Same UID and GID in passwd and groups for WEB and PIHOLE

[dschaper]

Only problem, I tried to get the same UID/GID for WEB and PIHOLE which is not working. After I figured out that it creates the same UID and GID in passwd and groups, I removed WEB_UID and WEB_GID (which is almost useless) all is working.

I'll take a look at that soon.

Originally posted by @dschaper in #328 (comment)

[MujiSayed]

piggy backing off this, setting the uid looks to work, but gid does not.

currently using this in kubernetes with the following configMap to be used as env variables:

   TZ: "America/New_York"                #Set your timezone by replacing America/New_York. See https://en.wikipedia.org/wiki/List_of_tz_database_time_zones for more timezones
    VIRTUAL_HOST: "pi.hole"               #Location of the admin portal
    PROXY_LOCATION: "pi.hole"
    ServerIP: "10.15.15.231"           #Set ServerIP to the External IP address for pihole-web that we got from the above confirmation
    DNSSEC: "true"                       #Default is false, change to true to enable DNSSEC support
    PIHOLE_DNS_: "9.9.9.9;149.112.112.112"        #Upstream DNS Server, seperate by semicolon ";"
    WEB_PORT: "80"                        #container port for Web UI
    DNSMASQ_USER: "root"
    PIHOLE_UID: "0"
    PIHOLE_GID: "0"

PiHole UID changes to 0, but group does not. Output of cat /etc/passwd:

pihole:x:0:999::/home/pihole:/usr/sbin/nologin

Start-up Logs:

[s6-init] making user provided files available at /var/run/s6/etc...exited 0.
[s6-init] ensuring user provided files have correct perms...exited 0.
[fix-attrs.d] applying ownership & permissions fixes...
[fix-attrs.d] 01-resolver-resolv: applying...
[fix-attrs.d] 01-resolver-resolv: exited 0.
[fix-attrs.d] done.
[cont-init.d] executing container initialization scripts...
[cont-init.d] 05-changer-uid-gid.sh: executing...
Changing ID for user: www-data (33 => 1000)
Changing ID for group: www-data (33 => 1000)
Changing ID for user: pihole (999 => 0)
[cont-init.d] 05-changer-uid-gid.sh: exited 0.
[cont-init.d] 20-start.sh: executing...
 ::: Starting docker specific checks & setup for docker pihole/pihole

[github-actions]

This issue is stale because it has been open 30 days with no activity. Please comment or update this issue or it will be closed in 5 days.

[PromoFaux]

So, playing about with this, it appears that two users can have the same UID, but two groups cannot. Which is why attempting to set it to 0 fails, as root already uses it.

Same thing if you use 1000 for all the values. As we can see in the following snip, the www-data group is set first, so setting pihole to the same id will always fail

docker-pi-hole/src/s6/debian-root/usr/local/bin/_uid-gid-changer.sh

Lines 32 to 35 in 0d5a001

	modifyUser www-data ${WEB_UID}
	modifyGroup www-data ${WEB_GID}
	modifyUser pihole ${PIHOLE_UID}
	modifyGroup pihole ${PIHOLE_GID}

E.g setting PIHOLE_U/GID as 1000 and WEB_U/GID as 1001 works on my side. But to echo some further thoughts - I'm not really sure why WEB_U/GID needed to be added to this id changer

[PromoFaux]

I have added some clarifying notes on the readme :

https://github.com/pi-hole/docker-pi-hole/blob/f044e58b5cf9a2cdadf947d8577065285959feef/README.md#experimental-variables

[jerry1333]

Not being able to use 0 as GID or same WEB/PIHOLE ID is also pain in Qnap devices (admin uses 0/0 uid/gid)