Docker usr & usergroup

Currently reading
Docker usr & usergroup

100
11
NAS
DS412+
Gents:

There is a concern I want to hear your solutions:
  • You may have set up several docker/containers with root/admin, e.g. Homebridge/Linux/other servers, running under the only user of root/admin;
  • But SynoNAS persistently asks you to deactivate the account of admin/root due to security concerns, warn& notify in DSM that you should disable that from time to time( quite annoying);
I have also several docker/containers running under root, with interaction to DSM host system, e.g. SQL server, in order to conform with the securityadvise, I switched off admin account, but then I encounter with lots problems and have to re-setup the interactions. e.g. setup new user at docker/container & assign it to admin group and the previous data directories, etc.

Anyone has a more systematic solution, what would be the "best practice" ?

Thanks and Regards
 
Last edited:
I think what you described is the best practice. That is what I did. Takes a bit of effort, but imo this is the best approach.
haha

you may know SynoNAs even doesn't have the command of groups, evenif you sudo groups: sudo: groups: command not found
so tiresome!
ref.:
 
Upvote 0
Last edited:
You can use the GUI for that? Control Panel, Users?

If you want to change uid/gid you can use the command line util synouidmod (3rd party) or change /etc/passwd and /etc/group and synouser --rebuild all. At your own risk.

Or use chown -R user:group /path/to/dir to recursively change ownership.
 
Upvote 0
Last edited:
This should be the Synology counterpart:
Code:
sudo synogroup --add docker
sudo synogroup  --member docker ${username}
sudo chown root:docker /run/docker.sock
sudo chmod 0660 /run/docker.sock # in case the unix permissions are not already set to 0660

Warning: be aware that synogroup --member ${groupname} ${username} will set(!) the one or more usernames you provide as the members of the group! If you apply this command to a previosly existing group with members, the list of members will be replaced with the usernames you specify here.

update: the last link in iStones 2nd post covers --add with assigning the member to the group in a single command. Since a new group can't have members there is no risk to remove existing members of the group :)
 
Upvote 0

Create an account or login to comment

You must be a member in order to leave a comment

Create account

Create an account on our community. It's easy!

Log in

Already have an account? Log in here.

Similar threads

For the heck of it, I just checked again in docker container, and it announced an update was available. I...
Replies
4
Views
485
  • Question
Do realize, that enabling any user to run docker containers is largely the same as giving that user full...
Replies
6
Views
1,079
Hello, I already have it configured perfectly with wireguard. I was looking at the Gluetun configuration...
Replies
4
Views
760
Thanks... I tried something similar with rsync. The docker volume lived in...
Replies
7
Views
764
I can’t find any option to restore just the settings. 1710356648 Phew, managed to fix it. Within the...
Replies
4
Views
580
Good to hear. Deluge has not been updated for almost two years now as an app, nevertheless. But it gives...
Replies
12
Views
1,271
  • Question
Open an issue on that GitHub page. The developers will be glad to assist. OP has posted two threads on...
Replies
5
Views
1,234

Welcome to SynoForum.com!

SynoForum.com is an unofficial Synology forum for NAS owners and enthusiasts.

Registration is free, easy and fast!

Back
Top