1

So, I'm trying to get into creating docker images and I managed to get one going. It was qBittorrent, everything went fine until it started downloading files. All of qBits' directories are owned by 1000:1000 but as soon as it starts downloading a file, my docker-host machine says that the file folder is owned by root:root.

How can I make sure that everything the container creates is owned by 1000:1000?

I need it to be owned by that because other Docker containers, such as Radarr, need to access the files to import them and right now I'm getting permissions errors.
I've tried doing a chown -r and setgid on the host machine but the files keep getting created and owned by root...
I'm open to all suggestions :) Thanks!

My Dockerfile:

https://github.com/TheCreatorzOne/qbittorrent/blob/master/Dockerfile

VonC
  • 1,262,500
  • 529
  • 4,410
  • 5,250
Konstantin Rusenkov
  • 21
  • 1
  • 6

2 Answers2

1

It depends on your docker run command.
I suggested here to mount host folders to the volumes declared in your image.

But if the issue persists, that could mean the command itself does some operation as root (through sudo commands)

For testing, you can experiment with userns (docker 17.06 or more).
See "Isolate containers with a user namespace":

  • create a /etc/subuid and /etc/subgid with an id of a known local host user.

  • launch your docker daemon with that user mapped:

     dockerd --userns-remap="testuser:testuser"

And check that the files previously created as root in your hosted volumes are actually now owned by that mapped user.

VonC
  • 1,262,500
  • 529
  • 4,410
  • 5,250
  • Well, I don't use docker run... I create my containers using Ansible and a .yml file :/ – Konstantin Rusenkov May 13 '18 at 16:02
  • Can you test with a docker run though? – VonC May 13 '18 at 16:03
  • I can test it but it wont be viable for mye needs as I am working on a completely automated project and Ansible is the main engine. I am trying to find a solution that can be used inside the Dockerfile and/or in the entrypoint.sh . I am currently not utilizing a entrypoint.sh file but I will if I have to – Konstantin Rusenkov May 13 '18 at 16:17
  • @KonstantinRusenkov Ansible? Is this similar to https://stackoverflow.com/a/47786417/6309? (meaning the part where Ansible is not using the user you thought it was) – VonC May 13 '18 at 21:57
  • Great, how did you fix it? – VonC May 14 '18 at 09:50
1

Managed to get it fixed up. The fix included adding a new user using the Dockerfile . The user automatically receives 1000:1000 as UID and GID but that can be swapped for others if so desired...

The Dockerfile is then run as the user with the USER command

All the directories the USER uses need to be chown -R and to be chmod 2775 -R (or any other, but either 2 or 4 in front so that they inherit permissions from the host folder)

Also make sure that you expose and create all needed volumes or else qbittorrent will not start. Creating a /Downloads/temp was essential here or else it gave an error because it couldn’t create its own because it’s not running as root.

The Dockerfile is available here: https://github.com/TheCreatorzOne/qbittorrent/blob/master/Dockerfile

The Ansible file is used in the PlexGuide Automation Project, so it is available to look at there.

Konstantin Rusenkov
  • 21
  • 1
  • 6
  • OK, basically what I suggested in https://stackoverflow.com/a/30052251/6309 that I mentioned in my answer. – VonC May 14 '18 at 10:42