Can't change the user ID and group ID

[anginear]

I want to change/use the host user rather than unms user. I used the environment options to set PUID and PGID but the container fails to start.

While using the environment options:

[cont-init.d] executing container initialization scripts...`
[cont-init.d] 10-set-timezone: executing...
[cont-init.d] 10-set-timezone: exited 0.
[cont-init.d] 20-adduser: executing...
addgroup: group 'unms' in use
adduser: uid '1000' in use
id: ‘unms’: no such user: Invalid argument
id: ‘unms’: no such user: Invalid argument

-------------------------------------
GID/UID
-------------------------------------
User uid:
User gid:
-------------------------------------

[cont-init.d] 20-adduser: exited 0.

Without environment options:

[cont-init.d] executing container initialization scripts...
[cont-init.d] 10-set-timezone: executing...
[cont-init.d] 10-set-timezone: exited 0.
[cont-init.d] 20-adduser: executing...

-------------------------------------
GID/UID
-------------------------------------
User uid:    911
User gid:    911
-------------------------------------

[cont-init.d] 20-adduser: exited 0.

[Nico640]

Hello, what UID and GID did you set it to? 1000:1000? You might need to set the environment variables on a fresh container rather than one which was already started, because the unms has already been created. Make sure to use the same persistent data location though.

[yaroz]

I'm having the same issue. When I try to create a new docker using
docker run --name uisp -p 80:80 -p 433:433 -p 2055:2055/udp -e TZ=America/Detroit -e PUID=1000 -e PGID=1000 -v /docker/uisp:/config nico640/docker-unms:latest --restart unless-stopped

I see this:

[s6-init] making user provided files available at /var/run/s6/etc...exited 0.
[s6-init] ensuring user provided files have correct perms...exited 0.
[fix-attrs.d] applying ownership & permissions fixes...
[fix-attrs.d] done.
[cont-init.d] executing container initialization scripts...
[cont-init.d] 10-set-timezone: executing...
[cont-init.d] 10-set-timezone: exited 0.
[cont-init.d] 20-adduser: executing...
addgroup: gid '1000' in use
adduser: unknown group unms
id: ‘unms’: no such user: Invalid argument
id: ‘unms’: no such user: Invalid argument

-------------------------------------
GID/UID
-------------------------------------
User uid:
User gid:
-------------------------------------

[cont-init.d] 20-adduser: exited 0.
[cont-init.d] 30-prepare: executing...
[cont-init.d] 30-prepare: exited 0.
[cont-init.d] 40-permissions: executing...
chown: invalid user: ‘unms:unms’
chown: invalid user: ‘unms:unms’
chown: invalid user: ‘unms:unms’
chown: invalid user: ‘unms:unms’
chown: invalid user: ‘unms:unms’
chown: invalid user: ‘unms:unms’
chown: invalid user: ‘unms:unms’
[cont-init.d] 40-permissions: exited 0.
[cont-init.d] 50-postgres: executing...
chown: invalid user: ‘unms:unms’
s6-envuidgid: fatal: unknown user: unms
[cont-init.d] 50-postgres: exited 1.
[cont-init.d] done.
[services.d] starting services
Starting rabbitmq-server...
Starting nginx...
Starting siridb-server...
s6-envuidgid: fatal: unknown user: unms
Starting postgres...
Running entrypoint.sh
s6-envuidgid: fatal: unknown user: unms
Creating user unms with UID 1000
/tmp:5432 - no response
Waiting for postgres to come up...
/tmp:5432 - no response
Waiting for postgres to come up...
adduser: uid '1000' in use
[services.d] done.
chown: invalid user: ‘unms:unms’
Waiting for rabbitmq to start...
ifelse: fatal: unable to exec --restart: No such file or directory
[cmd] --restart exited 127
[cont-finish.d] executing container finish scripts...
[cont-finish.d] done.
[s6-finish] waiting for services.
[s6-finish] sending all processes the TERM signal.
[s6-finish] sending all processes the KILL signal and exiting.```

[anginear]

Hello, what UID and GID did you set it to? 1000:1000? You might need to set the environment variables on a fresh container rather than one which was already started, because the unms has already been created. Make sure to use the same persistent data location though.

I copied the folder over to a new folder, changed the permissions for that folder. Created a new container with the right user and group and linked it to the new folder but still have this error:

[s6-init] making user provided files available at /var/run/s6/etc...exited 0.
s6-chown: fatal: unable to chown /var/run/s6/etc/cont-init.d/20-adduser: Operation not permitted
s6-chown: fatal: unable to chown /var/run/s6/etc/cont-init.d/40-permissions: Operation not permitted
s6-chown: fatal: unable to chown /var/run/s6/etc/cont-init.d/30-prepare: Operation not permitted
s6-chown: fatal: unable to chown /var/run/s6/etc/cont-init.d/10-set-timezone: Operation not permitted
s6-chown: fatal: unable to chown /var/run/s6/etc/cont-init.d/50-postgres: Operation not permitted
s6-chmod: fatal: unable to change mode of /var/run/s6/etc/cont-init.d/40-permissions: Operation not permitted
s6-chmod: fatal: unable to change mode of /var/run/s6/etc/cont-init.d/20-adduser: Operation not permitted
s6-chmod: fatal: unable to change mode of /var/run/s6/etc/cont-init.d/50-postgres: Operation not permitted
s6-chmod: fatal: unable to change mode of /var/run/s6/etc/cont-init.d/30-prepare: Operation not permitted
s6-chmod: fatal: unable to change mode of /var/run/s6/etc/cont-init.d/10-set-timezone: Operation not permitted
s6-chown: fatal: unable to chown /var/run/s6/etc/services.d/ucrm/run: Operation not permitted
s6-chown: fatal: unable to chown /var/run/s6/etc/services.d/unms/run: Operation not permitted
s6-chown: fatal: unable to chown /var/run/s6/etc/services.d/nginx/run: Operation not permitted
s6-chown: fatal: unable to chown /var/run/s6/etc/services.d/siridb/run: Operation not permitted
s6-chown: fatal: unable to chown /var/run/s6/etc/services.d/postgres/run: Operation not permitted
s6-chown: fatal: unable to chown /var/run/s6/etc/services.d/rabbitmq/run: Operation not permitted
s6-chmod: fatal: unable to change mode of /var/run/s6/etc/services.d/ucrm/run: Operation not permitted
s6-chmod: fatal: unable to change mode of /var/run/s6/etc/services.d/postgres/run: Operation not permitted
s6-chmod: fatal: unable to change mode of /var/run/s6/etc/services.d/siridb/run: Operation not permitted
s6-chmod: fatal: unable to change mode of /var/run/s6/etc/services.d/rabbitmq/run: Operation not permitted
s6-chmod: fatal: unable to change mode of /var/run/s6/etc/services.d/nginx/run: Operation not permitted
s6-chmod: fatal: unable to change mode of /var/run/s6/etc/services.d/unms/run: Operation not permitted
s6-chown: fatal: unable to chown /var/run/s6/etc/services.d/netflow/run: Operation not permitted
s6-chmod: fatal: unable to change mode of /var/run/s6/etc/services.d/netflow/run: Operation not permitted
[s6-init] ensuring user provided files have correct perms...exited 0.
[fix-attrs.d] applying ownership & permissions fixes...
[fix-attrs.d] done.
[cont-init.d] executing container initialization scripts...
[cont-init.d] 10-set-timezone: executing...
foreground: warning: unable to spawn /var/run/s6/etc/cont-init.d/10-set-timezone: Permission denied
[cont-init.d] 10-set-timezone: exited 127.
[cont-init.d] 20-adduser: executing...
foreground: warning: unable to spawn /var/run/s6/etc/cont-init.d/20-adduser: Permission denied
[cont-init.d] 20-adduser: exited 127.
[cont-init.d] 30-prepare: executing...
foreground: warning: unable to spawn /var/run/s6/etc/cont-init.d/30-prepare: Permission denied
[cont-init.d] 30-prepare: exited 127.
[cont-init.d] 40-permissions: executing...
foreground: warning: unable to spawn /var/run/s6/etc/cont-init.d/40-permissions: Permission denied
[cont-init.d] 40-permissions: exited 127.
[cont-init.d] 50-postgres: executing...
foreground: warning: unable to spawn /var/run/s6/etc/cont-init.d/50-postgres: Permission denied
[cont-init.d] 50-postgres: exited 127.
[cont-init.d] done.
[services.d] starting services
s6-supervise postgres: warning: unable to spawn ./run - waiting 10 seconds
s6-supervise (child): fatal: unable to exec run: Permission denied
s6-supervise (child): fatal: unable to exec run: Permission denied
s6-supervise (child): fatal: unable to exec run: Permission denied
s6-supervise unms: warning: unable to spawn ./run - waiting 10 seconds
s6-supervise rabbitmq: warning: unable to spawn ./run - waiting 10 seconds
s6-supervise (child): fatal: unable to exec run: Permission denied

[Nico640]

I made some adjustments to the UID / GID handling so that using UID / GIDs that already exist should no longer be an issue. Please try it out using the testing image tag.

[anginear]

Thanks but that didn't help.

s6-rc: info: service s6rc-oneshot-runner: starting
s6-rc: info: service s6rc-oneshot-runner successfully started
s6-rc: info: service fix-attrs: starting
s6-rc: info: service fix-attrs successfully started
s6-rc: info: service legacy-cont-init: starting
cont-init: info: running /etc/cont-init.d/10-set-timezone
cp: cannot create regular file '/etc/localtime': Permission denied
/etc/cont-init.d/10-set-timezone: line 5: can't create /etc/timezone: Permission denied
WARNING: America/Chicago is not a valid time zone.
cont-init: info: /etc/cont-init.d/10-set-timezone exited 1
cont-init: info: running /etc/cont-init.d/20-adduser
addgroup: permission denied (are you root?)
Usage: groupmod [options] GROUP

Options:
  -g, --gid GID                 change the group ID to GID
  -h, --help                    display this help message and exit
  -n, --new-name NEW_GROUP      change the name to NEW_GROUP
  -o, --non-unique              allow to use a duplicate (non-unique) GID
  -p, --password PASSWORD       change the password to this (encrypted)
                                PASSWORD
  -R, --root CHROOT_DIR         directory to chroot into
  -P, --prefix PREFIX_DIR       prefix directory where are located the /etc/* files

adduser: permission denied (are you root?)
usermod: group 'unms' does not exist
id: ‘unms’: no such user: Invalid argument
id: ‘unms’: no such user: Invalid argument

-------------------------------------
GID/UID
-------------------------------------
User uid:
User gid:
-------------------------------------

cont-init: info: /etc/cont-init.d/20-adduser exited 0
cont-init: info: running /etc/cont-init.d/30-prepare
rm: cannot remove '/var/lib/siridb': Permission denied
ln: failed to create symbolic link '/var/lib/siridb/siridb': Permission denied
rm: cannot remove '/home/app/unms/data/config-backups': Permission denied
rm: cannot remove '/home/app/unms/data/import': Permission denied
rm: cannot remove '/home/app/unms/data/unms-backups': Permission denied

[Nico640]

What exactly did you change between the log you posted the first time and the log now? Did you change the command to create / start the container? The way it was the first time was correct. Now it seems like the actual container is executed with a non root user, which doesn't work. Setting the PUID / PGID environment variables should be the only thing needed for changing the container user.

[yaroz]

I ran the following command, and it seemed to have worked docker run --name uisp -p 80:80 -p 433:433 -p 2055:2055/udp -e TZ=America/Detroit -e PUID=1000 -e PGID=1000 -v /docker/uisp:/config nico640/docker-unms:testing --restart unless-stopped

I'm no longer getting the error on the adduser, but it does not stay up.

s6-rc: info: service s6rc-oneshot-runner: starting
s6-rc: info: service s6rc-oneshot-runner successfully started
s6-rc: info: service fix-attrs: starting
s6-rc: info: service fix-attrs successfully started
s6-rc: info: service legacy-cont-init: starting
cont-init: info: running /etc/cont-init.d/10-set-timezone
cont-init: info: /etc/cont-init.d/10-set-timezone exited 0
cont-init: info: running /etc/cont-init.d/20-adduser

-------------------------------------
GID/UID
-------------------------------------
User uid:    1000
User gid:    1000
-------------------------------------

cont-init: info: /etc/cont-init.d/20-adduser exited 0
cont-init: info: running /etc/cont-init.d/30-prepare
cont-init: info: /etc/cont-init.d/30-prepare exited 0
cont-init: info: running /etc/cont-init.d/40-permissions
cont-init: info: /etc/cont-init.d/40-permissions exited 0
cont-init: info: running /etc/cont-init.d/50-postgres
Database already configured
cont-init: info: /etc/cont-init.d/50-postgres exited 0
s6-rc: info: service legacy-cont-init successfully started
s6-rc: info: service legacy-services: starting
services-up: info: copying legacy longrun netflow (no readiness notification)
services-up: info: copying legacy longrun nginx (no readiness notification)
services-up: info: copying legacy longrun postgres (no readiness notification)
services-up: info: copying legacy longrun rabbitmq (no readiness notification)
services-up: info: copying legacy longrun siridb (no readiness notification)
services-up: info: copying legacy longrun ucrm (no readiness notification)
services-up: info: copying legacy longrun unms (no readiness notification)
Starting rabbitmq-server...
Starting siridb-server...
Waiting for rabbitmq to start...
Starting postgres...
/run/postgresql:5432 - no response
Waiting for postgres to come up...
/run/postgresql:5432 - no response
Waiting for postgres to come up...
s6-rc: info: service legacy-services successfully started
Starting nginx...
Running entrypoint.sh
/run/s6/basedir/scripts/rc.init: line 60: --restart: not found
Creating nginx configuration
s6-rc: info: service legacy-services: stopping
s6-svwait: fatal: supervisor died
s6-rc: info: service legacy-services successfully stopped
s6-rc: info: service legacy-cont-init: stopping
s6-rc: info: service legacy-cont-init successfully stopped
s6-rc: info: service fix-attrs: stopping
s6-rc: info: service fix-attrs successfully stopped
s6-rc: info: service s6rc-oneshot-runner: stopping
s6-rc: info: service s6rc-oneshot-runner successfully stopped
Enabling UNMS https and wss connections on port 443
[W 2022-08-23 12:55:19] Asked SiriDB Server to stop (15)
[W 2022-08-23 12:55:19] Closing SiriDB Server (version: 2.0.45)
2022-08-23 08:55:19.929 EDT [183] LOG:  starting PostgreSQL 13.8 on x86_64-alpine-linux-musl, compiled by gcc (Alpine 10.3.1_git20211027) 10.3.1 20211027, 64-bit
2022-08-23 08:55:19.929 EDT [183] LOG:  listening on IPv4 address "127.0.0.1", port 5432
2022-08-23 08:55:19.929 EDT [183] LOG:  could not bind IPv6 address "::1": Address not available
2022-08-23 08:55:19.929 EDT [183] HINT:  Is another postmaster already running on port 5432? If not, wait a few seconds and retry.
2022-08-23 08:55:19.941 EDT [183] LOG:  listening on Unix socket "/run/postgresql/.s.PGSQL.5432"
2022-08-23 08:55:19.954 EDT [183] LOG:  received smart shutdown request
2022-08-23 08:55:19.954 EDT [323] LOG:  database system was shut down at 2022-08-23 08:48:52 EDT
2022-08-23 08:55:19.968 EDT [324] LOG:  shutting down
2022-08-23 08:55:20.018 EDT [183] LOG:  database system is shut down

[yaroz]

forget the last message.. I took the --restart unless-stopped off the end. Now I need to look at other issues.

[anginear]

I am using docker-compose to deploy the container.

These are the steps I am following:

1. Stop and remove the existing container for unms
2. Create a copy of the unms folder with permissions preserved.
3. Update the docker compose with testing image, uncomment the user ID/group ID, and update the persistent volume location.
4. Deploy using docker-compose and get the error.

I've also tried changing the unmstest folder user/group ID to the one used in the docker compose with same results.

  unms:
    image: nico640/docker-unms:testing
    container_name: unms
    restart: unless-stopped
    user: 1000:1001
    networks:
      macvlan:
        ipv4_address: 10.0.20.7
    ports:
      - 80:80
      - 443:443
      - 2055:2055/udp
    environment:
      - TZ=America/Chicago
    volumes:
      - /media/data/unmstest:/config