Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Why is Caddy creating a file as root in my ocsp folder ? #241

Closed
LeonardMeyer opened this issue May 30, 2022 · 1 comment
Closed

Why is Caddy creating a file as root in my ocsp folder ? #241

LeonardMeyer opened this issue May 30, 2022 · 1 comment
Labels
question Further information is requested

Comments

@LeonardMeyer
Copy link

LeonardMeyer commented May 30, 2022

So I'm trying to backup some Docker volume data using Duplicacy. Most of my containers run with my user so I have no permissions issue. A problem arise when a file is created as root from one of my containers. Caddy is doing that for a specific file in his /data/caddy/ocsp folder and I want to understand why. See this excerpt from ls -la /data/caddy/ocsp :

-rwxrwxr-- 1 1000 1000 313 May 30 16:24 duplicati.sh1n0sh4.stream-cce56a39
-rw------- 1 root root 313 May 30 16:31 duplicacy.sh1n0sh4.stream-44c33e42
-rwxrwxr-- 1 1000 1000 503 May 29 12:48 portainer.sh1n0sh4.stream-41c43ab1
-rwxrwxr-- 1 1000 1000 503 May 29 00:01 portainer.sh1n0sh4.stream-bd29b72f

What are these files ? Why the duplicacy one the only in root ? For the record I tried deleting it and restarting the container. It just gets recreated.

This is the user of the container apparently (I actually don't know how it gets UID 1000 because I didn't pass it but that's what I wanted so... Cool)

/data/caddy/ocsp $ id
uid=1000 gid=0(root)

Note that this all works otherwise fine (HTTPS, reverse proxing and stuff). You can find all the relevant files here.

Thanks

@LeonardMeyer LeonardMeyer changed the title Why the caddy creating a file as root in my ocsp folder ? Why is Caddy creating a file as root in my ocsp folder ? May 30, 2022
@francislavoie
Copy link
Member

francislavoie commented May 30, 2022

Caddy runs as root in Docker because it needs to bind to low ports, which requires elevated permissions. You'll need to modify your Dockerfile if you don't want it to run as root. But it shouldn't matter what user the files are owned by as long as Caddy can manipulate them.

Somewhat a duplicate of #104

@francislavoie francislavoie added the question Further information is requested label May 30, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
question Further information is requested
Projects
None yet
Development

No branches or pull requests

2 participants