You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
While the acme.sh README explicitly states that no root/sudo access is required, the Docker image apparently can only be run as root in Docker.
The image does not respect PUID/PGID environment variables.
More importantly, the acme.sh binaries become inaccessible when using other means to go rootless (e.g. Docker's user directive).
This comes with some additional security threats (e.g. container escapes would grant root access to the host) and all acquired certificates are owned by root.
Steps to reproduce
docker run -u "1000:1000" --rm neilpang/acme.sh
Debug log
Not applicable, acme.sh can not be called. CLI output:
/usr/local/bin/--help: line 2: /root/.acme.sh/acme.sh: Permission denied
The text was updated successfully, but these errors were encountered:
I am also facing the same issue. The container immediately exited if I use --user flag and when I run docker logs acme.sh, this is the output: crond: can't open or create /var/run/crond.pid: Permission denied
While the acme.sh README explicitly states that no root/sudo access is required, the Docker image apparently can only be run as root in Docker.
The image does not respect PUID/PGID environment variables.
More importantly, the
acme.sh
binaries become inaccessible when using other means to go rootless (e.g. Docker'suser
directive).This comes with some additional security threats (e.g. container escapes would grant root access to the host) and all acquired certificates are owned by root.
Steps to reproduce
docker run -u "1000:1000" --rm neilpang/acme.sh
Debug log
Not applicable, acme.sh can not be called. CLI output:
The text was updated successfully, but these errors were encountered: