Replies: 3 comments
-
After full day of reconfiguring it seems to work, though since I have left worker as root (I assume because of this) it had to update permissions of these folders back to 1000 as at one point icons stopped loading throwing 403 in browser, had to reapply my permission fix. Ideally I would see it available as env to set the user's GID the worker would automatically set these users for. |
Beta Was this translation helpful? Give feedback.
-
Update: apparently update 2023.3.1 breaks my fix but now I could remove user mapping from main container and it would not crash as explained in first issue, so overall it seems now to be working as expected so far. |
Beta Was this translation helpful? Give feedback.
-
I am having this same issue currently on the latest release 2023.8.3 I believe. I am running Authentik in docker inside of UNRAID. |
Beta Was this translation helpful? Give feedback.
-
Describe your question/
I need help with configuring Authentik, there appears to be permission problem that I can not get solved either way. I have found the issue once I have tried to upload picture for my appilation, it threw Bad Request 400. I have made sure I have performed the listed fix with permissions but that is of no help because of the configuration, I think.
I have to run Authentik Server with user: 1027, which is my Docker User for enviroment. Thanks to it Authentik can read GeoIP and start up, and everything works well. If I run without it, I get Internal Server error on Authentik. But, If I run it on 1027, it appears that folders I mount, so /media /templates and /certs, inside the container, are of authentik user which is 1000:1000 still. So even If I use commands from https://goauthentik.io/docs/troubleshooting/image_upload so set permissions to 1000 on these folders, I can not still upload the picture.
So I am left either with working authentik that I can not use local folders, or with not working authentik at all. I guess, if the container could set the mounted directories inside containers to user's ID I map with 'user', it would solve this issue?
But If run worker container as root and then manually via this container change these folders, to chown 1027, it does work at first glance, icon gets uploaded and app still works. Would be cool if it was automatic - for example with userid enviromental? Also in the next days will see if that breaks anything else. (also not using the official linked fix with this)
It does not matter if I run worker container as root so it can also 'fix' the permissions.
Screenshots
https://i.imgur.com/IYeXOYC.png - directories inside container are owned by authentik, my user is 1027
https://i.imgur.com/HjGwfff.png
https://i.imgur.com/78WZPgC.png
And errors if I run authentik server without mapping it to 1027, my docker user - it gets internal server error
Logs
{"auth_via": "session", "event": "Failed to save file", "exc": "PermissionError(13, 'Permission denied')", "host": "authentik.domain.com", "level": "warning", "logger": "authentik.lib.utils.file", "pid": 22, "request_id": "6366b46d762b41e18611540d6472cad5", "timestamp": "2023-03-11T17:55:37.386526"} <- when uploading picture
Version and Deployment (please complete the following information):
Additional context
I guess everything works well unless I try to do something that access the mounted folders. I managed to configure policies, apps, everything else so far with no issue while running as user 1027.
Running Authentik on synology box.
Beta Was this translation helpful? Give feedback.
All reactions