Yet another permission 100999/foundry troubleshoot

[CodaBool]

Bug description

Sorry to open another one of these but I have gone over the previous issues that bring this up but the solutions talked about don't seem to work for me. Basically I want the not require sudo permissions to edit directly in the data folder. I understand that the way things are working is a secure by default config, which is great. I know the risk I'm opening myself to on this one.

The container at some point does a chown to foundry / 100999 on all folders. Which is a little weird because it will actually start out creating files under the correct user:group but then after the "generating options.json" (which I think is the root of the issue) it switches over to 100999:100999. Here are some screenshots of that happening. My red lines here point from roughly when the permissions change happens (I forgot to have verbose on, I there is output about creating the options.json file that seems to be when this chown happens.)

I've tried different values for these variables but don't seem to get anywhere with them

• CONTAINER_PRESERVE_OWNER I've tried setting this to both /data and /data/Data
• CONTAINER_PRESERVE_CONFIG I've tried setting this to true
• FOUNDRY_GID & FOUNDRY_UID I've set these to 1000:1000 which does seem to be working until the "generating options.json" moment

Is there something else I'm missing or should try?

Steps to reproduce

1. create a docker-compose.yml like this

services:
  foundry:
    image: felddy/foundryvtt
    container_name: foundry
    volumes:
      - ./data:/data
    environment:
      - FOUNDRY_GID=1000
      - FOUNDRY_UID=1000
      - FOUNDRY_PASSWORD=PASS
      - FOUNDRY_USERNAME=USER
      - CONTAINER_VERBOSE=true
      - FOUNDRY_VERSION=12.327
    ports:
      - 80:30000
# try using the CONTAINER_PRESERVE_OWNER or CONTAINER_PRESERVE_CONFIG as well

2. docker compose up -d && docker logs foundry -f
3. watch as the data folder permission changes from 1000 to 100999

Expected behavior

The folder does not chown

Container metadata

com.foundryvtt.version = "12.324"
org.opencontainers.image.authors = "markf+github@geekpad.com"
org.opencontainers.image.created = "2024-05-23T15:06:10.955Z"
org.opencontainers.image.description = "An easy-to-deploy Dockerized Foundry Virtual Tabletop server."
org.opencontainers.image.licenses = "MIT"
org.opencontainers.image.revision = "6d84cff67cc2c4ea757625ed3360accb333f17eb"
org.opencontainers.image.source = "https://github.com/felddy/foundryvtt-docker"
org.opencontainers.image.title = "foundryvtt-docker"
org.opencontainers.image.url = "https://github.com/felddy/foundryvtt-docker"
org.opencontainers.image.vendor = "Geekpad"
org.opencontainers.image.version = "12.324.0"

Relevant log output

this is with CONTAINER_PRESERVE_OWNER=/data. This exits with an error

Entrypoint | 2024-06-12 18:12:55 | [debug] Timezone set to: UTC
Entrypoint | 2024-06-12 18:12:55 | [info] Starting felddy/foundryvtt container v12.324.0
Entrypoint | 2024-06-12 18:12:55 | [debug] CONTAINER_VERBOSE set.  Debug logging enabled.
Entrypoint | 2024-06-12 18:12:55 | [debug] Running as: uid=0(root) gid=0(root) groups=0(root),1(bin),2(daemon),3(sys),4(adm),6(disk),10(wheel),11(floppy),20(dialout),26(tape),27(video)
Entrypoint | 2024-06-12 18:12:55 | [debug] Environment:
CONTAINER_PRESERVE_CONFIG=true
CONTAINER_PRESERVE_OWNER=/data
CONTAINER_VERBOSE=true
FOUNDRY_CSS_THEME=scifi
FOUNDRY_GID=1000
FOUNDRY_HOME=/home/foundry
FOUNDRY_HOT_RELOAD=true
FOUNDRY_PASSWORD=[REDACTED]
FOUNDRY_UID=1000
FOUNDRY_USERNAME=codabool
FOUNDRY_VERSION=12.327
HOME=/root
HOSTNAME=8d781596633c
NODE_VERSION=18.20.3
PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
PWD=/home/foundry
SHLVL=1
YARN_VERSION=1.22.19
Entrypoint | 2024-06-12 18:12:55 | [warn] FOUNDRY_VERSION has been manually set and does not match the container's version.
Entrypoint | 2024-06-12 18:12:55 | [warn] Expected 12.324 but found 12.327
Entrypoint | 2024-06-12 18:12:55 | [warn] The container may not function properly with this version mismatch.
Entrypoint | 2024-06-12 18:12:55 | [info] No Foundry Virtual Tabletop installation detected.
Entrypoint | 2024-06-12 18:12:55 | [info] Using FOUNDRY_USERNAME and FOUNDRY_PASSWORD to authenticate.
Authenticate | 2024-06-12 18:12:56 | [debug] Saving cookies to: cookiejar.json
Authenticate | 2024-06-12 18:12:56 | [info] Requesting CSRF tokens from https://foundryvtt.com
Authenticate | 2024-06-12 18:12:56 | [debug] Fetching: https://foundryvtt.com
Authenticate | 2024-06-12 18:12:56 | [info] Logging in as: codabool
Authenticate | 2024-06-12 18:12:56 | [debug] Fetching: https://foundryvtt.com/auth/login/
Authenticate | 2024-06-12 18:12:57 | [debug] Community URL: /community/codabool
Authenticate | 2024-06-12 18:12:57 | [info] Successfully logged in as: codabool
Entrypoint | 2024-06-12 18:12:57 | [info] Using authenticated credentials to download release.
ReleaseURL | 2024-06-12 18:12:57 | [debug] Loading cookies from: cookiejar.json
ReleaseURL | 2024-06-12 18:12:57 | [info] Fetching S3 pre-signed release URL for build 327...
ReleaseURL | 2024-06-12 18:12:57 | [debug] Attempt 1 of 1
ReleaseURL | 2024-06-12 18:12:57 | [debug] Fetching: https://foundryvtt.com/releases/download?build=327&platform=linux
ReleaseURL | 2024-06-12 18:12:58 | [debug] S3 presigned URL: https://r2.foundryvtt.com/releases/12.327/FoundryVTT-12.327.zip
Entrypoint | 2024-06-12 18:12:58 | [info] Using CONTAINER_CACHE: /data/container_cache
Entrypoint | 2024-06-12 18:12:58 | [info] Downloading Foundry Virtual Tabletop release.
Warning: Failed to get filetime: No such file or directory
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed

  0     0    0     0    0     0      0      0 --:--:-- --:--:-- --:--:--     0* Host r2.foundryvtt.com:443 was resolved.
* IPv6: ::ffff:172.67.6.98, ::ffff:104.22.61.89, ::ffff:104.22.60.89, 2606:4700:10::6816:3d59, 2606:4700:10::6816:3c59, 2606:4700:10::ac43:662
* IPv4: 172.67.6.98, 104.22.60.89, 104.22.61.89
*   Trying [::ffff:172.67.6.98]:443...
* Connected to r2.foundryvtt.com (::ffff:172.67.6.98) port 443
* ALPN: curl offers h2,http/1.1
} [5 bytes data]
* TLSv1.3 (OUT), TLS handshake, Client hello (1):
} [512 bytes data]
*  CAfile: /etc/ssl/certs/ca-certificates.crt
*  CApath: /etc/ssl/certs
{ [5 bytes data]
* TLSv1.3 (IN), TLS handshake, Server hello (2):
{ [122 bytes data]
* TLSv1.3 (IN), TLS handshake, Encrypted Extensions (8):
{ [19 bytes data]
* TLSv1.3 (IN), TLS handshake, Certificate (11):
{ [4149 bytes data]
* TLSv1.3 (IN), TLS handshake, CERT verify (15):
{ [78 bytes data]
* TLSv1.3 (IN), TLS handshake, Finished (20):
{ [52 bytes data]
* TLSv1.3 (OUT), TLS change cipher, Change cipher spec (1):
} [1 bytes data]
* TLSv1.3 (OUT), TLS handshake, Finished (20):
} [52 bytes data]
* SSL connection using TLSv1.3 / TLS_AES_256_GCM_SHA384 / X25519 / id-ecPublicKey
* ALPN: server accepted h2
* Server certificate:
*  subject: CN=r2.foundryvtt.com
*  start date: May  9 20:29:39 2024 GMT
*  expire date: Aug  7 20:29:38 2024 GMT
*  subjectAltName: host "r2.foundryvtt.com" matched cert's "r2.foundryvtt.com"
*  issuer: C=US; O=Let's Encrypt; CN=E1
*  SSL certificate verify ok.
*   Certificate level 0: Public key type EC/prime256v1 (256/128 Bits/secBits), signed using ecdsa-with-SHA384
*   Certificate level 1: Public key type EC/secp384r1 (384/192 Bits/secBits), signed using ecdsa-with-SHA384
*   Certificate level 2: Public key type EC/secp384r1 (384/192 Bits/secBits), signed using ecdsa-with-SHA384
} [5 bytes data]
* using HTTP/2
* [HTTP/2] [1] OPENED stream for https://r2.foundryvtt.com/releases/12.327/FoundryVTT-12.327.zip?verify=1718215978-0pFIYGS1j6Ets%2B9PqsXF%2FyzxP5UCPaHYthg61oFdX0o%3D
* [HTTP/2] [1] [:method: GET]
* [HTTP/2] [1] [:scheme: https]
* [HTTP/2] [1] [:authority: r2.foundryvtt.com]
* [HTTP/2] [1] [:path: /releases/12.327/FoundryVTT-12.327.zip?verify=1718215978-0pFIYGS1j6Ets%2B9PqsXF%2FyzxP5UCPaHYthg61oFdX0o%3D]
* [HTTP/2] [1] [user-agent: curl/8.5.0 (felddy/foundryvtt:12.324.0)]
* [HTTP/2] [1] [accept: */*]
} [5 bytes data]
> GET /releases/12.327/FoundryVTT-12.327.zip?verify=1718215978-0pFIYGS1j6Ets%2B9PqsXF%2FyzxP5UCPaHYthg61oFdX0o%3D HTTP/2

> Host: r2.foundryvtt.com

> User-Agent: curl/8.5.0 (felddy/foundryvtt:12.324.0)

> Accept: */*

> 

{ [5 bytes data]
* TLSv1.3 (IN), TLS handshake, Newsession Ticket (4):
{ [230 bytes data]
* TLSv1.3 (IN), TLS handshake, Newsession Ticket (4):
{ [230 bytes data]
* old SSL session ID is stale, removing
{ [5 bytes data]
< HTTP/2 200 

< date: Wed, 12 Jun 2024 18:12:58 GMT

< content-type: application/x-zip-compressed

< content-length: 231756815

< etag: "d09bf5242e0fb43680779f3846aa62ab-28"

< last-modified: Fri, 07 Jun 2024 20:27:37 GMT

< vary: Accept-Encoding

< cache-control: max-age=14400

< cf-cache-status: MISS

< accept-ranges: bytes

< server: cloudflare

< cf-ray: 892bcfea0b1e0a32-MIA

< 

{ [1360 bytes data]

 11  221M   11 25.0M    0     0  23.2M      0  0:00:09  0:00:01  0:00:08 23.2M
 34  221M   34 75.2M    0     0  35.1M      0  0:00:06  0:00:02  0:00:04 35.1M
 59  221M   59  130M    0     0  43.1M      0  0:00:05  0:00:03  0:00:02 43.1M
 71  221M   71  157M    0     0  39.5M      0  0:00:05  0:00:03  0:00:02 39.5M
 97  221M   97  215M    0     0  43.3M      0  0:00:05  0:00:04  0:00:01 43.3M
100  221M  100  221M    0     0  44.0M      0  0:00:05  0:00:05 --:--:-- 49.7M
* Connection #0 to host r2.foundryvtt.com left intact
Entrypoint | 2024-06-12 18:13:03 | [info] Installing Foundry Virtual Tabletop 12.327
Entrypoint | 2024-06-12 18:13:03 | [debug] Checking mime-type of release file.
Entrypoint | 2024-06-12 18:13:03 | [debug] Found mime-type: application/zip
Entrypoint | 2024-06-12 18:13:03 | [debug] Extracting release file.
Entrypoint | 2024-06-12 18:13:05 | [debug] Installation completed.
Entrypoint | 2024-06-12 18:13:05 | [info] Preserving release archive file in cache.
Entrypoint | 2024-06-12 18:13:05 | [debug] CONTAINER_CACHE_SIZE is not set. Skipping cache cleanup.
Entrypoint | 2024-06-12 18:13:05 | [debug] Patching GUI update and configuration messages.
Entrypoint | 2024-06-12 18:13:05 | [info] Installation not yet licensed.
Entrypoint | 2024-06-12 18:13:05 | [debug] Ensuring /data/Config directory exists.
Entrypoint | 2024-06-12 18:13:05 | [info] Attempting to fetch license key from authenticated account.
License | 2024-06-12 18:13:05 | [debug] Reading cookies from: cookiejar.json
License | 2024-06-12 18:13:05 | [info] Fetching licenses.
License | 2024-06-12 18:13:05 | [debug] Fetching: https://foundryvtt.com/community/codabool/licenses
License | 2024-06-12 18:13:06 | [info] Found 1 license key associated with account codabool
License | 2024-06-12 18:13:06 | [debug] Returning single license.
Entrypoint | 2024-06-12 18:13:06 | [info] Setting data directory permissions.
Entrypoint | 2024-06-12 18:13:06 | [debug] Setting ownership of /data to 1000:1000.
Entrypoint | 2024-06-12 18:13:06 | [debug] Completed setting directory permissions.
Entrypoint | 2024-06-12 18:13:06 | [info] Starting launcher with uid:gid as 1000:1000.
Entrypoint | 2024-06-12 18:13:06 | [debug] Waiting for child pid: 100 to exit.
Launcher | 2024-06-12 18:13:06 | [debug] Ensuring /data/Config directory exists.
Launcher | 2024-06-12 18:13:06 | [info] Generating options.json file.
./launcher.sh: line 34: can't create /data/Config/options.json: Permission denied

this is with no CONTAINER_PRESERVE_OWNER value set, which does come up successfully but has the chown issue

Entrypoint | 2024-06-12 18:16:20 | [debug] Timezone set to: UTC
Entrypoint | 2024-06-12 18:16:20 | [info] Starting felddy/foundryvtt container v12.324.0
Entrypoint | 2024-06-12 18:16:20 | [debug] CONTAINER_VERBOSE set.  Debug logging enabled.
Entrypoint | 2024-06-12 18:16:20 | [debug] Running as: uid=0(root) gid=0(root) groups=0(root),1(bin),2(daemon),3(sys),4(adm),6(disk),10(wheel),11(floppy),20(dialout),26(tape),27(video)
Entrypoint | 2024-06-12 18:16:20 | [debug] Environment:
CONTAINER_PRESERVE_CONFIG=true
CONTAINER_VERBOSE=true
FOUNDRY_CSS_THEME=scifi
FOUNDRY_GID=1000
FOUNDRY_HOME=/home/foundry
FOUNDRY_HOT_RELOAD=true
FOUNDRY_PASSWORD=[REDACTED]
FOUNDRY_UID=1000
FOUNDRY_USERNAME=codabool
FOUNDRY_VERSION=12.327
HOME=/root
HOSTNAME=ccfc25c75409
NODE_VERSION=18.20.3
PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
PWD=/home/foundry
SHLVL=1
YARN_VERSION=1.22.19
Entrypoint | 2024-06-12 18:16:20 | [warn] FOUNDRY_VERSION has been manually set and does not match the container's version.
Entrypoint | 2024-06-12 18:16:20 | [warn] Expected 12.324 but found 12.327
Entrypoint | 2024-06-12 18:16:20 | [warn] The container may not function properly with this version mismatch.
Entrypoint | 2024-06-12 18:16:20 | [info] No Foundry Virtual Tabletop installation detected.
Entrypoint | 2024-06-12 18:16:20 | [info] Using FOUNDRY_USERNAME and FOUNDRY_PASSWORD to authenticate.
Authenticate | 2024-06-12 18:16:20 | [debug] Saving cookies to: cookiejar.json
Authenticate | 2024-06-12 18:16:20 | [info] Requesting CSRF tokens from https://foundryvtt.com
Authenticate | 2024-06-12 18:16:20 | [debug] Fetching: https://foundryvtt.com
Authenticate | 2024-06-12 18:16:21 | [info] Logging in as: codabool
Authenticate | 2024-06-12 18:16:21 | [debug] Fetching: https://foundryvtt.com/auth/login/
Authenticate | 2024-06-12 18:16:22 | [debug] Community URL: /community/codabool
Authenticate | 2024-06-12 18:16:22 | [info] Successfully logged in as: codabool
Entrypoint | 2024-06-12 18:16:22 | [info] Using authenticated credentials to download release.
ReleaseURL | 2024-06-12 18:16:22 | [debug] Loading cookies from: cookiejar.json
ReleaseURL | 2024-06-12 18:16:22 | [info] Fetching S3 pre-signed release URL for build 327...
ReleaseURL | 2024-06-12 18:16:22 | [debug] Attempt 1 of 1
ReleaseURL | 2024-06-12 18:16:22 | [debug] Fetching: https://foundryvtt.com/releases/download?build=327&platform=linux
ReleaseURL | 2024-06-12 18:16:23 | [debug] S3 presigned URL: https://r2.foundryvtt.com/releases/12.327/FoundryVTT-12.327.zip
Entrypoint | 2024-06-12 18:16:23 | [info] Using CONTAINER_CACHE: /data/container_cache
Entrypoint | 2024-06-12 18:16:23 | [info] Downloading Foundry Virtual Tabletop release.
Warning: Failed to get filetime: No such file or directory
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed

  0     0    0     0    0     0      0      0 --:--:-- --:--:-- --:--:--     0* Host r2.foundryvtt.com:443 was resolved.
* IPv6: ::ffff:172.67.6.98, ::ffff:104.22.61.89, ::ffff:104.22.60.89, 2606:4700:10::6816:3c59, 2606:4700:10::6816:3d59, 2606:4700:10::ac43:662
* IPv4: 172.67.6.98, 104.22.60.89, 104.22.61.89
*   Trying [::ffff:172.67.6.98]:443...
* Connected to r2.foundryvtt.com (::ffff:172.67.6.98) port 443
* ALPN: curl offers h2,http/1.1
} [5 bytes data]
* TLSv1.3 (OUT), TLS handshake, Client hello (1):
} [512 bytes data]
*  CAfile: /etc/ssl/certs/ca-certificates.crt
*  CApath: /etc/ssl/certs

  0     0    0     0    0     0      0      0 --:--:-- --:--:-- --:--:--     0{ [5 bytes data]
* TLSv1.3 (IN), TLS handshake, Server hello (2):
{ [122 bytes data]
* TLSv1.3 (IN), TLS handshake, Encrypted Extensions (8):
{ [19 bytes data]
* TLSv1.3 (IN), TLS handshake, Certificate (11):
{ [4149 bytes data]
* TLSv1.3 (IN), TLS handshake, CERT verify (15):
{ [78 bytes data]
* TLSv1.3 (IN), TLS handshake, Finished (20):
{ [52 bytes data]
* TLSv1.3 (OUT), TLS change cipher, Change cipher spec (1):
} [1 bytes data]
* TLSv1.3 (OUT), TLS handshake, Finished (20):
} [52 bytes data]
* SSL connection using TLSv1.3 / TLS_AES_256_GCM_SHA384 / X25519 / id-ecPublicKey
* ALPN: server accepted h2
* Server certificate:
*  subject: CN=r2.foundryvtt.com
*  start date: May  9 20:29:39 2024 GMT
*  expire date: Aug  7 20:29:38 2024 GMT
*  subjectAltName: host "r2.foundryvtt.com" matched cert's "r2.foundryvtt.com"
*  issuer: C=US; O=Let's Encrypt; CN=E1
*  SSL certificate verify ok.
*   Certificate level 0: Public key type EC/prime256v1 (256/128 Bits/secBits), signed using ecdsa-with-SHA384
*   Certificate level 1: Public key type EC/secp384r1 (384/192 Bits/secBits), signed using ecdsa-with-SHA384
*   Certificate level 2: Public key type EC/secp384r1 (384/192 Bits/secBits), signed using ecdsa-with-SHA384
} [5 bytes data]
* using HTTP/2
* [HTTP/2] [1] OPENED stream for https://r2.foundryvtt.com/releases/12.327/FoundryVTT-12.327.zip
* [HTTP/2] [1] [:method: GET]
* [HTTP/2] [1] [:scheme: https]
* [HTTP/2] [1] [:authority: r2.foundryvtt.com]
* [HTTP/2] [1] [:path: /releases/12.327/FoundryVTT-12.327.zip?verify=1718216183-s%2BZlZz8MSul4rD0GwRgVw6dov%2FSUVuUBcAFSLJNPBu0%3D]
* [HTTP/2] [1] [user-agent: curl/8.5.0 (felddy/foundryvtt:12.324.0)]
* [HTTP/2] [1] [accept: */*]
} [5 bytes data]
> GET /releases/12.327/FoundryVTT-12.327.zip

> Host: r2.foundryvtt.com

> User-Agent: curl/8.5.0 (felddy/foundryvtt:12.324.0)

> Accept: */*

> 

{ [5 bytes data]
* TLSv1.3 (IN), TLS handshake, Newsession Ticket (4):
{ [230 bytes data]
* TLSv1.3 (IN), TLS handshake, Newsession Ticket (4):
{ [230 bytes data]
* old SSL session ID is stale, removing
{ [5 bytes data]
< HTTP/2 200 

< date: Wed, 12 Jun 2024 18:16:23 GMT

< content-type: application/x-zip-compressed

< content-length: 231756815

< etag: "d09bf5242e0fb43680779f3846aa62ab-28"

< last-modified: Fri, 07 Jun 2024 20:27:37 GMT

< vary: Accept-Encoding

< cache-control: max-age=14400

< cf-cache-status: MISS

< accept-ranges: bytes

< server: cloudflare

< cf-ray: 892bd4ea1cc28e03-MIA

< 

{ [1360 bytes data]

 20  221M   20 45.0M    0     0  37.3M      0  0:00:05  0:00:01  0:00:04 37.3M
 52  221M   52  115M    0     0  53.8M      0  0:00:04  0:00:02  0:00:02 53.8M
 74  221M   74  165M    0     0  50.5M      0  0:00:04  0:00:03  0:00:01 50.5M
100  221M  100  221M    0     0  58.0M      0  0:00:03  0:00:03 --:--:-- 58.0M
* Connection #0 to host r2.foundryvtt.com left intact
Entrypoint | 2024-06-12 18:16:27 | [info] Installing Foundry Virtual Tabletop 12.327
Entrypoint | 2024-06-12 18:16:27 | [debug] Checking mime-type of release file.
Entrypoint | 2024-06-12 18:16:27 | [debug] Found mime-type: application/zip
Entrypoint | 2024-06-12 18:16:27 | [debug] Extracting release file.
Entrypoint | 2024-06-12 18:16:28 | [debug] Installation completed.
Entrypoint | 2024-06-12 18:16:28 | [info] Preserving release archive file in cache.
Entrypoint | 2024-06-12 18:16:28 | [debug] CONTAINER_CACHE_SIZE is not set. Skipping cache cleanup.
Entrypoint | 2024-06-12 18:16:28 | [debug] Patching GUI update and configuration messages.
Entrypoint | 2024-06-12 18:16:28 | [info] Installation not yet licensed.
Entrypoint | 2024-06-12 18:16:28 | [debug] Ensuring /data/Config directory exists.
Entrypoint | 2024-06-12 18:16:28 | [info] Attempting to fetch license key from authenticated account.
License | 2024-06-12 18:16:28 | [debug] Reading cookies from: cookiejar.json
License | 2024-06-12 18:16:29 | [info] Fetching licenses.
License | 2024-06-12 18:16:29 | [debug] Fetching: https://foundryvtt.com/community/codabool/licenses
License | 2024-06-12 18:16:29 | [info] Found 1 license key associated with account codabool
License | 2024-06-12 18:16:29 | [debug] Returning single license.
Entrypoint | 2024-06-12 18:16:29 | [info] Setting data directory permissions.
Entrypoint | 2024-06-12 18:16:29 | [debug] Setting ownership of /data to 1000:1000.
Entrypoint | 2024-06-12 18:16:29 | [debug] Completed setting directory permissions.
Entrypoint | 2024-06-12 18:16:29 | [info] Starting launcher with uid:gid as 1000:1000.
Entrypoint | 2024-06-12 18:16:29 | [debug] Waiting for child pid: 101 to exit.
Launcher | 2024-06-12 18:16:29 | [debug] Ensuring /data/Config directory exists.
Launcher | 2024-06-12 18:16:29 | [info] Generating options.json file.
Launcher | 2024-06-12 18:16:29 | [warn] No 'Admin Access Key' has been configured.
Launcher | 2024-06-12 18:16:29 | [info] Starting Foundry Virtual Tabletop.
FoundryVTT | 2024-06-12 18:16:30 | [info] Running on Node.js - Version 18.20.3
FoundryVTT | 2024-06-12 18:16:30 | [info] Foundry Virtual Tabletop - Version 12 Build 327
FoundryVTT | 2024-06-12 18:16:30 | [info] User Data Directory - "/data"
FoundryVTT | 2024-06-12 18:16:30 | [info] Application Options:
{
  "awsConfig": null,
  "compressSocket": false,
  "compressStatic": false,
  "cssTheme": "scifi",
  "fullscreen": false,
  "hostname": null,
  "hotReload": true,
  "language": "en.core",
  "localHostname": null,
  "passwordSalt": null,
  "port": 30000,
  "protocol": null,
  "proxyPort": null,
  "proxySSL": false,
  "routePrefix": null,
  "sslCert": null,
  "sslKey": null,
  "updateChannel": "stable",
  "upnp": false,
  "upnpLeaseDuration": null,
  "world": null,
  "adminPassword": null,
  "deleteNEDB": false,
  "noBackups": false,
  "serviceConfig": null
}
FoundryVTT | 2024-06-12 18:16:30 | [warn] Software license requires signature.
FoundryVTT | 2024-06-12 18:16:30 | [info] Server started and listening on port 30000

Code of Conduct

• I agree to follow this project's Code of Conduct

[CodaBool]

I tried a minimal docker-compose on my server instead of my personal computer and it seemed to behave different. I used this yaml

services:
  foundry:
    image: felddy/foundryvtt
    container_name: foundry
    healthcheck:
      test: curl --fail http://localhost:30000 || exit 1
    volumes:
      - ./data:/data
    env_file: .env # password + username env in here
    environment:
      - FOUNDRY_GID=1000
      - FOUNDRY_UID=1000
      - FOUNDRY_HOT_RELOAD=true
      - FOUNDRY_VERSION=11.315
    ports:
      - 80:30000

I'm pretty confused to what would be different. I went and tested with the exact same yaml on both machines and on the remote Fedora distro it keeps the 1000 permission but on my local Arch distro it switches to 100999.

I've already done the docker post install steps to add the docker to my group on both machines. Which I verified with their test of docker run hello-world. Not sure what's going on with my setup.

permission info

Both machines I use a user named codabool. Here is a print out of the ls -la in the dir I run the compose up.

permissions of the dir I work in for local Arch machine

# arch
drwxr-xr-x 1 codabool codabool  44 Jun 15 13:35 .

permissions of the dir I work in for remote Fedora machine

# Fedora
drwxr-xr-x. 1 codabool codabool  52 Jun 15 13:21 .

Image info

image metadata local Arch machine

com.foundryvtt.version = "12.324"
org.opencontainers.image.authors = "markf+github@geekpad.com"
org.opencontainers.image.created = "2024-05-23T15:06:10.955Z"
org.opencontainers.image.description = "An easy-to-deploy Dockerized Foundry Virtual Tabletop server."
org.opencontainers.image.licenses = "MIT"
org.opencontainers.image.revision = "6d84cff67cc2c4ea757625ed3360accb333f17eb"
org.opencontainers.image.source = "https://github.com/felddy/foundryvtt-docker"
org.opencontainers.image.title = "foundryvtt-docker"
org.opencontainers.image.url = "https://github.com/felddy/foundryvtt-docker"
org.opencontainers.image.vendor = "Geekpad"
org.opencontainers.image.version = "12.324.0"

image metadata remote Fedora machine

  1 ✘ com.foundryvtt.version = "12.327"
 1 ✘ org.opencontainers.image.authors = "markf+github@geekpad.com"
 1 ✘ org.opencontainers.image.created = "2024-06-11T17:55:48.811Z"
 1 ✘ org.opencontainers.image.description = "An easy-to-deploy Dockerized Foundry Virtual Tabletop server."
 1 ✘ org.opencontainers.image.licenses = "MIT"
 1 ✘ org.opencontainers.image.revision = "fc3b613b2086c998f44cfd0ddfae68a32035ebc8"
 1 ✘ org.opencontainers.image.source = "https://github.com/felddy/foundryvtt-docker"
 1 ✘ org.opencontainers.image.title = "foundryvtt-docker"
 1 ✘ org.opencontainers.image.url = "https://github.com/felddy/foundryvtt-docker"
 1 ✘ org.opencontainers.image.vendor = "Geekpad"
 1 ✘ org.opencontainers.image.version = "12.327.0"

what I tested

• I saw different image versions. I pulled the latest docker image of "12.327.0" and experienced the same issue
• when googling 100999 I'm getting results about rootless docker.

This is looking like a docker config issue for Arch linux and nothing to do with your image. Still looking into the issue and what the solution is in case future Arch people come asking about this 100999 rootless docker issue.

UPDATE:

I messed around with creating a new group with GID 100999 called foundry. Then adding my user to that group. But that still doesn't actually give me write permissions. I am settling on just performing a sudo chmod 777 -R data after starting the container. This could be secured more by going down the initial route I did. Which would be creating a group with the gid of 100999, I name it foundry here, sudo groupadd --gid 100999 foundry and then adding yourself to the group, my username is codabool so I use codabool here, sudo gpasswd -a codabool foundry then using a lower permission of 775 for a chmod on the mounted data folder.

But I like the minimal setup of just fully opening permissions on this so all users can write. No need to mess with groups that way. The only issue I face with this solution is that newly created files by Foundry need to be chmod'ed and newly created files by the user need to be chown'ed (which is actually done automatically when the container restarts). I'm fine with this solution for now. I'm only using local foundry for module development and it's not something I'm opening up to the internet. So, that's a risk I'm open to. This also is inside my /home/codabool folder. So, it's not really open to all processes.

If someone runs into this issue on their server then this solution probably isn't ideal. I don't know what I would recommend. I guess look into Fedora or search more about rootless docker.