Docker Container runs with root files Priveleges

hey,
how can i start the container with local priveleges?
I assume something like this : -e PGID=1001 -e PUID=1001 oder -u padso:padso

thx

1 Like

Hello @padso,
may I ask why you want to run with local privileges?

The Docker daemon requires root privileges by default for most commands. If you don’t want that, you can check here Run the Docker daemon as a non-root user (Rootless mode) | Docker Documentation

From a security point of view, you should not have any problems as the process cannot break out in the Docker container (sandbox). You just mount some folders into the container.

You might be interested in the Debian installer if you don’t want to use Docker. I’m not sure if this is ready for production yet and documented how to use it. GitHub - storj/storagenode-deb: Debian Packaging for Storj Storage Node

Hey @sembeth ,
the Docker deamon is running as root, thats not the problem. I want the files stored with local priveleges.

Unbenannt

1 Like

I do run all my nodes with user privileges (and try to run every other container with user privileges too). Before switching you just have to chown all files and directories.

2 Likes

I am running about 20 Docker Container with this setup. Is there no intigrated solution?
@kevink Do you run your docker deamon as root?

docker daemon as root, yes. containers with user privileges.

Ok, but how did you do that :P?

you run them with “–user 1000:1000”

I try tihs later (again) via ssh … Rebuilding with portainer will not work.
unfortunatly i tried this earlier but i got an error. Maybe it will fail again and i will show you

make sure to chown all your files first! otherwise it will end badly for your node.

1 Like

It worked!
I tried this bevor, but it seems i had a typo in my docker run command.
Now i need to wait if i get disqualified :smiley:

Sorry… it doesn’t work. New Files are always written with root privelege :frowning:

It seems, the image have to be modified ?!
Docker run reference | Docker Documentation

Then you’re doing something wrong. post your docker run command.
My files are all created with my user.

docker run -d
–restart=unless-stopped
-p 28967:28967
-p 14002:14002
-v /opt/storj1/:/app/identity
-v /mnt/unionfs/storj1:/app/config
–label com.github.cloudbox.cloudbox_managed=true
-e WALLET=""
-e EMAIL=""
-e ADDRESS=""
-e STORAGE=“4TB”
–label=com.centurylinklabs.watchtower.enable=true
–name storagenode storjlabs/storagenode:latest
– user 1000:1001

You will have later other problems:
Because you are using -v > See the stroj docker documentation

And your command has a few curly quotes too instead of straight:
“” vs ""

1 Like

I fixed this, thank you.
The Quotes in my original command are the same.

That’s what I used before I chose to use docker-compose instead:

docker run -d --restart unless-stopped --stop-timeout 300 --memory-swap 4097M --memory 4096M -p 28969:28967 -p 14003:14002 \
	--user 1000 \
	-e WALLET="" \
	-e EMAIL="" \
	-e ADDRESS="" \
	-e BANDWIDTH="200TB" \
	-e STORAGE="0.5TB" \
	--mount type=bind,source="/media/STORJ2/STORJ",destination=/app/config \
	--mount type=bind,source="/home/kevin/storagenode_2",destination=/app/identity \
	--name storagenode2 storjlabs/storagenode:latest
1 Like

thats it!
the --user command have to set first (or nearly first).

for clarification, it just needs to be before the image (storjlabs/storagenode)

2 Likes