localstorage plugin, permission issue

ekevu123

I am setting up a new app in python using the localstorage plugin. I can access the /app/data folder, but it has these permissions:

drwxr-xr-x 2 root root 4096 Apr 30 05:37 /app/data

I believe, this explains why I am having a permission issue when my app tries to write into it? I could probably ssh into the server and change it there, but do I have to or can I set up my app in a certain way to get it right from the beginning, for example, when I re-install the app?

The CloudronManifest references the addon:

  "addons": {
    "localstorage": {},

BrutalBirdie

@ekevu123 said in localstorage plugin, permission issue:

I believe, this explains why I am having a permission issue when my app tries to write into it?

Since you are running a custom python application, how do you start the python application inside the app?
If there is a permission issue, I assume the user who starts the python process is not root, thus the permission issue.

If you could share your custom applications code, that be very useful.
But, if the app is already running on a Cloudron server, use the Web Terminal and ps uax and check what user is running the python process.

ekevu123

Yes, that could be it.

ps uax
USER         PID %CPU %MEM    VSZ   RSS TTY      STAT START   TIME COMMAND
cloudron       1  0.3  0.5 778012 176572 pts/0   Ssl+ 11:33   0:08 /usr/bin/python3.12 /usr/local/bin/uvicorn main:app --host 0.0.0.0 --port 4000 --limit-co
cloudron      26  0.3  0.0   5044  3968 pts/1    Ss   12:17   0:00 /bin/bash
cloudron      38  0.0  0.0   7480  3072 pts/1    R+   12:17   0:00 ps uax

The startup script runs exec uvicorn main:app with arguments.

The Dockerfile defines

USER cloudron

which was a guess after different options didn't work before.

How is it supposed to look? I am assuming my app shouldn't run in root, so how do I align these?

BrutalBirdie

You could simply add a chown in your Dockerfile:

RUN chown -R cloudron:cloudron /app/data/

This way /app/data/ is owned by user and group cloudron and should have RWX access.

nebulon

So the chown in the docker image will not help here, since /app/data is mounted as a read+write volume and will thus not be part of the image itself. Hence things done in the Dockerfile will not affect the permissions of files in /app/data

To change permissions or ownership, the chown has to be done in the app startup script. Usually start.sh.

BrutalBirdie

Ah yes, I mix that up again and again

ekevu123

If I put it in the startup script, it says in the cloudron logs

Operation not permitted

joseph

@ekevu123 the way the packages do it is to ensure the start.sh runs as root. You can do this by USER root in the Dockerfile and then in start.sh , you can run your app with gosu cloudron:cloudron command-to-run-app .

ekevu123

Thank you, that has resolved the issue!