New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Permission error #25
Comments
I get the same error. If we take a closer look at the user rights on the folder that is causing the error, we realize that the user does not have write permission on the folder.
I haven't tried it yet, but I run the command as root. Did you try as single user? And have you found a solution since? |
Experiencing the same issue. |
For information, there is a possibility to run the container in spite of this problem of permissions in a very specific case. I've managed to do it several times. I'm currently investigating because every other time I modify my docker-compose I get this error again 😓 I'll get back to you if I find a way to make it work every time |
I've been trying to set this container up in compose and have run into the same issue. I've done some investigating and I think I've narrowed the problem down. The ProblemFirstly, the problem we're all getting is related to using bind mounts. Makes sense why we want to use them, as we want to have access to the server files on the host filesystem. Unfortunately though, it seems that no matter how hard you try, as soon as you instruct the bind mount to be made, the directory IN THE CONTAINER gets the This is similar to what @Zerka30 pointed out, though from my experience it's not always root. On my server, I log in using an unprivileged user (named csgo@5327198328cb:~$ ls -l
total 24
drwxr-xr-x 1 csgo csgo 4096 Jun 20 07:12 Steam
drwxr-xr-x 2 1001 1001 4096 Jun 20 07:10 server
-rwxr-xr-x 1 1001 1001 4652 Jun 20 07:11 server.sh
-rwxr-xr-x 1 root root 3434 Jun 11 18:04 server_sourcemod.sh On my machine, the user ID and group ID of my What I TriedThe first thing I tried were the suggestions from this GH issue. However, as you can probably guess that was a bit of a red herring because that issue concerned volumes, not bind mounts. That took me a while to diagnose (and the steps in that issue comment didn't seem to affect anything anyway) so I tried a more focused search and came to this WP article discussing bind mounts. The steps in this article did in fact work, although if you want a quick fix, you'll have to accept some jank. The (Temporary) SolutionHere's what you have to change: In the @@ -8,8 +8,10 @@ RUN apt-get update \
rsync=3.1.3-6 \
unzip=6.0-23+deb10u2 \
wget=1.20.1-1.1 \
- && rm -rf /var/lib/apt/lists/* \
- && useradd -m csgo
+ && rm -rf /var/lib/apt/lists/*
+
+RUN useradd -u 1001 -o -m csgo && \
+ groupmod -g 1001 csgo
USER csgo Basically, just hardcode the user's UID/GID that matches the user on the host that owns the directory, and the bind mount will not have the same permission problems when using the container thereafter. However, the solution is kind of janky, as mentioned. Alternate SolutionsWhile this works for now, some better ways to do this are to:
If we wanted to integrate something like 2. into this image the Dockerfile would of course need some tweaking. We could have it such that it reverts to the "stock" behavior when the environment variables are not specified. If @timche thinks it's a good idea, I could make a PR for it. If not, I suppose I'll just fork the project and make the changes there. |
Nice work man, I had not been so far in my analysis, probably due to lack of experience 😅 But I can confirm that I could also see that using an unprivileged user did not magically solve the problem. Now we have the real reason, and I hope that timche will accept the changes. |
Thanks for looking into it @Tardnicus! https://hub.docker.com/r/wolveix/satisfactory-server also uses Before I can make a decision, I'd like to get a better understand of the following:
|
No problem! Happy to help. I actually missed that part in the documentation about
In fact, when looking back at it now, when trying to convert the docker run command listed in the README here, I misread the So, to recap -- I think you have it set up reasonably, with a volume for the csgo server data and a bind mount for override files. Since we have the overrides dir on the host filesystem, there's no reason to edit the data in the volume directly. I think the initial confusion on which is a volume and which is a bind mount caused this issue to crop up and we all think it's a problem with the way it's set up here rather than our own misunderstanding. Perhaps adding an example I finally have a working setup using my newfound knowledge, so I can make a documentation PR, if you'd like. |
Thanks for elaborating @Tardnicus. I highly recommend to not modify the server files directly in the volume/bind mount. The reason why the custom files dir feature has been added is:
|
What you said is perfectly fair, and I see more why you've chosen to implement it this way. I definitely agree with you on the updating Sourcemod front. Good god, that was a nightmare when I had the unfortunate task of manually updating it. Not sure if this is out of the scope of this issue, but I was wondering if there was any special behavior for controlling when a file is deleted? For example, when trying out different SM plugins, after deleting it from my overrides directory the change is not reflected in the volume after restart (i.e. the mod I removed is still there). Of course, this makes perfect sense, as rsync is not configured to delete files from the target directory that don't exist in the source directory -- that would go against the point of an overrides directory. With mods I realize there are the I mention this because this is one of the remaining use-cases that would require me to mess around in the volume itself. Perhaps I am missing a smarter way of doing this? I could blow up the volume but that would require me to download the game again (~30 GB). |
Hitting this too - is there an equivalent of We should be using on instantiation of the container? |
@castanley Sorry for the late response. Assuming I understand your question right, no there is no way to specify the PID/GID on this particular container that would make it work as expected within a bind mount, without rewriting/augmenting it somehow. Like I mentioned in my above comment, you could either hardcode the PID/GID, or could try to modify the Dockerfile like https://hub.docker.com/r/wolveix/satisfactory-server does it, such that it'll take the environment variables and create the user based on them. This container isn't really set up OOB that way, and just sort of assumes you have write access to everything. I have this server deployed no problem using a volume, after discovering that bind mounts don't work as well. This is definitely the intended way to do it, especially given the custom files dir feature. In most cases you won't need to do any editing outside that custom dir. I still do, occasionally (for example, if I wanted to delete a mod and not have it take up space, or delete a config entirely after I've deleted it from the custom dir folder). If you're looking for a working example of a version: '3'
services:
my-csgo-server:
image: 'timche/csgo:sourcemod'
network_mode: host
volumes:
- 'my-csgo-server:/home/csgo/server'
- '/home/.../my-csgo-server/overrides:/usr/csgo'
environment:
- CSGO_GSLT=${LOGIN_TOKEN}
# ...etc
restart: 'unless-stopped'
stdin_open: true
tty: true
volumes:
my-csgo-server: |
I have it working but I had to modify it myself which was why I was asking if there was a way natively. Though I should have just looked at the source :) I don’t run docker because of some security implications and instead run under rootless podman, along with proper SELinux context labels and a restricted UID and GUID. In the event the container gets compromised, access is limited. With my setup I take a least privileged approach so assuming write access everywhere doesn’t work for me 😄 Anywho I got it working - thanks for the reply! |
The way how custom files are synchronized now have been changed. It's now using soft links and deleted custom server files are now also removed from the |
Trying to run it through docker-compose and I get this error also the host folder volume is bound to is empty after the installation.
The text was updated successfully, but these errors were encountered: