-
-
Notifications
You must be signed in to change notification settings - Fork 22
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Setting UID/GID/USER is broken #76
Comments
I tried to make a user with the same UID and GID as the ones it was chowning the files to and then added my user to that group. Unfortunately when it detected that the user existed it would then chown all the files to a different UID and GID, I believe this is similar to what you are saying? I wish there was a flag to just make it run as root instead of linuxgsm user to bypass all this trouble because honestly I just start it when I want to play l4d2 (not CSS like in your case but it should still be similar) so I don't really care about how secure it is or not
|
Maybe I'm a bit lost here, but I'm confused what you've done outside and what you've done inside the container. Care to elaborate, why do you need another user besides linuxgsm? Why isn't the linuxgsm user enough? Where/how have you exactly determined, it is setting the wrong UID/GID? When running inside the container, or are you trying to access the files outside the container (on the host)? It seems like you have created a user "combat" inside the container, want to run the container as user "combat", and expect the UIDs and GIDs to match? Please note that the idea of a container is that it has a totally different namespace. The whole point is that the UIDs, GIDs don't match with anything on the host. The user accounts are separate. Bind mounts have nothing to do with UID nor GID management, really. Or, sorry if I'm misinterpreting totally what you have done and asking help for =). |
Forgetting the bind mounts as I said it didn't make a difference, as I said I tried to set the UID and GID to the same thing the container was chowning the mounted folders to but when the container starts it then picks a different UID/GID. It's nice that linuxgsm thinks it needs to chown all mounted files/folders every time the container starts (which is completely unnecessary but it still does it). Thing is I need to be able to edit the files that are mounted or I can't set up the server, call me crazy. None of the https://www.linuxserver.io/ images have this issue and they allow the user to run the image with whatever permissions they want for the mounted files/folders. For some reason all L4D2/srcds images think they need to chown everything. In fact I run most docker containers with root UID/GID 0 (within the container not on the host system) to avoid permission issues so that the container can access the mounted files without issues (spare me the speech about this being a bad idea I do it anyway), but this image thinks it needs to chmod/chown my files every time to some random user no matter which UID/GID I specify. I spent hours trying different things with no luck so it's nice the namespaces are separate but when I can't edit the files for the server or add new things to the server, that's a problem. Either there is a permissions issue like this with all the srcds/steamcmd images I tried or the server simply doesn't start and says some error which won't resolve no matter what you try. Because of all this I gave up running srcds servers with docker images and on Linux as a whole and moved to Windows server within proxmox where I don't have to deal with this. It's nicer too because with RDP I can just drag and drop files into the server. Wish the others best of luck though. Maybe some day the container will not chown every file when it isn't necessary, who knows. |
I am also having the same issue, I can't actually create a backup of Palworld server because the user doesn't have permissions to create directories in the host directory. the issue seems to stem from the linuxgsm userid of 1000 and the default/first user created on the host gets userid 1000. what is the best of changing this to prevent issues moving forward? |
Not running it in a docker container and just running it on host is the only real option I can see unless they fix this (which I doubt will happen any time soon, if ever), but I opted to run my server on windows host instead of linux The issue is in the linuxgsm dependency container I think which docker-gameserver depends on as shown in the Dockerfile, and it's just not worth the time for me to fuss with it. |
I fixed it by creating the linuxgsm user on the host and adding my user account to the linuxgsm group, container starts fine now, but I am unable to run backups using podman exec -it --user linuxgsm pwserver ./pwserver b podman exec -it --user linuxgsm pwserver ./pwserver b
No update available
[ OK ] Backing up pwserver: Palword Server |
This is very frustrating for me as well. I run a ton of containers on this host and this container essentially requiring UID 1000 is making a mess. I'm not sure what the solution is, but maybe something like a config check it can reference on start to switch the UID/GID would be very welcome. |
We had an issue where the docker image
gameservermanagers/gameserver:css
was settingUID
andGID
to1000
which was the wrong user (even if userlinuxgsm
existed for example on id1006
) on our server and the volume (dir) would get chowned for the wrong user.After noticing that it's set through ENV we added variable overrides to
docker-compose.yml
(some data is redacted):But the docker image would still fail with:
The problem is that the user exists
# combat@noil:~$ id uid=1005(combat) gid=1005(combat) groups=1005(combat),100(users),994(docker)
We are not and will not run docker or any other similar daemons or commands with sudo. The
combat
user is part of thedocker
group and is able to run docker images without sudo.How should we proceed to start the
linuxgsm (gameserver)
on ourcombat
user, so that the volume and the start scripts would get the correct UID/GID ?Or is it only possible to start as non-root is with
linuxgsm
user and then deal with dir/file permissions so thatcombat
user could modify files owned bylinuxgam
user ? (As it worked to start the docker image with user=linuxgsm,id=1006,gid=1006)chmod 775
is not a solution, as everytime the docker container is started it overrides all ownerships and permissionsThe text was updated successfully, but these errors were encountered: