Set PUID and PGID as Variables

[Veldkornet]

This is a...

• Request for a new or modified feature
• Issue trying to run the docker image
• Issue trying to build / test / develop the docker image

Description

So I'm addressing a few things in this one issue, which I understand is not ideal.
Could you please add the PUID (Process User ID) and PGID (Process Group ID) variables? I tell you why.
I use Docker on my Synology NAS and for the life of me, I cannot get it to work.
I keep getting the following error:
[ERROR]: Unable to parse results from queryads.php: Unhandled error message (Invalid domain!)
I've therefore set the logs to be external with "/volume1/docker/pihole/logs/:/var/log/", however I then run into the problem that it cannot start because pihole doesn't have access to the logs (even though I set the permission to 777 for the directory and everything in it.)

`

2018-08-31 17:30:36: (log.c.171) opening errorlog '/var/log/lighttpd/error.log' failed: Permission denied	stderr
`

Expected Behavior

Docker processes should run under the user id and group ID values specified in the environmental variables

Actual Behavior

It doesn't

Possible Fix

Add the variables. Many docker images have these variables, especially those from https://www.linuxserver.io/our-images if you need examples

Steps to Reproduce and debugging done

e.g. your docker run command, pages to visit, CLI commands you ran
There's not much to do as I can't even access the webpage directly after creating the image. FYI, I do not have DNS or DHCP running on my NAS.
This is the create command that I used:
sudo docker run -d \ --name pihole \ -p 53:53/tcp -p 53:53/udp \ -p 67:67/udp \ -p 32777:80 \ -p 32778:443 \ -v "/volume1/docker/pihole/pihole/:/etc/pihole/" \ -v "/volume1/docker/pihole/dnsmasq.d/:/etc/dnsmasq.d/" \ -e ServerIP="${IP}" \ -e TZ=Europe/Amsterdam \ -e DNS1=208.67.222.222 \ -e DNS2=208.67.220.220 \ -e PUID=1033 \ -e PGID=65540 \ --restart=unless-stopped \ --cap-add=NET_ADMIN \ pihole/pihole:latest

Debug steps I have tried

• I have tried destroying my container instance, pulling the newest image version, and re-creating a new container
• I have tried running the nearly stock docker run example in the readme (removing any customizations I added)
• I have tried running without my volume data mounts to eliminate volumes as the cause
• I have searched this repository for existing issues and pull requests that look similar

Context and extra information

#271 #267 #85

Your Environment

• Docker Host Operating System and OS Version: Synology DS1517+ | DSM 6.2-23739 Update 2
• Docker Version: 17.05.0-ce
• Docker API version: 1.29
• Hardware architecture: linux/amd64

[Exist2Resist]

What are the deafult PUID and PGID that Pi-Hole runs under right now?
I'm creating an unraid template for myself and I need to know this, thanks.

[diginc]

The services run as mix of root and www-data, with some files owned by the pihole service account:

root@a70f4332e07f:/# id root
uid=0(root) gid=0(root) groups=0(root)
root@a70f4332e07f:/# id www-data
uid=33(www-data) gid=33(www-data) groups=33(www-data)
root@a70f4332e07f:/# id pihole
uid=999(pihole) gid=999(pihole) groups=999(pihole),33(www-data)

[Exist2Resist]

@diginc Thanks

[jbpaux]

That would explain why I can't do anything in the webgui (adding white list) etc. for example as the user is not correctly set

[EsEnZeT]

Similar stuff - I deploy on Qnap NAS + VPS.

I think it would be nice to have ability to specify UID & GID.

I hope this issue is still valid

[diginc]

Still on my board. FTL's service script (docker specific s6) needs to be updated to run as pi-hole user to accommodate not having a mix of 3 different users processes.

[EsEnZeT]

@diginc thank you for clarification and overall great work on that :)

[lennyg1]

Same thing happens on QNAP NAS, the GUID en PUID aren't set so the files pihole needs in /etc/pihole are pretty much read only to the docker image if you want to mount them to store the data outside of the image. You can clearly see pihole wanting to create files with GID 999, while that one doesn't exist on the NAS.

[tzapu]

same thing happening on docker in ubuntu, every time i restart the service it can't read previosly saved config files i assume, so everything is reset and a new password regenerated.

great job with pi-hole, can t wait to be able to fully use it

[arnemoor]

As this is not a synology specific issue would it be possible to rename that issue? Something like "Use provided host PID / GID to allow host compatible file access" seems to me more meaningful for this feature request.

The mentioned "magic" from linuxserver.io is mainly the usage of a user account "abc" which the tweak to the given PID / GID, see https://github.com/linuxserver/docker-baseimage-alpine/blob/master/root/etc/cont-init.d/10-adduser

• Create user abc with 911 as default PID / GID
• On startup check environment and override if value provided
• Run all processes under the account abc - guess this is the main issue here
• chown folders accordingly

Sidenote: Best practice is to create a "technical docker user" on the NAS / host and use the values of that account for the containers.

[celeroll]

And is there currently a workaround to overcome the issue with permission 999 on shared folder "pihole"?
I'm facing same error as here https://discourse.pi-hole.net/t/php-permissions-error-web-admin-page/14250

[diginc]

My last post in that thread leads to this post and it's reply about tweaking nas permissions to resolve folder share permissions conflicting with docker permissions.

[celeroll]

I solved this problem in the way that I executed this command before docker-compose on the shared folder:
chmod 777 /volume1/apps/configs/pihole/

This allowed the system to create all files with necessary permissions to execute.

And my volume share for this looks like this:
- /volume1/apps/configs/pihole/:/etc/pihole/

[jcass8695]

Any movement on this?

[dschaper]

Diginc, do we need to add an entrypoint to chmod directories to a PID/GID? Or is this something more on the core package that needs to be able to install/run with user supplied UIDs?

[diginc]

Using the linuxserver io style adduser script works really well as long as your programs actually run as that same defined user.

Since this was last discussed we added customizing dnsmasq / FTL's user feature which helps. Spitballing the logic: IF PUID / PGID is passed in, it could modify the pre-existing pihole user to user those IDs and then force the dnsmasq user to pihole.

Next up is probably customizing www-data lighttpd user customization before this'll work. That is a fairly simple sed command.

[jcass8695]

@diginc It sounds like everything I need has been implemented, just sanity checking with you. Adding

-e PUID=1000 \
-e GUID=1000 \
-e DNSMASQ_USER=1000

to my docker run will allow me to volume mount dnsmasq.d locally and be able to write to the conf files? Provided my local user is 1000.

[diginc]

@JCass45 Only the DNSMASQ_USER variable has been added so far. The PUID and GUID scripts haven't been added yet.

[HNGamingUK]

Do we know when PUID and PGID is going to be implemented as I currently keep getting:

cp: cannot create regular file '/etc/dnsmasq.d/01-pihole.conf': Permission denied

Even with DNSMASQ_USER set to 1000

[kquinsland]

I am another +1 for this.

I am trying to use pihole in a rootless container w/ Podman. I currently cant do this because there are three relevant user/group IDs inside the pi-hole container.

The only way to get pihole working is - sadly - to use xx7 level permissions on whichever directories the host mounts into the container. This way, the three IDs inside the container that need access to the volume can access them.

[Haarolean]

This permissions hell is a mess. And chmod'ing 777 is not a proper solution, it's a serious security issue.

[matthewdennett]

It would be awesometo see this fixed up. Having contorll over this make it really easy for this to slot straight into existing convensions.

[edgd1er]

@nixmomo, I run pihole on openmediavault system which has ACL set, I had to set uids/gids according to the host. What I can say, databases were in read only, and are accessible now. (ext4s not test with nfs)

without much more details, about your mounting point (compose file), a ls from within the container, a ls from the host, we won't be able to help you.

[nixmomo]

hi @edgd1er
here is the part of compose (if ya need the complete compose file, i will attach)

    environment:
      TZ: ${TZ}
      WEBPASSWORD: ${WEBPASSWORD}
      DNS1: ${DNSSERVER1}
      DNS2: ${DNSSERVER2}
      ADMIN_EMAIL: andre@dl-host.info
      WEB_UID: 1111
      WEB_GID: 1111
      PIHOLE_UID: 1112
      PIHOLE_GID: 1112
   #   CONDITIONAL_FORWARDING: ${CONDITIONAL_FORWARDING}
   #   CONDITIONAL_FORWARDING_IP: ${CONDITIONAL_FORWARDING_IP}
   #   CONDITIONAL_FORWARDING_DOMAIN: ${CONDITIONAL_FORWARDING_DOMAIN}
   #   CONDITIONAL_FORWARDING_REVERSE: ${CONDITIONAL_FORWARDING_REVERSE}
    # Volumes store your data between container upgrades
    volumes:
      - /home/nfs/docker/pihole/conf/:/etc/pihole/
      - /home/nfs/docker/pihole/dnsmasq.d/conf/:/etc/dnsmasq.d/

the mounts are nfs mounts
here is the ls-la output from host where pihole is running at moment

root@rpi-4gb /home/nfs/docker/pihole/conf # ls -la
total 126816
drwxrwxrwx 3       1112 1112     4096 Jan 27 07:55 .
drwxrwxrwx 6 root       root     4096 Jan 25 07:46 ..
-rw-rw-rw- 1 root       root       65 Dec 28 09:15 adlists.list
-rw-rw-rw- 1 root       root      492 Jan 25 20:16 custom.list
-rw-r--r-- 1       1112 1112        0 Jan 27 07:43 dhcp.leases
-rw-r--r-- 1 root       root      651 Jan 27 07:43 dns-servers.conf
-rw-r--r-- 1 root       root       20 Jan 27 07:43 GitHubVersions
-rw-rw-r-- 1       1112 1112 14069760 Jan 27 07:43 gravity.db
-rw-rw-r-- 1       1112 1112 14020608 Jan 27 07:43 gravity_old.db
-rw-r--r-- 1 root       root   250965 Dec 28 09:38 list.10.v.firebog.net.domains
-rw-r--r-- 1 root       root       84 Dec 28 09:38 list.10.v.firebog.net.domains.sha1
-rw-r--r-- 1 root       root    67622 Dec 28 09:38 list.11.zerodot1.gitlab.io.domains
-rw-r--r-- 1 root       root       89 Dec 28 09:38 list.11.zerodot1.gitlab.io.domains.sha1
-rw-r--r-- 1 root       root  2168819 Jan 27 07:43 list.1.raw.githubusercontent.com.domains
-rw-r--r-- 1 root       root       95 Jan 25 06:51 list.1.raw.githubusercontent.com.domains.sha1
-rw-r--r-- 1 root       root   978572 Jan 27 07:43 list.2.raw.githubusercontent.com.domains
-rw-r--r-- 1 root       root       95 Jan 27 07:43 list.2.raw.githubusercontent.com.domains.sha1
-rw-r--r-- 1 root       root     1172 Jan 27 07:43 list.3.raw.githubusercontent.com.domains
-rw-r--r-- 1 root       root       95 Dec 29 09:12 list.3.raw.githubusercontent.com.domains.sha1
-rw-r--r-- 1 root       root   150216 Jan 27 07:43 list.4.adaway.org.domains
-rw-r--r-- 1 root       root       80 Jan 27 07:43 list.4.adaway.org.domains.sha1
-rw-r--r-- 1 root       root   691748 Jan 27 07:43 list.5.v.firebog.net.domains
-rw-r--r-- 1 root       root       83 Jan 27 07:43 list.5.v.firebog.net.domains.sha1
-rw-r--r-- 1 root       root   271455 Jan 27 07:43 list.6.v.firebog.net.domains
-rw-r--r-- 1 root       root       83 Jan 27 07:43 list.6.v.firebog.net.domains.sha1
-rw-r--r-- 1 root       root    59286 Dec 28 09:38 list.7.v.firebog.net.domains
-rw-r--r-- 1 root       root       83 Dec 28 09:38 list.7.v.firebog.net.domains.sha1
-rw-r--r-- 1 root       root   132829 Jan 27 07:43 list.8.raw.githubusercontent.com.domains
-rw-r--r-- 1 root       root       95 Jan 23 03:29 list.8.raw.githubusercontent.com.domains.sha1
-rw-r--r-- 1 root       root    21016 Jan 27 07:43 list.9.osint.digitalside.it.domains
-rw-r--r-- 1 root       root       90 Jan 27 07:43 list.9.osint.digitalside.it.domains.sha1
-rw-r--r-- 1 root       root       20 Jan 27 07:50 localbranches
-rw-r--r-- 1 root       root       65 Jan 27 07:43 local.list
-rw-r--r-- 1 root       root       42 Jan 27 07:50 localversions
drwxr-xr-x 2 root       root     4096 Dec 28 09:12 migration_backup
-rw-r--r-- 1 rpimonitor spi        20 Jan 27 07:43 pihole-FTL.conf
-rw-rw-r-- 1       1112 1112 96849920 Jan 27 07:55 pihole-FTL.db
-rw-r--r-- 1 root       root      247 Jan 27 07:43 setupVars.conf
-rw-r--r-- 1 root       root      247 Jan 27 07:43 setupVars.conf.update.bak

here is output from ls -la within container

root@7424fd578cb5:/etc/pihole# ls -la
total 126828
drwxrwxrwx 3 pihole pihole     4096 Jan 27 07:57 .
drwxr-xr-x 1 root   root       4096 Jan 27 07:43 ..
-rw-r--r-- 1 root   root         20 Jan 27 07:43 GitHubVersions
-rw-rw-rw- 1 root   root         65 Dec 28 09:15 adlists.list
-rw-rw-rw- 1 root   root        492 Jan 25 20:16 custom.list
-rw-r--r-- 1 pihole pihole        0 Jan 27 07:43 dhcp.leases
-rw-r--r-- 1 root   root        651 Jan 27 07:43 dns-servers.conf
-rw-rw-r-- 1 pihole pihole 14069760 Jan 27 07:43 gravity.db
-rw-rw-r-- 1 pihole pihole 14020608 Jan 27 07:43 gravity_old.db
-rw-r--r-- 1 root   root    2168819 Jan 27 07:43 list.1.raw.githubusercontent.com.domains
-rw-r--r-- 1 root   root         95 Jan 25 06:51 list.1.raw.githubusercontent.com.domains.sha1
-rw-r--r-- 1 root   root     250965 Dec 28 09:38 list.10.v.firebog.net.domains
-rw-r--r-- 1 root   root         84 Dec 28 09:38 list.10.v.firebog.net.domains.sha1
-rw-r--r-- 1 root   root      67622 Dec 28 09:38 list.11.zerodot1.gitlab.io.domains
-rw-r--r-- 1 root   root         89 Dec 28 09:38 list.11.zerodot1.gitlab.io.domains.sha1
-rw-r--r-- 1 root   root     978572 Jan 27 07:43 list.2.raw.githubusercontent.com.domains
-rw-r--r-- 1 root   root         95 Jan 27 07:43 list.2.raw.githubusercontent.com.domains.sha1
-rw-r--r-- 1 root   root       1172 Jan 27 07:43 list.3.raw.githubusercontent.com.domains
-rw-r--r-- 1 root   root         95 Dec 29 09:12 list.3.raw.githubusercontent.com.domains.sha1
-rw-r--r-- 1 root   root     150216 Jan 27 07:43 list.4.adaway.org.domains
-rw-r--r-- 1 root   root         80 Jan 27 07:43 list.4.adaway.org.domains.sha1
-rw-r--r-- 1 root   root     691748 Jan 27 07:43 list.5.v.firebog.net.domains
-rw-r--r-- 1 root   root         83 Jan 27 07:43 list.5.v.firebog.net.domains.sha1
-rw-r--r-- 1 root   root     271455 Jan 27 07:43 list.6.v.firebog.net.domains
-rw-r--r-- 1 root   root         83 Jan 27 07:43 list.6.v.firebog.net.domains.sha1
-rw-r--r-- 1 root   root      59286 Dec 28 09:38 list.7.v.firebog.net.domains
-rw-r--r-- 1 root   root         83 Dec 28 09:38 list.7.v.firebog.net.domains.sha1
-rw-r--r-- 1 root   root     132829 Jan 27 07:43 list.8.raw.githubusercontent.com.domains
-rw-r--r-- 1 root   root         95 Jan 23 03:29 list.8.raw.githubusercontent.com.domains.sha1
-rw-r--r-- 1 root   root      21016 Jan 27 07:43 list.9.osint.digitalside.it.domains
-rw-r--r-- 1 root   root         90 Jan 27 07:43 list.9.osint.digitalside.it.domains.sha1
-rw-r--r-- 1 root   root         65 Jan 27 07:43 local.list
-rw-r--r-- 1 root   root         20 Jan 27 07:50 localbranches
-rw-r--r-- 1 root   root         42 Jan 27 07:50 localversions
drwxr-xr-x 2 root   root       4096 Dec 28 09:12 migration_backup
-rw-r--r-- 1    999    999       20 Jan 27 07:43 pihole-FTL.conf
-rw-rw-r-- 1 pihole pihole 96858112 Jan 27 07:57 pihole-FTL.db
-rw-r--r-- 1 root   root        247 Jan 27 07:43 setupVars.conf
-rw-r--r-- 1 root   root        247 Jan 27 07:43 setupVars.conf.update.bak

I have no idea why the log error is gone but here is the log

[s6-init] making user provided files available at /var/run/s6/etc...exited 0.,
[s6-init] ensuring user provided files have correct perms...exited 0.,
[fix-attrs.d] applying ownership & permissions fixes...,
[fix-attrs.d] 01-resolver-resolv: applying... ,
[fix-attrs.d] 01-resolver-resolv: exited 0.,
[fix-attrs.d] done.,
[cont-init.d] executing container initialization scripts...,
[cont-init.d] 05-changer-uid-gid.sh: executing... ,
Changing ID for user: www-data (33 => 1111),
Changing ID for group: www-data (33 => 1111),
Changing ID for user: pihole (999 => 1112),
Changing ID for group: pihole (999 => 1112),
[cont-init.d] 05-changer-uid-gid.sh: exited 0.,
[cont-init.d] 20-start.sh: executing... ,
 ::: Starting docker specific checks & setup for docker pihole/pihole,
,
  [i] Installing configs from /etc/.pihole...,
  [i] Existing dnsmasq.conf found... it is not a Pi-hole file, leaving alone!,
  [i] Installing /etc/dnsmasq.d/01-pihole.conf...
  [✓] Installed /etc/dnsmasq.d/01-pihole.conf,
  [i] Installing /etc/.pihole/advanced/06-rfc6761.conf...
  [✓] Installed /etc/dnsmasq.d/06-rfc6761.conf,
Converting DNS1 to PIHOLE_DNS_,
Converting DNS2 to PIHOLE_DNS_,
Setting DNS servers based on PIHOLE_DNS_ variable,
::: Pre existing WEBPASSWORD found,
  [✓] Setting admin contact to andre@dl-host.info,
DNSMasq binding to default interface: eth0,
Added ENV to php:,
			"PIHOLE_DOCKER_TAG" => "dev",,
			"PHP_ERROR_LOG" => "/var/log/lighttpd/error.log",,
			"ServerIP" => "0.0.0.0",,
			"CORS_HOSTS" => "",,
			"VIRTUAL_HOST" => "0.0.0.0",,
Using IPv4 and IPv6,
::: Preexisting ad list /etc/pihole/adlists.list detected ((exiting setup_blocklists early)),
https://raw.githubusercontent.com/StevenBlack/hosts/master/hosts,
::: Testing lighttpd config: Syntax OK,
::: All config checks passed, cleared for startup ...,
::: Enabling Query Logging,
  [i] Enabling logging...,

  [✓] Logging has been enabled!,
 ::: Docker start setup complete,
  Checking if custom gravity.db is set in /etc/pihole/pihole-FTL.conf,
  Pi-hole version is v5.8.1 (Latest: v5.8.1),
  AdminLTE version is v5.10.1 (Latest: v5.10.1),
  FTL version is v5.13 (Latest: v5.13),
  Container tag is: dev,
[cont-init.d] 20-start.sh: exited 0.,
[cont-init.d] done.,
[services.d] starting services,
Starting lighttpd,
Starting crond,
Starting pihole-FTL (no-daemon) as pihole,
[services.d] done.

I can use the webinterface now with the dev image but whitelisting is not working with this image .... the rights looking ok for me

[PromoFaux]

-rw-r--r-- 1 999 999 20 Jan 27 07:43 pihole-FTL.conf

This should have been chowned when FTL started. We may have missed it, I'll check later!

What is the exact error you get when whitelisting?

[nixmomo]

Hi @PromoFaux
i get this error
http://prntscr.com/26k7h1y

[edgd1er]

@nixmomo ,

Could you test with local storage as I suspect your problem may be due to nfs filesystem rights ?
I'm new to nfs and I remember having problems with root_squash/no_root_squash/all_squash.

[nixmomo]

@edgd1er its a nfs v3 mount so it is mounted as a local folder but i tried with a real local folder and its the same issue

[PromoFaux]

This experimental support is now in 2022.02.1/latest - Testing and feedback would be greatly appreciated

[dsm1212]

FWIW this worked first try for me. Thanks!!!

[nixmomo]

The "While executing: attempt to write a readonly database
Added 0 out of 1 domains"
is not fixed in the 2022.2.1 Version

here is the debug log if it helps
https://tricorder.pi-hole.net/vfequxfr/

[nixmomo]

ok, it works if i move the files to local folder but there it struggles with the rpimonitor user (both using 999 as uid) thats why i want to change...
but i can't believe that its a nfs error....
its a nfs3 share with this options
(rw,async,no_subtree_check,no_root_squash,insecure)
so where is the missconfiguration?
The share is mounted as rw and it works in all other containers.

[edgd1er]

this link: https://serverfault.com/questions/240897/how-to-properly-set-permissions-for-nfs-folder-permission-denied-on-mounting-en may give you some hints on how to tackle right permissions on nfs.

uid/gid must match between the containers and the nfs server. if not, ,anonuid=1000,anongid=1000 may be a solution. uid/gid 1000 must have read,right permissions on the nfs dirs/files.

[nixmomo]

hmm that cant be the point... i have no_root_squash and the ownership on the nfs mounts are the same that i set in pihole configs and on the nfs server are they set to the same uid/guid i configured for pihole and the folder on top has a 777 write permission.... i can create files from within the docker container in the mounted volumes too so it can't be a nfs problem.. that makes absolutly no sense

[dsm1212]

The host volume has to bind mount into the container and it introduces some odd behavior with nfs. But docker supports nfs mounting the volume from within the container. You can do it from the docker command line or from docker compose if you are using that. Just google how to mount nfs into a docker container. Switch to that and this should go away, plus you can drop allowing the root access which is dangerous. I feel compelled to add that there are many reasons for an nfs mount to have issues. Those issues will take out your entire network when pihole stops working. Not to mention that you will have to carefully get that nfs location mounted without dns since you have to do it before pihole is started. I'm not sure what you are gaining here but I wouldn't do this.

[Swiiney]

Working for me, thanks a lot
I have a simple config with Pihole running on Rpi with data on external drive connected with USB.

Only problem, I tried to get the same UID/GID for WEB and PIHOLE which is not working. After I figured out that it creates the same UID and GID in passwd and groups, I removed WEB_UID and WEB_GID (which is almost useless) all is working.

[dschaper]

Only problem, I tried to get the same UID/GID for WEB and PIHOLE which is not working. After I figured out that it creates the same UID and GID in passwd and groups, I removed WEB_UID and WEB_GID (which is almost useless) all is working.

I'll take a look at that soon.

[divStar]

Just for reference: all of the sudden I couldn't edit any settings. I suppose it has something to do with me changing the docker-volumes location (didn't change permissions though).

For whatever reason stopping, removing and pruning the pihole-image and redownloading it, helped... I checked on the permissions of /usr/bin/sudo (I have had the error message saying, that /usr/bin/sudo must be owned by uid 0 and have the setuid bit set) and they seemed just fine. I did not change any other settings.

[ilium007]

When I set PIHOLE_GID=1001 it reverts to GID of 999 and messes up my host volume group permissions. If I set PIHOLE_GID=1000 it correctly sets the GID to 1000 but that is not what I want on the host directory group permission.

[nixmomo]

this feature has never worked very well.... thats the reason why i use unbound dns .... i love pihole but it is more a fun project ... in german we call it "frickelei" .... unbound dns is very stable and can handle all the pihole lists too and it has a HA feature and so on.... and all what i need is a stable working dns blocking function and the possibility to add local domains.... if unbound is not working ini your case, just look into adguard....its more stable and handles the gid and uid perfectly.
Very hard words from me i know and my heart is crying because i used pihole over 8 years or so and i love it realy but yes, from time to time it needs to look around and validate the new software what comes out

[dschaper]

Sorry you had a bad experience with free open source software. There are a number of other options like AdGuard or NextDNS however you are sending your data to other parties with those.

What ever you decide to do, please make sure that you use some kind of software to help protect your privacy online.

[dschaper]

When I set PIHOLE_GID=1001 it reverts to GID of 999 and messes up my host volume group permissions. If I set PIHOLE_GID=1000 it correctly sets the GID to 1000 but that is not what I want on the host directory group permission.

Can you please post your docker compose or docker run so we can try to assist you? Thanks!

[divStar]

Well, for me pi-Hole is working fine within the docker container. I just had to make sure to forward those few hosts Portainer needs in case no DNS is available (pi-Hole container down when updating or altering settings). I also solved that issue by I think setting permissions on the file system (configs are written to a mounted volume in my case), because I just checked and I haven't specified any GID/PID in the environment arguments section of my docker-compose file.

[nixmomo]

Sorry you had a bad experience with free open source software. There are a number of other options like AdGuard or NextDNS however you are sending your data to other parties with those.

What ever you decide to do, please make sure that you use some kind of software to help protect your privacy online.

thanks for the hint but none of the called software calls home if you don't want to .... at the end it do the same like pihole.

but i always have a pihole instance running to keep an eye on it. i'm sure that i use pihole in feature again as primary resolver / adblocker but before it is needed to fix all the broken things (pid / guid bugs, nfs support for storing configs) and an ha option (master slave sync maybe)

[ilium007]

When I set PIHOLE_GID=1001 it reverts to GID of 999 and messes up my host volume group permissions. If I set PIHOLE_GID=1000 it correctly sets the GID to 1000 but that is not what I want on the host directory group permission.

Can you please post your docker compose or docker run so we can try to assist you? Thanks!

version: '3.9'

services:
  pihole:
    container_name: pihole
    image: pihole/pihole:latest
    networks:
      - sapling
    ports:
      - 53:53/tcp
      - 53:53/udp
      - 80
    environment:
      - TZ=Australia/Sydney
      - WEBPASSWORD=xxx
      - ADMIN_EMAIL=xxx@gmail.com
      - PIHOLE_UID=1000
      - PIHOLE_GID=1000
      - VIRTUAL_HOST=pihole.xxx
    volumes:
      - /data/docker/pihole/etc-pihole:/etc/pihole
      - /data/docker/pihole/etc-dnsmasq.d:/etc/dnsmasq.d
    restart: unless-stopped

This results in correct permissions on etc-pihole but etc-dnsmasq.d are still root/root

❯ ll pihole
drwxr-sr-x -  root        root        14 Jul  9:39 etc-dnsmasq.d
drwxrwsr-x - xxx         xxx          14 Jul  9:41 etc-pihole

[nixmomo]

isn't it the wrong image? i'm not sure but is it merged into latest?
The last changes was in :dev or :2022.2.1

[PromoFaux]

The last changes was in :dev or :2022.2.1

?? 7 releases since then!

Do you specifically mean this PR? That was released with 2022.02, but hasn't been removed

[ilium007]

I’m using :latest

I commented on this thread rather than opening a new issue.

[dsm1212]

There is a separate env setting DNSMASQ_USER for changing the dnsmasq user because on some systems dnsmasq won't work right if it is not root. I have it unset and I get root/root like you stated too. Although elsewhere here I see a statement it defaults to pihole, I think that must not be true. Try setting this to pihole.

By the way this reverting to 999 issue doesn't seem to make sense to me and I don't see that in the info you shared. Could you show that one? Is the disk you are mapping a remote mounted volume by any chance?

[PromoFaux]

Although elsewhere here I see a statement it defaults to pihole, I think that must not be true.

https://github.com/pi-hole/docker-pi-hole/blob/master/Dockerfile#L41

on some systems dnsmasq won't work right if it is not root.

Yeah, I have the Pi-hole container running on my Synology (DSM7) and I have to set DNSMASQ: root otherwise things don't work as expected