":"Can't start JetStream: could not create storage directory - mkdir /var/lib/opencloud/nats: permission denied"} +``` + +This error typically occurs when the mounted directories are owned by the wrong user, such as `root`, instead of the standard Docker user (`UID 1000`). + +**Incorrect directory ownership:** + +``` +drwxr-xr-x 3 root root 4096 Apr 8 09:59 opencloud-data +``` + +**Correct ownership should be:** + +``` +drwxr-xr-x 9 1000 1000 4096 Apr 7 07:57 opencloud-data +``` + +To resolve this issue, adjust the ownership of the directory using the `chown` command: + +```bash +chown -R 1000:1000 opencloud-data +``` + +Ensure you apply this to all relevant folders that are mounted into your containers. This will grant the Docker container the necessary permissions to access and write to these directories. \ No newline at end of file From a13f05f28acd17528c5b8dae003e0e45702f8622 Mon Sep 17 00:00:00 2001 From: Anja Barz Date: Thu, 10 Apr 2025 14:27:11 +0200 Subject: [PATCH 2/2] add warning about User 1000 and full access --- docs/admin/50-resources/30-common-issues.md | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/docs/admin/50-resources/30-common-issues.md b/docs/admin/50-resources/30-common-issues.md index d13265db..512ca6e1 100644 --- a/docs/admin/50-resources/30-common-issues.md +++ b/docs/admin/50-resources/30-common-issues.md @@ -65,4 +65,12 @@ To resolve this issue, adjust the ownership of the directory using the `chown` c chown -R 1000:1000 opencloud-data ``` +:::caution Security Warning + +The user with UID 1000 on your host system will have full access to these mounted directories. This means that any local user account with this ID can read, modify, or delete OpenCloud config and data files. + +This can pose a security risk in shared or multi-user environments. Make sure to implement proper user and permission management and consider isolating access to these directories. + +::: + Ensure you apply this to all relevant folders that are mounted into your containers. This will grant the Docker container the necessary permissions to access and write to these directories. \ No newline at end of file