su: cannot set groups: Operation not permitted

[quanturium]

Is there a pinned issue for this?

• I have read the pinned issues and could not find my issue

Is there an existing or similar issue/discussion for this?

• I have searched the existing issues
• I have searched the existing discussions

Is there any comment in the documentation for this?

• I have read the documentation, especially the FAQ and Troubleshooting parts

Is this related to a provider?

• I have checked the provider repo for issues
• My issue is NOT related to a provider

Are you using the latest release?

• I am using the latest release

Have you tried using the dev branch latest?

• I have tried using dev branch

Docker run config used

Docker is being run through Nomad, the important part is inside task "transmission-openvpn"

job "transmission-openvpn" {
  region      = "[[ .region ]]"
  datacenters = ["[[ .datacenter ]]"]
  type        = "service"

  group "transmission-openvpn" {
    count = 1

    network {
      port "http" {
        static = 9093
        to     = 9091
      }
    }

    service {
      name = "transmission-openvpn"
      port = "http"
      tags = [
        "traefik.enable=true",
      ]

    task "transmission-openvpn" {
      driver = "docker"

      env {
        TZ                  = "[[.tz]]"
        OPENVPN_PROVIDER    = "[[.openvpn_provider]]"
        OPENVPN_USERNAME    = "[[.openvpn_username]]"
        OPENVPN_PASSWORD    = "[[.openvpn_password]]"
        HEALTH_CHECK_HOST   = "github.com"
        NORDVPN_COUNTRY     = "[[.nordvpn_country]]"
        NORDVPN_CATEGORY    = "[[.nordvpn_category]]"
        // TRANSMISSION_WEB_UI = "flood-for-transmission"
        LOG_TO_STDOUT       = "true"
        DEBUG = "true"
        DROP_DEFAULT_ROUTE  = "true"
        LOCAL_NETWORK       = "172.17.0.0/16"
      }

      config {
        image = "haugene/transmission-openvpn:5.3.1"
        ports = ["http"]
        volumes = [
          "/etc/localtime:/etc/localtime:ro",
        ]
        cap_add = ["net_admin", "net_raw", "MKNOD"]
      }
    }
  }
}

Current Behavior

transmission doesn't start due to an issue running this specific line:

docker-transmission-openvpn/transmission/start.sh

Line 104 in 2cf661c

exec su --preserve-environment ${RUN_AS} -s /bin/bash -c "/usr/local/bin/transmission-daemon ${TRANSMISSION_LOGGING} -g ${TRANSMISSION_HOME} --logfile $LOGFILE" &

Expected Behavior

transmission should start but it doesn't due to the following error:

su: cannot set groups: Operation not permitted

ssh'ing into the container and running ss -l shows no port bound to 9091.

How have you tried to solve the problem?

I've ssh'ed into the container and ran the command without the su part, i.e.
/usr/local/bin/transmission-daemon ${TRANSMISSION_LOGGING} -g ${TRANSMISSION_HOME} --logfile /dev/stdout
and this is working as expected.

# ss -l
Netid        State         Recv-Q        Send-Q               Local Address:Port                 Peer Address:Port       Process       
nl           UNCONN        768           0                             rtnl:651                              *                         
nl           UNCONN        0             0                             rtnl:kernel                           *                         
nl           UNCONN        768           0                          tcpdiag:kernel                           *                         
nl           UNCONN        4352          0                          tcpdiag:ss/163                           *                         
nl           UNCONN        0             0                             xfrm:kernel                           *                         
nl           UNCONN        0             0                            audit:kernel                           *                         
nl           UNCONN        0             0                        fiblookup:kernel                           *                         
nl           UNCONN        0             0                              nft:kernel                           *                         
nl           UNCONN        0             0                           uevent:kernel                           *                         
nl           UNCONN        0             0                             genl:kernel                           *                         
udp          UNCONN        0             0                         10.7.0.2:51413                     0.0.0.0:*                        
udp          UNCONN        0             0                                *:51413                           *:*                        
tcp          LISTEN        0             128                        0.0.0.0:9091                      0.0.0.0:*                        
tcp          LISTEN        0             4096                      10.7.0.2:51413                     0.0.0.0:*                        
tcp          LISTEN        0             4096                          [::]:51413                        [::]:*                        
# 
# curl localhost:9091
<h1>301: Moved Permanently</h1>

Log output

++ export PUID
++ export PGID
++ export RUN_AS
+ echo 'Updating Transmission settings.json with values from env variables'
+ mkdir -p /config/transmission-home
+ python3 /etc/transmission/updateSettings.py /etc/transmission/default-settings.json /config/transmission-home/settings.json
+ echo 'sed'\''ing True to true'
+ sed -i s/True/true/g /config/transmission-home/settings.json
+ [[ ! -e /dev/random ]]
+ [[ true = '' ]]
+ [[ true = \t\r\u\e ]]
+ LOGFILE=/dev/stdout
+ echo 'STARTING TRANSMISSION'
+ [[ -f /etc/openvpn/nordvpn/update-port.sh ]]
+ [[ -x /scripts/transmission-post-start.sh ]]
+ exec su --preserve-environment root -s /bin/bash -c '/usr/local/bin/transmission-daemon  -g /config/transmission-home --logfile /dev/stdout'
+ echo 'Transmission startup script complete.'
+ [[ -f /opt/privoxy/start.sh ]]
+ [[ -x /opt/privoxy/start.sh ]]
+ /opt/privoxy/start.sh
+ [[ false = \t\r\u\e ]]
+ exit 0
su: cannot set groups: Operation not permitted

HW/SW Environment

- OS: Debian GNU/Linux 12 (bookworm)
- Docker: Docker version 25.0.2, build 29cf629

Anything else?

No response

[pkishino]

Please check container permissions .. your config is missing..

[m0wer]

I'm not sure what happened exactly but I'm also getting permission related problems after the last update:

Couldn't (re)open log file "/data/transmission-home/transmission.log": Permission denied

[pkishino]

I'm not sure what happened exactly but I'm also getting permission related problems after the last update:

Couldn't (re)open log file "/data/transmission-home/transmission.log": Permission denied

What update?

[quanturium]

I've added my nomad configuration running docker.

Please check container permissions ..

How would you do this?

[quanturium]

Nevermind, running is as privileged worked.

config {
        image = "haugene/transmission-openvpn:5.3.1"
        ports = ["http"]
        cap_add = ["net_admin", "net_raw", "MKNOD"]
        privileged = true
      }