Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

No permission to read config files on first container start #1670

Closed
1 task done
DanielKinsman opened this issue Dec 8, 2024 · 6 comments
Closed
1 task done

No permission to read config files on first container start #1670

DanielKinsman opened this issue Dec 8, 2024 · 6 comments

Comments

@DanielKinsman
Copy link

This is a: Run Issue

Details

It seems that when the pihole container first starts up, it drops to group id / user id 999:1000 by default. This gid shows up on my system as systemd-coredump which was very strange at first.

Any config files owned by root which were placed there before starting the container (e.g. custom.list) will fail as pihole has no permission to read/write them.

In my case I am automating the pihole config with ansible and docker compose which is why I ran into it. It's easy enough to change the permissions and make it work but it's a bit a of a gotcha that could be improved by having the pihole container chown those files on first startup before it changes gid/uid. As mentioned in #1144 setting the PIHOLE_UID and PIHOLE_GID options to 0 (root) doesn't really work either, and ideally it would just work without needing such a specialised set up.

Related Issues
@rdwebdesign
Copy link
Member

Please, provide some information about your container:

  • What image are you using?
  • Are you using volumes? Which ones?
  • How did you start the container? Please post your compose file or docker run command used to start the container.

@DanielKinsman
Copy link
Author

Reproducing is as simple as:

rm -rf /opt/piholeetc
mkdir /opt/piholeetc
echo "192.168.1.99 example.com" > /opt/piholeetc/custom.list
chmod 600 /opt/piholeetc/custom.list
docker run -v /opt/piholeetc:/etc/pihole pihole/pihole:latest

Then open the web ui and inspect local dns entries, notice example.com is missing, and also that you can't add new entries through the UI either. It's also a problem for the setupVars.conf but I haven't included that here.

@dschaper
Copy link
Member

dschaper commented Dec 8, 2024

chmod 600 /opt/piholeetc/custom.list

Why are you restricting this file so much? If you only want the file to be read by the daemon inside the container then you'll need to make the file owned by the same UID as the daemon in the container. GID won't matter because you've set the group to 0 permission.

@dschaper
Copy link
Member

dschaper commented Dec 8, 2024

Note: You've linked to old issues that do not have the current environment scheme. There are two daemons running in the container, Pi-hole and the webserver, thus there are two sets of UID/GID pairs to consider:

https://github.com/pi-hole/docker-pi-hole?tab=readme-ov-file#experimental-variables

@dschaper
Copy link
Member

@DanielKinsman Were you able to resolve the issue? It can be helpful for other users to see resolutions that they can use on their similar problems.

@DanielKinsman
Copy link
Author

Not really, I'm just working around it by chowning things on the host.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@DanielKinsman @rdwebdesign @dschaper