Wrong permissions/uid?

[Steltek]

Is there an existing issue for this?

• I have searched the existing open and closed issues and I checked the docs https://github.com/jokob-sk/NetAlertX/tree/main/docs

The issue occurs in the following browsers. Select at least 2.

• Firefox
• Chrome
• Edge
• Safari (unsupported) - PRs welcome
• N/A - This is an issue with the backend

Current Behavior

I was seeing permission errors after following https://github.com/jokob-sk/NetAlertX/blob/main/docs/FILE_PERMISSIONS.md and chowning all my data to uid 101 on my host. Looking at the container's /etc/passwd, I see this:

nginx:x:102:103:nginx:/var/lib/nginx:/sbin/nologin

... which seems to indicate NetAlertX is running under uid 102, and not 101 as documented.

Expected Behavior

I was expecting NetAlertX to run under uid 101 as documented.

Steps To Reproduce

Migrate from Pi-Alert to NetAlertX with docker-compose.

app.conf

docker-compose.yml

services:
  pialert:
    image: jokobsk/netalertx
    container_name: netalertx
    network_mode: "host"
    restart: always
    volumes:
      - /data/docker/netalertx/config:/app/config
      - /data/docker/netalertx/db:/app/db
      - /data/docker/netalertx/log:/app/log
    environment:
      - TZ=Europe/Germany
      - PORT=20211

What installation are you running?

Production (netalertx)

app.log

No response

Debug enabled

• I have read and followed the steps in the wiki link above and provided the required debug logs and the log section covers the time when the issue occurs.

[vladaurosh]

uid is 102 but gid is 82 (www-data). Primary group of nginx user indeed is 103, but secondary group is 82 (www-data).

id nginx
uid=102(nginx) gid=103(nginx) groups=103(nginx),82(www-data),103(nginx)

[Steltek]

The docs list the UID as 101, so they're wrong?

https://github.com/jokob-sk/NetAlertX/blob/main/docs/FILE_PERMISSIONS.md

[vladaurosh]

Ah I see, yeah that looks wrong.

[jokob-sk]

Hey, let me know what are the correct values an I will update the docs (how teh table should look like). Is it like this?

Folder	User	User ID	Group	Group ID	Permissions	Notes
/app/config	nginx	102	www-data	82	rwxr-xr-x	Ensure nginx can read/write; other users can read if in www-data
/app/db	nginx	102	www-data	82	rwxr-xr-x	Same as above

[jokob-sk]

Also, @vladaurosh do you think it makes sense to revisit how permissions are set up with these issues coming up pretty frequently? just an idea

[vladaurosh]

Also, @vladaurosh do you think it makes sense to revisit how permissions are set up with these issues coming up pretty frequently? just an idea

Yes, I'll take a look in next couple of days. Basically, uid and gid of nginx:www-data are set by nginx package, so I'll see which files need uid:gid changed to be able to set custom uid:gid.

[vladaurosh]

I was just looking at nginx pre-install script at it does set www-data to 82 but doesn't set specific uid and gid for nginx user, which was my initial assumption. And did a quick test, got 100 as uid and 101 as gid. :D

[jokob-sk]

@vladaurosh - this joke unfortunately escapes me 😅 - I trust you 100% with all things permissions related

[vladaurosh]

Thinking about this now, I guess the docs were ok, but in latest version, during the image build, and installation of nginx package, user got different uid then it had previously.

[schnism]

Hi,

With jokobsk/netalertx:latest and docker-compose I now have the problem that device list is no longer loading, many

netalertx | setpgid: Operation not permitted

errors spamming the log, and the local

The config and db volume folders have been changed to user pollinate, which has 102 on my host system.

Before they belonged to messagebus, which is 101 on my host.

Maybe related to this issue?