Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

acme.sh image requires root access when using Docker #6124

Open
sebschlicht opened this issue Dec 1, 2024 · 1 comment
Open

acme.sh image requires root access when using Docker #6124

sebschlicht opened this issue Dec 1, 2024 · 1 comment

Comments

@sebschlicht
Copy link

While the acme.sh README explicitly states that no root/sudo access is required, the Docker image apparently can only be run as root in Docker.

The image does not respect PUID/PGID environment variables.
More importantly, the acme.sh binaries become inaccessible when using other means to go rootless (e.g. Docker's user directive).

This comes with some additional security threats (e.g. container escapes would grant root access to the host) and all acquired certificates are owned by root.

Steps to reproduce

  1. docker run -u "1000:1000" --rm neilpang/acme.sh

Debug log

Not applicable, acme.sh can not be called. CLI output:

/usr/local/bin/--help: line 2: /root/.acme.sh/acme.sh: Permission denied
@github-actions GitHub Actions
Copy link

github-actions bot commented Dec 1, 2024

Please upgrade to the latest code and try again first. Maybe it's already fixed. acme.sh --upgrade If it's still not working, please provide the log with --debug 2, otherwise, nobody can help you.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@sebschlicht