From bef7f87706fd63939ec97c87eb18bc64fb66aaa2 Mon Sep 17 00:00:00 2001 From: jokob-sk Date: Mon, 27 May 2024 19:25:24 +1000 Subject: [PATCH] =?UTF-8?q?=F0=9F=93=9A=20file=20permissions=20guide=20#65?= =?UTF-8?q?2?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- docs/FILE_PERMISSIONS.md | 33 +++++++++++++++++++++++++++++++++ docs/README.md | 1 + 2 files changed, 34 insertions(+) create mode 100644 docs/FILE_PERMISSIONS.md diff --git a/docs/FILE_PERMISSIONS.md b/docs/FILE_PERMISSIONS.md new file mode 100644 index 00000000..51de6fb7 --- /dev/null +++ b/docs/FILE_PERMISSIONS.md @@ -0,0 +1,33 @@ +# Managing File Permissions for NetAlertX on Nginx with Docker + +NetAlertX runs on an Nginx web server. On Alpine Linux, Nginx operates as the `nginx` user (user ID 101, group ID 82 - `www-data`). Consequently, files accessed or written by the NetAlertX application are owned by `nginx:www-data`. + +Upon starting, NetAlertX changes the ownership of files on the host system mapped to `/app/config` and `/app/db` in the container to `nginx:www-data`. This ensures that Nginx can access and write to these files. Since the user in the Docker container is mapped to a user on the host system by ID:GID, the files in `/app/config` and `/app/db` on the host system are owned by a user with the same ID and GID (ID 101 and GID 82). On different systems, this ID:GID may belong to different users (on Debian, the user with ID 82 is `uuidd`), or there may not be a user with ID 82 at all. + +While this generally isn't problematic, it can cause issues for host system users needing to access these files (e.g., backup scripts). If users other than root need access to these files, it is recommended to add those users to the group with GID 82. If that group doesn't exist, it should be created. + +### Permissions Table for Individual Folders + +| Folder | User | User ID | Group | Group ID | Permissions | Notes | +|----------------|--------|---------|-----------|----------|-------------|---------------------------------------------------------------------| +| `/app/config` | nginx | 101 | www-data | 82 | rwxr-xr-x | Ensure `nginx` can read/write; other users can read if in `www-data` | +| `/app/db` | nginx | 101 | www-data | 82 | rwxr-xr-x | Same as above | + +### Steps to Add Users to Group + +1. **Check if group exists:** + ```sh + getent group www-data + ``` + +2. **Create group if it does not exist:** + ```sh + sudo groupadd -g 82 www-data + ``` + +3. **Add user to group:** + ```sh + sudo usermod -aG www-data + ``` + +Replace `` with the actual username that requires access. diff --git a/docs/README.md b/docs/README.md index 3532dda8..f8b8d6dc 100755 --- a/docs/README.md +++ b/docs/README.md @@ -42,6 +42,7 @@ There is also an in-app Help / FAQ section that should be answering frequently a - [Debugging UI not showing](/docs/WEB_UI_PORT_DEBUG.md) - [Invalid JSON errors debug help](/docs/DEBUG_INVALID_JSON.md) - [Troubleshooting Plugins](/docs/DEBUG_PLUGINS.md) +- [File Permissions](/docs/FILE_PERMISSIONS.md) #### 🔝 Popular/Suggested