Running owncloud in docker as other user not possible

Question

When I'm trying to run owncloud with docker everything is fine. But when I then try to run it as other user I'm always getting the following error:

docker run --user 1005:1005 owncloud/server:latest

/etc/entrypoint.d/05-nsswrapper.sh: line 8: /home/owncloud/passwd: Permission denied

Without the --user 1005:1005 options the container starts properly.

The initial thing I wanted to do is to run owncloud with docker compose and running it as other user so I can have a volume with the data on another disk as the default disk with the operating system on it does not have enough space. I already changed the ownership to a user called owncloud with uid=gid=1005

I also had a look to the docs of the docker image and also to https://hub.docker.com/_/php/ section Running as an arbitrary user. But this doesn't work for me. When having a look inside the docker image there is a folder called /home/owncloud with ownership root. I'm already running other services with dedicated users and having no such problems.

Answer 1

You will need to change your Docker run line to read docker run --user 1005:0 owncloud/server:latest. Because, the Own Cloud startup scripts change permissions on files in /etc/ and other root owned files. But, even after I made the change I just suggested, I could not get it to start without error.

I was seeing the same error. So, I created the following Dockerfile, which inherits from owncloud/server:10.13.1-amd64.

FROM owncloud/server:10.13.1-amd64

# user and group IDs used to run the Docker process.
ARG SERVICE_USER=owncloud_server
ENV SERVICE_USER=${SERVICE_USER:-owncloud_server}
ARG SERVICE_GROUP=root
ENV SERVICE_GROUP=${SERVICE_GROUP:-root}
ARG SERVICE_USER_ID=534
ENV SERVICE_USER_ID=${SERVICE_USER_ID:-534}
ARG SERVICE_GROUP_ID=0
ENV SERVICE_GROUP_ID=${SERVICE_GROUP_ID:-0}
#RUN groupadd --gid ${SERVICE_GROUP_ID} ${SERVICE_GROUP}
RUN useradd --uid ${SERVICE_USER_ID} \
--gid ${SERVICE_GROUP_ID} \
--home-dir /home/${SERVICE_USER} \
--create-home \
${SERVICE_USER}

# change ownership of Own Cloud files and directories
RUN chown -R ${SERVICE_USER}:${SERVICE_GROUP} \
/etc/cron.d \
/var/www/html \
/var/www/.cache \
/var/log/apache2 \
/var/run/apache2 \
/var/www/owncloud \
/mnt/data

USER ${SERVICE_USER}

It works better, but it still fails to start-up, and I still get the following error at the end of output:

php_1      | services are ready!
php_1      | Waiting for Redis...
php_1      | services are ready!
php_1      | Removing custom folder...
php_1      | Linking custom folder...
php_1      | Removing config folder...
php_1      | Linking config folder...
php_1      | Writing config file...
php_1      | Skipping chown as requested...
php_1      | Skipping chmod as requested...
php_1      | Installing server database...
php_1      | ownCloud was successfully installed
php_1      | ownCloud is already latest version
php_1      | Writing objectstore config...
php_1      | Writing php config...
php_1      | Updating htaccess config...
php_1      | .htaccess has been updated
php_1      | Writing apache config...
php_1      | Enabling cron background...
php_1      | Set mode for background jobs to 'cron'
php_1      | Writing crontab file...
php_1      | Touching cron configs...
php_1      | Starting cron daemon...
php_1      | seteuid: Operation not permitted

I can see in overlay/etc/owncloud.d/25-chown.sh, which execute at system startup, permissions are modified on a bunch of directories. However, that script seems to execute without error. The error I'm seeing, seteuid: Operation not permitted, seems to be generated from some other piece of code or a script, not sure which.