Pihole docker default FTL/ web uid and gid are clashing with openmediavault 6 www-data and spi groups

[kenny00111]

Pihole docker FLT has a default uid 999 while uid 999 is already used by openmediavault-webgui (999:spi), same issue with the www-data (33:33) - docker cannot start due permission issues

Details

Related Issues

• [+ ] I have searched this repository/Pi-hole forums for existing issues and pull requests that look similar

How to reproduce the issue

1. Environment data

• Operating System: Rasbian
• Hardware: RasPi 4B
• Kernel Architecture: not relevant
• Docker Install Info and version:
  • Software source: official docker-ce
  • Supplimentary Software: OMV6, portainer
• Hardware architecture: not relevant

2. docker-compose.yml:

pihole:
    container_name: pihole
    hostname: pihole.home
    image: pihole/pihole:latest
    depends_on: 
      - unbound
    networks:
      home:
        ipv4_address: **********
        aliases:
           - pihole.home
    ports:
      - 53:53/tcp           #DNS
      - 53:53/udp           #DNS
      - 80:80/tcp           #webui
      - 443:443/tcp         #https
    secrets:
       - piholepwd
    environment:
       ServerIP: **********
       TZ: Europe/Paris
       DNSMASQ_LISTENING: all
       WEBPASSWORD_FILE: /run/secrets/piholepwd
       PIHOLE_DNS_: **********
       FTLCONF_LOCAL_IPV4: **********
       DNSSEC: false
       DNS_BOGUS_PRIV: true
       DNS_FQDN_REQUIRED: true
       DHCP_ACTIVE: false
       PIHOLE_DOMAIN: home
       DHCP_IPv6: false
       IPv6: false
       DNSMASQ_USER: root

s6-rc: info: service s6rc-oneshot-runner: starting
s6-rc: info: service s6rc-oneshot-runner successfully started
s6-rc: info: service fix-attrs: starting
s6-rc: info: service fix-attrs successfully started
s6-rc: info: service legacy-cont-init: starting
s6-rc: info: service legacy-cont-init successfully started
s6-rc: info: service cron: starting
s6-rc: info: service cron successfully started
s6-rc: info: service _uid-gid-changer: starting
s6-rc: info: service _uid-gid-changer successfully started
s6-rc: info: service _startup: starting
ServerIP is deprecated. Converting to FTLCONF_LOCAL_IPV4
  [i] Starting docker specific checks & setup for docker pihole/pihole
  [i] Setting capabilities on pihole-FTL where possible
  [i] Applying the following caps to pihole-FTL:
        * CAP_CHOWN
        * CAP_NET_BIND_SERVICE
        * CAP_NET_RAW
  [i] Ensuring basic configuration by re-running select functions from basic-install.sh
  [i] Installing configs from /etc/.pihole...
  [i] Existing dnsmasq.conf found... it is not a Pi-hole file, leaving alone!
  [i] Installing /etc/dnsmasq.d/01-pihole.conf...
  [✓] Installed /etc/dnsmasq.d/01-pihole.conf
  [i] Installing /etc/.pihole/advanced/06-rfc6761.conf...
  [✓] Installed /etc/dnsmasq.d/06-rfc6761.conf
  [i] Installing latest logrotate script...
	[i] Existing logrotate file found. No changes made.
  [i] Assigning password defined by Environment Variable
  [✓] New password set
  [i] Added ENV to php:
			"TZ" => "Europe/Paris",
			"PIHOLE_DOCKER_TAG" => "",
			"PHP_ERROR_LOG" => "/var/log/lighttpd/error-pihole.log",
			"CORS_HOSTS" => "",
			"VIRTUAL_HOST" => "********",
  [i] Using IPv4
  [i] setup_blocklists now setting default blocklists up: 
  [i] TIP: Use a docker volume for /etc/pihole/adlists.list if you want to customize for first boot
  [i] Blocklists (/etc/pihole/adlists.list) now set to:
https://raw.githubusercontent.com/StevenBlack/hosts/master/hosts
  [i] Setting DNS servers based on PIHOLE_DNS_ variable
  [i] Applying pihole-FTL.conf setting LOCAL_IPV4=********
  [i] FTL binding to default interface: eth0
  [i] Enabling Query Logging
  [i] Testing lighttpd config: Syntax OK
  [i] All config checks passed, cleared for startup ...
  [i] Docker start setup complete
  [i] pihole-FTL (no-daemon) will be started as root
s6-rc: info: service _startup successfully started
s6-rc: info: service pihole-FTL: starting
s6-rc: info: service pihole-FTL successfully started
s6-rc: info: service lighttpd: starting
s6-rc: info: service lighttpd successfully started
s6-rc: info: service _postFTL: starting
s6-rc: info: service _postFTL successfully started
s6-rc: info: service legacy-services: starting
  Checking if custom gravity.db is set in /etc/pihole/pihole-FTL.conf
s6-rc: info: service legacy-services successfully started
Stopping pihole-FTL
pihole-FTL: no process found
Stopping pihole-FTL
pihole-FTL: no process found
Stopping pihole-FTL
pihole-FTL: no process found
Stopping pihole-FTL
pihole-FTL: no process found
Stopping pihole-FTL
pihole-FTL: no process found
Stopping pihole-FTL
pihole-FTL: no process found
Stopping pihole-FTL
pihole-FTL: no process found
Stopping pihole-FTL
pihole-FTL: no process found
  [✗] DNS service is not running
Stopping pihole-FTL
pihole-FTL: no process found
  [i] Time until retry: 120Stopping pihole-FTL
pihole-FTL: no process found

checking the owner of the files results:

raspberrypi:/Data/home $ ls -l pihole
total 212
-rw-r--r--  1 root                  root  1391 Nov 30 00:03 01-pihole.conf
-rw-r--r--  1 root                  root  2190 Nov 30 00:03 06-rfc6761.conf
-rw-r--r--  1 root                  root     0 Nov 30 00:03 custom.list
-rw-r--r--  1 openmediavault-webgui spi      0 Nov 30 00:03 dhcp.leases
-rw-r--r--+ 1 root                  root   651 Nov 30 00:03 dns-servers.conf
-rw-rw-r--+ 1 openmediavault-webgui spi  94208 Nov 30 00:03 gravity.db
-rw-r--r--  1 root                  root   241 Nov 30 00:03 logrotate
lrwxrwxrwx  1 root                  root    13 Nov 30 00:03 macvendor.db -> /macvendor.db
drwxrwxr--+ 2 root                  root  4096 Nov 30 00:03 migration_backup
-rw-rw-r--  1 openmediavault-webgui root   137 Nov 30 00:03 pihole-FTL.conf
-rw-rw-r--+ 1 openmediavault-webgui spi  81920 Nov 30 00:03 pihole-FTL.db
-rw-r--r--  1 root                  root   255 Nov 30 00:03 setupVars.conf
-rw-r--r--+ 1 root                  root    27 Nov 30 00:03 setupVars.conf.update.bak
-rw-r--r--+ 1 root                  root     0 Nov 30 00:02 versions

Adding different users to the enviroment variables:

       PIHOLE_UID: 1002
       PIHOLE_GID: 1001
       WEB_UID: 1006
       WEB_GID: 1001
       DNSMASQ_USER: 1002

Result the following error:

User [1002] not known
Stopping pihole-FTL
pihole-FTL: no process found
User [1002] not known
Stopping pihole-FTL

pihole creates the following:
raspberrypi:/Data/home $ ls -l pihole
total 128
-rw-r--r--  1 root  root         1391 Nov 29 23:59 01-pihole.conf
-rw-r--r--  1 root  root         2190 Nov 29 23:59 06-rfc6761.conf
-rw-r--r--  1 root  root            0 Nov 29 23:59 custom.list
-rw-r--r--  1 peter dockergroup     0 Nov 29 23:59 dhcp.leases
-rw-r--r--+ 1 root  root          651 Nov 29 23:59 dns-servers.conf
-rw-rw-r--+ 1 peter dockergroup 94208 Nov 29 23:59 gravity.db
-rw-r--r--  1 root  root          241 Nov 29 23:59 logrotate
lrwxrwxrwx  1 root  root           13 Nov 29 23:59 macvendor.db -> /macvendor.db
drwxrwxr--+ 2 root  root         4096 Nov 29 23:59 migration_backup
-rw-rw-r--  1 peter root          137 Nov 29 23:59 pihole-FTL.conf
-rw-r--r--  1 root  root          255 Nov 29 23:59 setupVars.conf
-rw-r--r--+ 1 root  root           27 Nov 29 23:59 setupVars.conf.update.bak

[scottrknight]

DNSMASQ_USER should be a username, not uid. From the release notes:

In 2022.01 and later, the default DNSMASQ_USER has been changed to pihole, however this may cause issues on some systems such as Synology, see Issue #963 for more information. If the container won't start due to issues setting capabilities, set DNSMASQ_USER to root in your environment.

[github-actions]

This issue is stale because it has been open 30 days with no activity. Please comment or update this issue or it will be closed in 5 days.