breaking change: run as unpreviliged user

6 years ago · 2a36435b3d
parent 855f95534b
commit 2a36435b3d
2 changed files with 37 additions and 17 deletions
--- a/17
+++ b/17
@ -1,13 +1,10 @@
 # Usage: docker run --restart=always -v /var/data/blockchain-xmr:/root/.bitmonero -p 18080:18080 -p 18081:18081 --name=monerod -td kannix/monero-full-node
-FROM ubuntu:16.04
+FROM ubuntu:18.04 AS build

 ENV MONERO_VERSION=0.13.0.2 MONERO_SHA256=a59fc0fffb325b4f92a5b500438bf340ddbf78e91581eb4df95ad2d5e5fb42a8

-RUN apt-get update && apt-get install -y curl bzip2 libpcsclite-dev
+RUN apt-get update && apt-get install -y curl bzip2

-# RUN useradd -ms /bin/bash monero
-# USER monero
-# WORKDIR /home/monero
 WORKDIR /root

 RUN curl https://downloads.getmonero.org/cli/monero-linux-x64-v$MONERO_VERSION.tar.bz2 -O &&\
@ -16,9 +13,17 @@ RUN curl https://downloads.getmonero.org/cli/monero-linux-x64-v$MONERO_VERSION.t
  rm monero-linux-x64-v$MONERO_VERSION.tar.bz2 &&\
  cp ./monero-v$MONERO_VERSION/monerod . &&\
  rm -r monero-*
+  
+FROM ubuntu:18.04
+
+RUN useradd -ms /bin/bash monero
+USER monero
+WORKDIR /home/monero
+
+COPY --chown=monero:monero --from=build /root/monerod /home/monero/monerod

 # blockchain loaction
-VOLUME /root/.bitmonero
+VOLUME /home/monero/.bitmonero

 EXPOSE 18080 18081

--- a/README.md
+++ b/README.md
@ -2,17 +2,32 @@

 docker image to run a monero full network node

-## How To Use
-
-``` 
-docker run -td \
--restart=always \
-v /var/data/blockchain-xmr:/root/.bitmonero \
-p 18080:18080 \
-p 18081:18081 \
--name=monerod \
-kannix/monero-full-node
-```
+# October 2018: Breaking Change
+**warning**  
+for improved security the new images will run the monero daemon under it's own user and not as root anymore!
+If you simply upgrade without following the next steps you will run into this error:  
+`WARN 	blockchain.db.lmdb	src/blockchain_db/lmdb/db_lmdb.cpp:75	Failed to open lmdb environment: Permission denied`
+
+this can be fixed with the following steps  
+
+* stop and remove the current container: `docker stop monerod && docker rm monerod`
+* change the owner of the volume to monero user `docker run -v xmrchain:/home/monero/.bitmonero -t --rm --name=monerod -u root --entrypoint=/bin/chown kannix/monero-full-node -R monero:monero .bitmonero`
+* start the container `docker run -tid --restart=always -v xmrchain:/home/monero/.bitmonero -p 18080:18080 -p 18081:18081 --name=monerod kannix/monero-full-node`
+
+**Hint:** keep in mind that you have to adapt your volume bindings to your own configuration e.g. if you followed the older version of this readme you have to use: `-v /var/data/blockchain-xmr:/home/monero/.bitmonero` instead of `-v xmrchain:/home/monero/.bitmonero`
+
+# Usage
+
+**first start:**  
+you need to change the permission of the mounted volume to allow the monero user inside the container to write the blockain in the volume. To do this, you have to mount the volume where you want to store the blockchain to the container and chown that path to the monero user. e.g.
+
+`docker run -v xmrchain:/home/monero/.bitmonero -t --rm --name=monerod -u root --entrypoint=/bin/chown kannix/monero-full-node -R monero:monero .bitmonero`
+
+you have to do this only once before first start.
+
+After this, you can start the container with e.g.
+
+`docker run -tid --restart=always -v xmrchain:/home/monero/.bitmonero -p 18080:18080 -p 18081:18081 --name=monerod kannix/monero-full-node`

 ## Updates
 Manual Way