Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

acme.sh image requires root access when using Docker #6124

Open
sebschlicht opened this issue Dec 1, 2024 · 1 comment
Open

acme.sh image requires root access when using Docker #6124

sebschlicht opened this issue Dec 1, 2024 · 1 comment

Comments

@sebschlicht
Copy link

While the acme.sh README explicitly states that no root/sudo access is required, the Docker image apparently can only be run as root in Docker.

The image does not respect PUID/PGID environment variables.
More importantly, the acme.sh binaries become inaccessible when using other means to go rootless (e.g. Docker's user directive).

This comes with some additional security threats (e.g. container escapes would grant root access to the host) and all acquired certificates are owned by root.

Steps to reproduce

  1. docker run -u "1000:1000" --rm neilpang/acme.sh

Debug log

Not applicable, acme.sh can not be called. CLI output:

/usr/local/bin/--help: line 2: /root/.acme.sh/acme.sh: Permission denied
@dzamsari
Copy link

dzamsari commented Jan 2, 2025

I am also facing the same issue. The container immediately exited if I use --user flag and when I run docker logs acme.sh, this is the output: crond: can't open or create /var/run/crond.pid: Permission denied

@acmesh-official acmesh-official deleted a comment from github-actions bot Jan 11, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

2 participants