Best practive for running in Docker / unraid?

ninjanner · 13 May 2024 20:06

I’ve been setting up Duplicacy in Unraid/Docker and have some questions about the default permissions.

The template uses the following settings:

UID: 99 (nobody user)
GID: 100

When I tested backup and restore, I had to use the “-ignore-owner” switch. If I remove these permissions from Docker, the files restore with their original permission levels.

My question is: should I keep the UID/GID set to 99/100, or is there any downside to removing them?

I noticed that leaving these settings requires me to modify the permissions after restoring. It’s not a major issue, but I’m curious to hear what others recommend.

saspus · 13 May 2024 22:20

If you remove the gid and pid, they default to 0, and duplicacy runs as root. This allows it to set permissions on restored files.

ninjanner · 13 May 2024 23:18

I noticed that. I am running this at home, internally on my network. Any reason not to do this, or is running 99/100 just security best practices ?

saspus · 14 May 2024 03:45

Here is a good discussion of the implications of each approach: Understanding root inside and outside a container and here: https://www.redhat.com/sysadmin/rootless-podman-makes-sense

Depends on risk tolerance and whether you use SELinux or AppArmor.

system · 24 May 2024 03:45

This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.