Docker usr & usergroup

Currently reading
Docker usr & usergroup

100
11
NAS
DS412+
Gents:

There is a concern I want to hear your solutions:
  • You may have set up several docker/containers with root/admin, e.g. Homebridge/Linux/other servers, running under the only user of root/admin;
  • But SynoNAS persistently asks you to deactivate the account of admin/root due to security concerns, warn& notify in DSM that you should disable that from time to time( quite annoying);
I have also several docker/containers running under root, with interaction to DSM host system, e.g. SQL server, in order to conform with the securityadvise, I switched off admin account, but then I encounter with lots problems and have to re-setup the interactions. e.g. setup new user at docker/container & assign it to admin group and the previous data directories, etc.

Anyone has a more systematic solution, what would be the "best practice" ?

Thanks and Regards
 
Last edited:
I think what you described is the best practice. That is what I did. Takes a bit of effort, but imo this is the best approach.
haha

you may know SynoNAs even doesn't have the command of groups, evenif you sudo groups: sudo: groups: command not found
so tiresome!
ref.:
 
Upvote 0
Last edited:
You can use the GUI for that? Control Panel, Users?

If you want to change uid/gid you can use the command line util synouidmod (3rd party) or change /etc/passwd and /etc/group and synouser --rebuild all. At your own risk.

Or use chown -R user:group /path/to/dir to recursively change ownership.
 
Upvote 0
Last edited:
This should be the Synology counterpart:
Code:
sudo synogroup --add docker
sudo synogroup  --member docker ${username}
sudo chown root:docker /run/docker.sock
sudo chmod 0660 /run/docker.sock # in case the unix permissions are not already set to 0660

Warning: be aware that synogroup --member ${groupname} ${username} will set(!) the one or more usernames you provide as the members of the group! If you apply this command to a previosly existing group with members, the list of members will be replaced with the usernames you specify here.

update: the last link in iStones 2nd post covers --add with assigning the member to the group in a single command. Since a new group can't have members there is no risk to remove existing members of the group :)
 
Upvote 0

Create an account or login to comment

You must be a member in order to leave a comment

Create account

Create an account on our community. It's easy!

Log in

Already have an account? Log in here.

Similar threads

For the heck of it, I just checked again in docker container, and it announced an update was available. I...
Replies
4
Views
675
  • Question
Do realize, that enabling any user to run docker containers is largely the same as giving that user full...
Replies
6
Views
1,275
Hello, I already have it configured perfectly with wireguard. I was looking at the Gluetun configuration...
Replies
4
Views
962
Thanks... I tried something similar with rsync. The docker volume lived in...
Replies
7
Views
973
I can’t find any option to restore just the settings. 1710356648 Phew, managed to fix it. Within the...
Replies
4
Views
758
Good to hear. Deluge has not been updated for almost two years now as an app, nevertheless. But it gives...
Replies
12
Views
1,446

Welcome to SynoForum.com!

SynoForum.com is an unofficial Synology forum for NAS owners and enthusiasts.

Registration is free, easy and fast!

Back
Top