From 21b9419d2a43449511bb20b6cb2a17014ac132e5 Mon Sep 17 00:00:00 2001 From: "Carlos M. Martinez" Date: Sat, 27 Jan 2024 07:35:50 -0500 Subject: [PATCH 01/27] Added test changes for using user instead of puid and guid --- docker-compose.yml | 13 ++++++++----- scripts/init.sh | 20 ++++++++++---------- scripts/start.sh | 6 +++--- 3 files changed, 21 insertions(+), 18 deletions(-) diff --git a/docker-compose.yml b/docker-compose.yml index 592f520ea..bcfb0f3a9 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -1,11 +1,14 @@ services: palworld: - image: thijsvanloef/palworld-server-docker:latest - restart: unless-stopped - container_name: palworld-server + image: thijsvanloef/palworld-server-docker:user + build: + dockerfile: Dockerfile + # restart: unless-stopped + container_name: palworld-server-user + user: 1000:1000 ports: - - 8211:8211/udp - - 27015:27015/udp # Required if you want your server to show up in the community servers tab + - 8212:8211/udp + #- 27015:27015/udp # Required if you want your server to show up in the community servers tab environment: - PUID=1000 - PGID=1000 diff --git a/scripts/init.sh b/scripts/init.sh index bbf91a455..be0130bb1 100644 --- a/scripts/init.sh +++ b/scripts/init.sh @@ -1,20 +1,20 @@ #!/bin/bash -if [[ ! "${PUID}" -eq 0 ]] && [[ ! "${PGID}" -eq 0 ]]; then - printf "\e[0;32m*****EXECUTING USERMOD*****\e[0m\n" - usermod -o -u "${PUID}" steam - groupmod -o -g "${PGID}" steam -else - printf "\033[31mRunning as root is not supported, please fix your PUID and PGID!\n" - exit 1 -fi +#if [[ ! "${PUID}" -eq 0 ]] && [[ ! "${PGID}" -eq 0 ]]; then +# printf "\e[0;32m*****EXECUTING USERMOD*****\e[0m\n" +# usermod -o -u "${PUID}" steam +# groupmod -o -g "${PGID}" steam +#else +# printf "\033[31mRunning as root is not supported, please fix your PUID and PGID!\n" +# exit 1 +#fi mkdir -p /palworld/backups -chown -R steam:steam /palworld +#chown -R steam:steam /palworld if [ "${UPDATE_ON_BOOT}" = true ]; then printf "\e[0;32m*****STARTING INSTALL/UPDATE*****\e[0m\n" - su steam -c '/home/steam/steamcmd/steamcmd.sh +force_install_dir "/palworld" +login anonymous +app_update 2394010 validate +quit' + /home/steam/steamcmd/steamcmd.sh +force_install_dir "/palworld" +login anonymous +app_update 2394010 validate +quit fi term_handler() { diff --git a/scripts/start.sh b/scripts/start.sh index 2d83c36f4..cfe7d0c50 100644 --- a/scripts/start.sh +++ b/scripts/start.sh @@ -56,7 +56,7 @@ if [ ! "$(grep -s '[^[:space:]]' /palworld/Pal/Saved/Config/LinuxServer/PalWorld printf "\e[0;32m*****GENERATING CONFIG*****\e[0m\n" # Server will generate all ini files after first run. - su steam -c "timeout --preserve-status 15s ./PalServer.sh 1> /dev/null " + timeout --preserve-status 15s ./PalServer.sh 1> /dev/null # Wait for shutdown sleep 5 @@ -73,7 +73,7 @@ if [ -n "${RCON_PORT}" ]; then fi # Configure RCON settings -cat >/home/steam/server/rcon.yaml <rcon.yaml < Date: Sat, 27 Jan 2024 08:43:08 -0500 Subject: [PATCH 02/27] Changes to rcon.yaml --- Dockerfile | 2 ++ docker-compose.yml | 3 +-- scripts/start.sh | 4 ++-- 3 files changed, 5 insertions(+), 4 deletions(-) diff --git a/Dockerfile b/Dockerfile index 137cf38b2..aaa520087 100644 --- a/Dockerfile +++ b/Dockerfile @@ -35,6 +35,8 @@ RUN chmod +x /home/steam/server/init.sh /home/steam/server/start.sh /home/steam/ mv /home/steam/server/backup.sh /usr/local/bin/backup WORKDIR /home/steam/server +RUN touch rcon.yaml && \ + chmod o+w rcon.yaml HEALTHCHECK --start-period=5m \ CMD pgrep "PalServer-Linux" > /dev/null || exit 1 diff --git a/docker-compose.yml b/docker-compose.yml index bcfb0f3a9..21a4d7e94 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -5,13 +5,12 @@ services: dockerfile: Dockerfile # restart: unless-stopped container_name: palworld-server-user + # Works if you set to 1000:1000 (default of steam user) user: 1000:1000 ports: - 8212:8211/udp #- 27015:27015/udp # Required if you want your server to show up in the community servers tab environment: - - PUID=1000 - - PGID=1000 - PORT=8211 # Optional but recommended - PLAYERS=16 # Optional but recommended - SERVER_PASSWORD="worldofpals" # Optional but recommended diff --git a/scripts/start.sh b/scripts/start.sh index cfe7d0c50..4b793522e 100644 --- a/scripts/start.sh +++ b/scripts/start.sh @@ -72,8 +72,8 @@ if [ -n "${RCON_PORT}" ]; then sed -i "s/RCONPort=[0-9]*/RCONPort=$RCON_PORT/" /palworld/Pal/Saved/Config/LinuxServer/PalWorldSettings.ini fi -# Configure RCON settings -cat >rcon.yaml </home/steam/server/rcon.yaml < Date: Sat, 27 Jan 2024 09:06:59 -0500 Subject: [PATCH 03/27] Removes root processes --- Dockerfile | 3 ++- docker-compose.yml | 2 +- scripts/init.sh | 2 +- scripts/start.sh | 2 +- 4 files changed, 5 insertions(+), 4 deletions(-) diff --git a/Dockerfile b/Dockerfile index aaa520087..b6867ee3f 100644 --- a/Dockerfile +++ b/Dockerfile @@ -10,7 +10,8 @@ RUN apt-get update && apt-get install -y --no-install-recommends \ SHELL ["/bin/bash", "-o", "pipefail", "-c"] RUN wget -q https://github.com/gorcon/rcon-cli/releases/download/v0.10.3/rcon-0.10.3-amd64_linux.tar.gz -O - | tar -xz && \ - mv rcon-0.10.3-amd64_linux/rcon /usr/bin/rcon-cli + mv rcon-0.10.3-amd64_linux/rcon /usr/bin/rcon-cli && \ + passwd -d steam ENV PORT= \ PUID=1000 \ diff --git a/docker-compose.yml b/docker-compose.yml index 21a4d7e94..1afd2fe42 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -6,7 +6,7 @@ services: # restart: unless-stopped container_name: palworld-server-user # Works if you set to 1000:1000 (default of steam user) - user: 1000:1000 + user: 5000:5000 ports: - 8212:8211/udp #- 27015:27015/udp # Required if you want your server to show up in the community servers tab diff --git a/scripts/init.sh b/scripts/init.sh index be0130bb1..8daca513d 100644 --- a/scripts/init.sh +++ b/scripts/init.sh @@ -14,7 +14,7 @@ mkdir -p /palworld/backups if [ "${UPDATE_ON_BOOT}" = true ]; then printf "\e[0;32m*****STARTING INSTALL/UPDATE*****\e[0m\n" - /home/steam/steamcmd/steamcmd.sh +force_install_dir "/palworld" +login anonymous +app_update 2394010 validate +quit + su steam -c '/home/steam/steamcmd/steamcmd.sh +force_install_dir "/palworld" +login anonymous +app_update 2394010 validate +quit' fi term_handler() { diff --git a/scripts/start.sh b/scripts/start.sh index 4b793522e..d7d9a4f5b 100644 --- a/scripts/start.sh +++ b/scripts/start.sh @@ -81,5 +81,5 @@ EOL printf "\e[0;32m*****STARTING SERVER*****\e[0m\n" echo "bash -c '${STARTCOMMAND[*]}'" -"${STARTCOMMAND[@]}" +su steam -c "bash -c '${STARTCOMMAND[*]}'" From 6a8f30760220af92ab1cfe47cf4ac403a6e30674 Mon Sep 17 00:00:00 2001 From: "Carlos M. Martinez" Date: Sat, 27 Jan 2024 18:37:15 -0500 Subject: [PATCH 04/27] Running without root --- Dockerfile | 4 +--- scripts/init.sh | 14 +++++--------- scripts/start.sh | 4 ++-- 3 files changed, 8 insertions(+), 14 deletions(-) diff --git a/Dockerfile b/Dockerfile index b6867ee3f..8514597e5 100644 --- a/Dockerfile +++ b/Dockerfile @@ -11,11 +11,9 @@ RUN apt-get update && apt-get install -y --no-install-recommends \ SHELL ["/bin/bash", "-o", "pipefail", "-c"] RUN wget -q https://github.com/gorcon/rcon-cli/releases/download/v0.10.3/rcon-0.10.3-amd64_linux.tar.gz -O - | tar -xz && \ mv rcon-0.10.3-amd64_linux/rcon /usr/bin/rcon-cli && \ - passwd -d steam + chmod -R o+w /home/steam ENV PORT= \ - PUID=1000 \ - PGID=1000 \ PLAYERS= \ MULTITHREADING=false \ COMMUNITY=false \ diff --git a/scripts/init.sh b/scripts/init.sh index 8daca513d..9a189efe9 100644 --- a/scripts/init.sh +++ b/scripts/init.sh @@ -1,20 +1,16 @@ #!/bin/bash -#if [[ ! "${PUID}" -eq 0 ]] && [[ ! "${PGID}" -eq 0 ]]; then -# printf "\e[0;32m*****EXECUTING USERMOD*****\e[0m\n" -# usermod -o -u "${PUID}" steam -# groupmod -o -g "${PGID}" steam -#else -# printf "\033[31mRunning as root is not supported, please fix your PUID and PGID!\n" -# exit 1 -#fi +if ! [[[ "$(id -u)" -eq 0 ]] && [[ "$(id -g)" -eq 0 ]]]; then + printf "\033[31mRunning as root is not supported, please fix your PUID and PGID!\n" + exit 1 +fi mkdir -p /palworld/backups #chown -R steam:steam /palworld if [ "${UPDATE_ON_BOOT}" = true ]; then printf "\e[0;32m*****STARTING INSTALL/UPDATE*****\e[0m\n" - su steam -c '/home/steam/steamcmd/steamcmd.sh +force_install_dir "/palworld" +login anonymous +app_update 2394010 validate +quit' + /home/steam/steamcmd/steamcmd.sh +force_install_dir "/palworld" +login anonymous +app_update 2394010 validate +quit fi term_handler() { diff --git a/scripts/start.sh b/scripts/start.sh index d7d9a4f5b..fe491098d 100644 --- a/scripts/start.sh +++ b/scripts/start.sh @@ -80,6 +80,6 @@ default: EOL printf "\e[0;32m*****STARTING SERVER*****\e[0m\n" -echo "bash -c '${STARTCOMMAND[*]}'" -su steam -c "bash -c '${STARTCOMMAND[*]}'" +echo "${STARTCOMMAND[*]}" +"${STARTCOMMAND[@]}" From 1e6756d13fcf6c95c13891068ee33c91254bb10d Mon Sep 17 00:00:00 2001 From: "Carlos M. Martinez" Date: Sun, 28 Jan 2024 00:19:27 -0500 Subject: [PATCH 05/27] Quick fix testing --- scripts/init.sh | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/scripts/init.sh b/scripts/init.sh index 4e43e18d6..a25013faf 100644 --- a/scripts/init.sh +++ b/scripts/init.sh @@ -1,9 +1,9 @@ #!/bin/bash -if ! [[[ "$(id -u)" -eq 0 ]] && [[ "$(id -g)" -eq 0 ]]]; then - printf "\033[31mRunning as root is not supported, please fix your PUID and PGID!\n" - exit 1 -fi +# if ! [[[ "$(id -u)" -eq 0 ]] && [[ "$(id -g)" -eq 0 ]]]; then +# printf "\033[31mRunning as root is not supported, please fix your PUID and PGID!\n" +# exit 1 +# fi mkdir -p /palworld/backups @@ -19,7 +19,7 @@ term_handler() { trap 'term_handler' SIGTERM -su steam -c ./start.sh & +./start.sh & # Process ID of su killpid="$!" wait $killpid From 41cca9bcf99a09890ca98b696c8c373b953f22bf Mon Sep 17 00:00:00 2001 From: "Carlos M. Martinez" Date: Mon, 29 Jan 2024 21:50:42 -0500 Subject: [PATCH 06/27] Changed so default user is steam --- Dockerfile | 1 + 1 file changed, 1 insertion(+) diff --git a/Dockerfile b/Dockerfile index 8aa131db5..420d8c88b 100644 --- a/Dockerfile +++ b/Dockerfile @@ -55,4 +55,5 @@ HEALTHCHECK --start-period=5m \ CMD pgrep "PalServer-Linux" > /dev/null || exit 1 EXPOSE ${PORT} ${RCON_PORT} +USER steam ENTRYPOINT ["/home/steam/server/init.sh"] From 4a99caad6b4a39ef0866b87712e7a58fee4fc5ba Mon Sep 17 00:00:00 2001 From: "Carlos M. Martinez" Date: Mon, 29 Jan 2024 21:52:17 -0500 Subject: [PATCH 07/27] Removed root check from backup.sh --- scripts/backup.sh | 4 ---- 1 file changed, 4 deletions(-) diff --git a/scripts/backup.sh b/scripts/backup.sh index 0fd0b6d65..a4dbe517e 100644 --- a/scripts/backup.sh +++ b/scripts/backup.sh @@ -10,10 +10,6 @@ cd /palworld/Pal/ || exit tar -zcf "$FILE_PATH" "Saved/" -if [ "$(id -u)" -eq 0 ]; then - chown steam:steam "$FILE_PATH" -fi - echo "backup created at $FILE_PATH" if [ "${DELETE_OLD_BACKUPS}" = true ]; then From 974b96cd25c3fee5780e2196f9c0511b3fb57627 Mon Sep 17 00:00:00 2001 From: "Carlos M. Martinez" Date: Mon, 29 Jan 2024 21:52:29 -0500 Subject: [PATCH 08/27] Added in root check for init.sh --- scripts/init.sh | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/scripts/init.sh b/scripts/init.sh index a25013faf..82e7fbeaa 100644 --- a/scripts/init.sh +++ b/scripts/init.sh @@ -1,9 +1,9 @@ #!/bin/bash -# if ! [[[ "$(id -u)" -eq 0 ]] && [[ "$(id -g)" -eq 0 ]]]; then -# printf "\033[31mRunning as root is not supported, please fix your PUID and PGID!\n" -# exit 1 -# fi +if ! [[[ "$(id -u)" -eq 0 ]] && [[ "$(id -g)" -eq 0 ]]]; then + printf "\033[31mRunning as root is not supported, please fix your PUID and PGID!\n" + exit 1 +fi mkdir -p /palworld/backups From 2cff0dc0afebb269ad45638f78b58df62277c379 Mon Sep 17 00:00:00 2001 From: "Carlos M. Martinez" Date: Mon, 29 Jan 2024 21:56:32 -0500 Subject: [PATCH 09/27] Fixed root check --- scripts/init.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/scripts/init.sh b/scripts/init.sh index 82e7fbeaa..d9f44b1f4 100644 --- a/scripts/init.sh +++ b/scripts/init.sh @@ -1,6 +1,6 @@ #!/bin/bash -if ! [[[ "$(id -u)" -eq 0 ]] && [[ "$(id -g)" -eq 0 ]]]; then +if [[ "$(id -u)" -eq 0 ]] || [[ "$(id -g)" -eq 0 ]]; then printf "\033[31mRunning as root is not supported, please fix your PUID and PGID!\n" exit 1 fi From 3ff43852541efc3830d5be6983c6cd2ff1041fd2 Mon Sep 17 00:00:00 2001 From: "Carlos M. Martinez" Date: Mon, 29 Jan 2024 22:00:19 -0500 Subject: [PATCH 10/27] Updated message as PUID/PGID is not used --- scripts/init.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/scripts/init.sh b/scripts/init.sh index d9f44b1f4..0e19c5bcd 100644 --- a/scripts/init.sh +++ b/scripts/init.sh @@ -1,7 +1,7 @@ #!/bin/bash if [[ "$(id -u)" -eq 0 ]] || [[ "$(id -g)" -eq 0 ]]; then - printf "\033[31mRunning as root is not supported, please fix your PUID and PGID!\n" + printf "\033[31mRunning as root is not supported, please fix your user!\n" exit 1 fi From deadf8db7f62c0a80ba0d7871be3d3e693688f80 Mon Sep 17 00:00:00 2001 From: "Carlos M. Martinez" Date: Mon, 29 Jan 2024 22:08:28 -0500 Subject: [PATCH 11/27] Fixed permission issue --- Dockerfile | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/Dockerfile b/Dockerfile index 420d8c88b..d1916abd7 100644 --- a/Dockerfile +++ b/Dockerfile @@ -11,7 +11,6 @@ RUN apt-get update && apt-get install -y --no-install-recommends \ SHELL ["/bin/bash", "-o", "pipefail", "-c"] RUN wget -q https://github.com/gorcon/rcon-cli/releases/download/v0.10.3/rcon-0.10.3-amd64_linux.tar.gz -O - | tar -xz && \ mv rcon-0.10.3-amd64_linux/rcon /usr/bin/rcon-cli && \ - chmod -R o+w /home/steam && \ rmdir /tmp/dumps # Latest releases available at https://github.com/aptible/supercronic/releases @@ -48,8 +47,9 @@ RUN chmod +x /home/steam/server/init.sh /home/steam/server/start.sh /home/steam/ mv /home/steam/server/backup.sh /usr/local/bin/backup WORKDIR /home/steam/server -RUN touch rcon.yaml && \ - chmod o+w rcon.yaml +RUN touch rcon.yaml crontab && \ + chown steam:steam -R /home/steam && \ + chmod -R o+w /home/steam HEALTHCHECK --start-period=5m \ CMD pgrep "PalServer-Linux" > /dev/null || exit 1 From 909835ce8fc50d70b6e00653c217bf7e975f9091 Mon Sep 17 00:00:00 2001 From: "Carlos M. Martinez" Date: Mon, 29 Jan 2024 22:11:43 -0500 Subject: [PATCH 12/27] Set default user to 1000:1000 --- docker-compose.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docker-compose.yml b/docker-compose.yml index 054fa0772..3e5e15c36 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -4,7 +4,7 @@ services: restart: unless-stopped container_name: palworld-server stop_grace_period: 30s # Set to however long you are willing to wait for the container to gracefully stop - user: 5000:5000 + user: 1000:1000 ports: - 8212:8211/udp - 27015:27015/udp # Required if you want your server to show up in the community servers tab From 207168e7a82dc288723eb0a8f9aac71cd95ef427 Mon Sep 17 00:00:00 2001 From: "Carlos M. Martinez" Date: Mon, 29 Jan 2024 22:12:05 -0500 Subject: [PATCH 13/27] Fixed default port in docker compose --- docker-compose.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docker-compose.yml b/docker-compose.yml index 3e5e15c36..d548c41ef 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -6,7 +6,7 @@ services: stop_grace_period: 30s # Set to however long you are willing to wait for the container to gracefully stop user: 1000:1000 ports: - - 8212:8211/udp + - 8211:8211/udp - 27015:27015/udp # Required if you want your server to show up in the community servers tab environment: - PORT=8211 # Optional but recommended From 0f442d0bbb9e72f318024303704c0fc06777206d Mon Sep 17 00:00:00 2001 From: "Carlos M. Martinez" Date: Mon, 29 Jan 2024 23:06:48 -0500 Subject: [PATCH 14/27] Updated readme --- README.md | 18 ++++++++++-------- 1 file changed, 10 insertions(+), 8 deletions(-) diff --git a/README.md b/README.md index eb05d26c7..a57323bfc 100644 --- a/README.md +++ b/README.md @@ -38,6 +38,12 @@ This Docker container has been tested and will work on both Linux (Ubuntu/Debian Keep in mind that you'll need to change the [environment variables](#environment-variables). +> [!IMPORTANT] +> You must set user to `YOUR_UID:YOUR_GID` +> To find your UID run `id -u` & to find your GID run `id -g`. In the examples they are listed as 1000:1000. +> If you wish to run it as a different UID/GID this can by done by changing the ownership: `chown UID:GID palworld/` +> or by changing the permissions for all other: `chmod o=rwx palworld/` + ### Docker Compose This repository includes an example [docker-compose.yml](/docker-compose.yml) file you can use to set up your server. @@ -49,12 +55,11 @@ services: restart: unless-stopped container_name: palworld-server stop_grace_period: 30s # Set to however long you are willing to wait for the container to gracefully stop + user: 1000:1000 ports: - 8211:8211/udp - 27015:27015/udp environment: - - PUID=1000 - - PGID=1000 - PORT=8211 # Optional but recommended - PLAYERS=16 # Optional but recommended - SERVER_PASSWORD="worldofpals" # Optional but recommended @@ -81,6 +86,7 @@ services: restart: unless-stopped container_name: palworld-server stop_grace_period: 30s # Set to however long you are willing to wait for the container to gracefully stop + user: 1000:1000 ports: - 8211:8211/udp - 27015:27015/udp @@ -97,11 +103,10 @@ Change every <> to your own configuration ```bash docker run -d \ --name palworld-server \ + --user 1000:1000 \ -p 8211:8211/udp \ -p 27015:27015/udp \ -v ./:/palworld/ \ - -e PUID=1000 \ - -e PGID=1000 \ -e PORT=8211 \ -e PLAYERS=16 \ -e MULTITHREADING=true \ @@ -125,6 +130,7 @@ correct values. Change your docker run command to this: ```bash docker run -d \ --name palworld-server \ + --user 1000:1000 \ -p 8211:8211/udp \ -p 27015:27015/udp \ -v ./:/palworld/ \ @@ -151,16 +157,12 @@ It is highly recommended you set the following environment values before startin * PLAYERS * PORT -* PUID -* PGID | Variable | Info | Default Values | Allowed Values | |--------------------|-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|----------------|------------------------------------------------------------------------------------------------------------| | TZ | Timezone used for time stamping backup server | UTC | See [TZ Identifiers](https://en.wikipedia.org/wiki/List_of_tz_database_time_zones#Time_Zone_abbreviations) | | PLAYERS* | Max amount of players that are able to join the server | 16 | 1-32 | | PORT* | UDP port that the server will expose | 8211 | 1024-65535 | -| PUID* | The uid of the user the server should run as | 1000 | !0 | -| PGID* | The gid of the group the server should run as | 1000 | !0 | | MULTITHREADING** | Improves performance in multi-threaded CPU environments. It is effective up to a maximum of about 4 threads, and allocating more than this number of threads does not make much sense. | false | true/false | | COMMUNITY | Whether or not the server shows up in the community server browser (USE WITH SERVER_PASSWORD) | false | true/false | | PUBLIC_IP | You can manually specify the global IP address of the network on which the server running. If not specified, it will be detected automatically. If it does not work well, try manual configuration. | | x.x.x.x | From 1d706ac1f0fd82a9a04a2f0371c1862f6a0413f8 Mon Sep 17 00:00:00 2001 From: "Carlos M. Martinez" Date: Mon, 29 Jan 2024 23:13:15 -0500 Subject: [PATCH 15/27] Updated .env.example --- .env.example | 2 -- 1 file changed, 2 deletions(-) diff --git a/.env.example b/.env.example index a19f71e7c..66c74eb45 100644 --- a/.env.example +++ b/.env.example @@ -1,8 +1,6 @@ TZ="UTC" PLAYERS="16" PORT="8211" -PUID="1000" -PGID="1000" MULTITHREADING="false" COMMUNITY="false" PUBLIC_IP="" From 3d8fd4f71778c12a815105dc8fd457764c043131 Mon Sep 17 00:00:00 2001 From: "Carlos M. Martinez" Date: Tue, 30 Jan 2024 09:29:15 -0500 Subject: [PATCH 16/27] Added runas for k8s --- k8s/deployment.yaml | 3 +++ 1 file changed, 3 insertions(+) diff --git a/k8s/deployment.yaml b/k8s/deployment.yaml index d94759fb4..a4db9844a 100644 --- a/k8s/deployment.yaml +++ b/k8s/deployment.yaml @@ -20,6 +20,9 @@ spec: - name: palworld-server image: thijsvanloef/palworld-server-docker imagePullPolicy: IfNotPresent + securityContext: + runAsUser: 1000 + runAsGroup: 1000 ports: - containerPort: 8211 name: server From 0390f601c0d0ccd459a96af5686d01e1f925d25d Mon Sep 17 00:00:00 2001 From: "Carlos M. Martinez" Date: Tue, 30 Jan 2024 23:59:11 -0500 Subject: [PATCH 17/27] Modified to support PUID/PGID by default --- .env.example | 2 ++ Dockerfile | 3 ++- docker-compose.yml | 3 ++- k8s/deployment.yaml | 3 --- scripts/backup.sh | 4 ++++ scripts/init.sh | 18 ++++++++++++++++-- 6 files changed, 26 insertions(+), 7 deletions(-) diff --git a/.env.example b/.env.example index 66c74eb45..a19f71e7c 100644 --- a/.env.example +++ b/.env.example @@ -1,6 +1,8 @@ TZ="UTC" PLAYERS="16" PORT="8211" +PUID="1000" +PGID="1000" MULTITHREADING="false" COMMUNITY="false" PUBLIC_IP="" diff --git a/Dockerfile b/Dockerfile index d1916abd7..558749eb2 100644 --- a/Dockerfile +++ b/Dockerfile @@ -25,6 +25,8 @@ RUN wget -q "$SUPERCRONIC_URL" \ && ln -s "/usr/local/bin/${SUPERCRONIC}" /usr/local/bin/supercronic ENV PORT= \ + PUID=1000 \ + PGID=1000 \ PLAYERS= \ MULTITHREADING=false \ COMMUNITY=false \ @@ -55,5 +57,4 @@ HEALTHCHECK --start-period=5m \ CMD pgrep "PalServer-Linux" > /dev/null || exit 1 EXPOSE ${PORT} ${RCON_PORT} -USER steam ENTRYPOINT ["/home/steam/server/init.sh"] diff --git a/docker-compose.yml b/docker-compose.yml index d548c41ef..ef5491aae 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -4,11 +4,12 @@ services: restart: unless-stopped container_name: palworld-server stop_grace_period: 30s # Set to however long you are willing to wait for the container to gracefully stop - user: 1000:1000 ports: - 8211:8211/udp - 27015:27015/udp # Required if you want your server to show up in the community servers tab environment: + - PUID=1000 + - PGID=1000 - PORT=8211 # Optional but recommended - PLAYERS=16 # Optional but recommended - SERVER_PASSWORD="worldofpals" # Optional but recommended diff --git a/k8s/deployment.yaml b/k8s/deployment.yaml index a4db9844a..d94759fb4 100644 --- a/k8s/deployment.yaml +++ b/k8s/deployment.yaml @@ -20,9 +20,6 @@ spec: - name: palworld-server image: thijsvanloef/palworld-server-docker imagePullPolicy: IfNotPresent - securityContext: - runAsUser: 1000 - runAsGroup: 1000 ports: - containerPort: 8211 name: server diff --git a/scripts/backup.sh b/scripts/backup.sh index a4dbe517e..0fd0b6d65 100644 --- a/scripts/backup.sh +++ b/scripts/backup.sh @@ -10,6 +10,10 @@ cd /palworld/Pal/ || exit tar -zcf "$FILE_PATH" "Saved/" +if [ "$(id -u)" -eq 0 ]; then + chown steam:steam "$FILE_PATH" +fi + echo "backup created at $FILE_PATH" if [ "${DELETE_OLD_BACKUPS}" = true ]; then diff --git a/scripts/init.sh b/scripts/init.sh index 0e19c5bcd..2ac9db324 100644 --- a/scripts/init.sh +++ b/scripts/init.sh @@ -1,6 +1,16 @@ #!/bin/bash -if [[ "$(id -u)" -eq 0 ]] || [[ "$(id -g)" -eq 0 ]]; then +if [[ "$(id -u)" -eq 0 ]] && [[ "$(id -g)" -eq 0 ]]; then + if [[ "${PUID}" -ne 0 ]] && [[ "${PGID}" -ne 0 ]]; then + printf "\e[0;32m*****EXECUTING USERMOD*****\e[0m\n" + usermod -o -u "${PUID}" steam + groupmod -o -g "${PGID}" steam + chown -R steam:steam /palworld /home/steam/ + else + printf "\033[31mRunning as root is not supported, please fix your PUID and PGID!\n" + exit 1 + fi +elif [[ "$(id -u)" -eq 0 ]] || [[ "$(id -g)" -eq 0 ]]; then printf "\033[31mRunning as root is not supported, please fix your user!\n" exit 1 fi @@ -19,7 +29,11 @@ term_handler() { trap 'term_handler' SIGTERM -./start.sh & +if [[ "$(id -u)" -eq 0 ]]; then + su steam -c ./start.sh & +else + ./start.sh & +fi # Process ID of su killpid="$!" wait $killpid From eb4bfde12bef8a34097176109c341d6a8484b97d Mon Sep 17 00:00:00 2001 From: "Carlos M. Martinez" Date: Wed, 31 Jan 2024 00:24:17 -0500 Subject: [PATCH 18/27] Updated readme --- README.md | 41 +++++++++++++++++++++++++++++++---------- 1 file changed, 31 insertions(+), 10 deletions(-) diff --git a/README.md b/README.md index a57323bfc..8dcd016df 100644 --- a/README.md +++ b/README.md @@ -38,12 +38,6 @@ This Docker container has been tested and will work on both Linux (Ubuntu/Debian Keep in mind that you'll need to change the [environment variables](#environment-variables). -> [!IMPORTANT] -> You must set user to `YOUR_UID:YOUR_GID` -> To find your UID run `id -u` & to find your GID run `id -g`. In the examples they are listed as 1000:1000. -> If you wish to run it as a different UID/GID this can by done by changing the ownership: `chown UID:GID palworld/` -> or by changing the permissions for all other: `chmod o=rwx palworld/` - ### Docker Compose This repository includes an example [docker-compose.yml](/docker-compose.yml) file you can use to set up your server. @@ -55,11 +49,12 @@ services: restart: unless-stopped container_name: palworld-server stop_grace_period: 30s # Set to however long you are willing to wait for the container to gracefully stop - user: 1000:1000 ports: - 8211:8211/udp - 27015:27015/udp environment: + - PUID=1000 + - PGID=1000 - PORT=8211 # Optional but recommended - PLAYERS=16 # Optional but recommended - SERVER_PASSWORD="worldofpals" # Optional but recommended @@ -86,7 +81,6 @@ services: restart: unless-stopped container_name: palworld-server stop_grace_period: 30s # Set to however long you are willing to wait for the container to gracefully stop - user: 1000:1000 ports: - 8211:8211/udp - 27015:27015/udp @@ -103,10 +97,11 @@ Change every <> to your own configuration ```bash docker run -d \ --name palworld-server \ - --user 1000:1000 \ -p 8211:8211/udp \ -p 27015:27015/udp \ -v ./:/palworld/ \ + -e PUID=1000 \ + -e PGID=1000 \ -e PORT=8211 \ -e PLAYERS=16 \ -e MULTITHREADING=true \ @@ -130,7 +125,6 @@ correct values. Change your docker run command to this: ```bash docker run -d \ --name palworld-server \ - --user 1000:1000 \ -p 8211:8211/udp \ -p 27015:27015/udp \ -v ./:/palworld/ \ @@ -146,6 +140,29 @@ All files you will need to deploy this container to kubernetes are located in th Follow the steps in the [README.md here](k8s/readme.md) to deploy it. +### Running without root + +This is only recommended for advance users + +It is possible to run this container and [override the default user](https://docs.docker.com/engine/reference/run/#user) which is root in this image. + +If you want to find your UID: `id -u` +If you want to find your GID: `id -g` + +You must set user to `NUMBERICAL_UID:NUMBERICAL_GID`. + +* In docker run add `--user 1000:1000 \` above the last line. +* In docker compose add `user: 1000:1000` above ports. +* In k8s add the following above the ports in deployment.yaml + ``` + securityContext: + runAsUser: 1000 + runAsGroup: 1000 + ``` + +If you wish to run it with a different UID/GID than your own you will need to change the ownership of the directory that is being bind: `chown UID:GID palworld/` +or by changing the permissions for all other: `chmod o=rwx palworld/` + #### Using helm chart Follow up the docs on the [README.md for the helm chart](./charts/palworld/README.md) to deploy. @@ -157,12 +174,16 @@ It is highly recommended you set the following environment values before startin * PLAYERS * PORT +* PUID +* PGID | Variable | Info | Default Values | Allowed Values | |--------------------|-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|----------------|------------------------------------------------------------------------------------------------------------| | TZ | Timezone used for time stamping backup server | UTC | See [TZ Identifiers](https://en.wikipedia.org/wiki/List_of_tz_database_time_zones#Time_Zone_abbreviations) | | PLAYERS* | Max amount of players that are able to join the server | 16 | 1-32 | | PORT* | UDP port that the server will expose | 8211 | 1024-65535 | +| PUID* | The uid of the user the server should run as | 1000 | !0 | +| PGID* | The gid of the group the server should run as | 1000 | !0 | | MULTITHREADING** | Improves performance in multi-threaded CPU environments. It is effective up to a maximum of about 4 threads, and allocating more than this number of threads does not make much sense. | false | true/false | | COMMUNITY | Whether or not the server shows up in the community server browser (USE WITH SERVER_PASSWORD) | false | true/false | | PUBLIC_IP | You can manually specify the global IP address of the network on which the server running. If not specified, it will be detected automatically. If it does not work well, try manual configuration. | | x.x.x.x | From c55c4b1cbf56177133c2fec1262784ab7fa76f45 Mon Sep 17 00:00:00 2001 From: "Carlos M. Martinez" Date: Wed, 31 Jan 2024 00:31:45 -0500 Subject: [PATCH 19/27] Updated readme --- README.md | 20 +++++++++++++------- 1 file changed, 13 insertions(+), 7 deletions(-) diff --git a/README.md b/README.md index 8dcd016df..98c0e9a2b 100644 --- a/README.md +++ b/README.md @@ -142,25 +142,31 @@ Follow the steps in the [README.md here](k8s/readme.md) to deploy it. ### Running without root -This is only recommended for advance users +This is only for advanced users -It is possible to run this container and [override the default user](https://docs.docker.com/engine/reference/run/#user) which is root in this image. +It is possible to run this container and +[override the default user](https://docs.docker.com/engine/reference/run/#user) which is root in this image. + +Because you are specifiying the user and group `PUID` and `PGID` are ignored. If you want to find your UID: `id -u` If you want to find your GID: `id -g` You must set user to `NUMBERICAL_UID:NUMBERICAL_GID`. -* In docker run add `--user 1000:1000 \` above the last line. -* In docker compose add `user: 1000:1000` above ports. -* In k8s add the following above the ports in deployment.yaml +Below we assume your UID is 1000 and your GID is 1001 +* In docker run add `--user 1000:1001 \` above the last line. +* In docker compose add `user: 1000:1001` above ports. +* In k8s add the following above the ports in deployment.yaml + ``` securityContext: runAsUser: 1000 - runAsGroup: 1000 + runAsGroup: 1001 ``` -If you wish to run it with a different UID/GID than your own you will need to change the ownership of the directory that is being bind: `chown UID:GID palworld/` +If you wish to run it with a different UID/GID than your own you will need to change the ownership of the directory that +is being bind: `chown UID:GID palworld/` or by changing the permissions for all other: `chmod o=rwx palworld/` #### Using helm chart From b5980bfdf616172e88bb2b677b83ee437659a086 Mon Sep 17 00:00:00 2001 From: "Carlos M. Martinez" Date: Wed, 31 Jan 2024 00:37:03 -0500 Subject: [PATCH 20/27] Updated linting errors --- README.md | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/README.md b/README.md index 98c0e9a2b..6f9bca541 100644 --- a/README.md +++ b/README.md @@ -144,7 +144,7 @@ Follow the steps in the [README.md here](k8s/readme.md) to deploy it. This is only for advanced users -It is possible to run this container and +It is possible to run this container and [override the default user](https://docs.docker.com/engine/reference/run/#user) which is root in this image. Because you are specifiying the user and group `PUID` and `PGID` are ignored. @@ -152,14 +152,15 @@ Because you are specifiying the user and group `PUID` and `PGID` are ignored. If you want to find your UID: `id -u` If you want to find your GID: `id -g` -You must set user to `NUMBERICAL_UID:NUMBERICAL_GID`. +You must set user to `NUMBERICAL_UID:NUMBERICAL_GID` Below we assume your UID is 1000 and your GID is 1001 + * In docker run add `--user 1000:1001 \` above the last line. * In docker compose add `user: 1000:1001` above ports. * In k8s add the following above the ports in deployment.yaml - ``` + ```yml securityContext: runAsUser: 1000 runAsGroup: 1001 From a724075f4cd8bfc0467e4cb42a7d6f6d9e146b6b Mon Sep 17 00:00:00 2001 From: "Carlos M. Martinez" Date: Fri, 2 Feb 2024 14:42:37 -0500 Subject: [PATCH 21/27] Added check to see if /palworld is writable --- scripts/init.sh | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/scripts/init.sh b/scripts/init.sh index 6327b9f45..766a58a04 100644 --- a/scripts/init.sh +++ b/scripts/init.sh @@ -15,6 +15,11 @@ elif [[ "$(id -u)" -eq 0 ]] || [[ "$(id -g)" -eq 0 ]]; then exit 1 fi +if ! [ -w "/palworld" ]; then + echo "/palworld is not writable." + exit 1 +fi + mkdir -p /palworld/backups # shellcheck disable=SC2317 From 4080158ff24bda090aa9ec7b4011cafbdcd004b3 Mon Sep 17 00:00:00 2001 From: "Carlos M. Martinez" Date: Fri, 2 Feb 2024 14:44:29 -0500 Subject: [PATCH 22/27] Updated permissions --- Dockerfile | 3 ++- scripts/start.sh | 2 +- 2 files changed, 3 insertions(+), 2 deletions(-) diff --git a/Dockerfile b/Dockerfile index e79be0f54..7df10244a 100644 --- a/Dockerfile +++ b/Dockerfile @@ -75,8 +75,9 @@ RUN chmod +x /home/steam/server/*.sh && \ WORKDIR /home/steam/server RUN touch rcon.yaml crontab && \ + chmod o+w rcon.yaml crontab && \ chown steam:steam -R /home/steam && \ - chmod -R o+w /home/steam + chmod -R o+w /home/steam/steamcmd HEALTHCHECK --start-period=5m \ CMD pgrep "PalServer-Linux" > /dev/null || exit 1 diff --git a/scripts/start.sh b/scripts/start.sh index ceb1a7300..6fe66a70c 100644 --- a/scripts/start.sh +++ b/scripts/start.sh @@ -364,7 +364,7 @@ if [ -n "${RCON_PORT}" ]; then sed -i "s/RCONPort=[0-9]*/RCONPort=$RCON_PORT/" /palworld/Pal/Saved/Config/LinuxServer/PalWorldSettings.ini fi -rm -f "/home/steam/server/crontab" +truncate -s 0 "/home/steam/server/crontab" if [ "${BACKUP_ENABLED,,}" = true ]; then echo "BACKUP_ENABLED=${BACKUP_ENABLED,,}" From ea6252f526d7a0a1b60aa0f79365c7a9bf895060 Mon Sep 17 00:00:00 2001 From: "Carlos M. Martinez" Date: Tue, 13 Feb 2024 14:02:21 -0500 Subject: [PATCH 23/27] Changed signle to double quotes --- scripts/init.sh | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/scripts/init.sh b/scripts/init.sh index 91dfe8e45..667d8ee55 100644 --- a/scripts/init.sh +++ b/scripts/init.sh @@ -26,9 +26,9 @@ mkdir -p /palworld/backups term_handler() { if [ -n "${DISCORD_WEBHOOK_URL}" ] && [ -n "${DISCORD_PRE_SHUTDOWN_MESSAGE}" ]; then if [ "$(id -u)" -eq 0 ]; then - su steam -c "/home/steam/server/discord.sh '${DISCORD_PRE_SHUTDOWN_MESSAGE}' in-progress" & + su steam -c "/home/steam/server/discord.sh \"${DISCORD_PRE_SHUTDOWN_MESSAGE}\" in-progress" & else - /home/steam/server/discord.sh '${DISCORD_PRE_SHUTDOWN_MESSAGE}' in-progress & + /home/steam/server/discord.sh "${DISCORD_PRE_SHUTDOWN_MESSAGE}" in-progress & fi fi From 54cea25599b2f57b9b63a6bd9d9348413a846afd Mon Sep 17 00:00:00 2001 From: "Carlos M. Martinez" Date: Thu, 15 Feb 2024 00:54:53 -0500 Subject: [PATCH 24/27] Removed k8s in readme --- README.md | 7 ------- 1 file changed, 7 deletions(-) diff --git a/README.md b/README.md index 9b2243918..b2125aec3 100644 --- a/README.md +++ b/README.md @@ -178,13 +178,6 @@ Below we assume your UID is 1000 and your GID is 1001 * In docker run add `--user 1000:1001 \` above the last line. * In docker compose add `user: 1000:1001` above ports. -* In k8s add the following above the ports in deployment.yaml - - ```yml - securityContext: - runAsUser: 1000 - runAsGroup: 1001 - ``` If you wish to run it with a different UID/GID than your own you will need to change the ownership of the directory that is being bind: `chown UID:GID palworld/` From f5e692371bedda1f945c4a7fb1297355a665804b Mon Sep 17 00:00:00 2001 From: "Carlos M. Martinez" Date: Thu, 15 Feb 2024 01:00:16 -0500 Subject: [PATCH 25/27] Updated readme and compose to add user --- README.md | 4 ++++ docker-compose.yml | 1 + 2 files changed, 5 insertions(+) diff --git a/README.md b/README.md index b2125aec3..a9a439a6e 100644 --- a/README.md +++ b/README.md @@ -68,6 +68,7 @@ services: image: thijsvanloef/palworld-server-docker:latest restart: unless-stopped container_name: palworld-server + user: 0:0 stop_grace_period: 30s # Set to however long you are willing to wait for the container to gracefully stop ports: - 8211:8211/udp @@ -100,6 +101,7 @@ services: image: thijsvanloef/palworld-server-docker:latest restart: unless-stopped container_name: palworld-server + user: 0:0 stop_grace_period: 30s # Set to however long you are willing to wait for the container to gracefully stop ports: - 8211:8211/udp @@ -117,6 +119,7 @@ Change every <> to your own configuration ```bash docker run -d \ --name palworld-server \ + --user 0:0 \ -p 8211:8211/udp \ -p 27015:27015/udp \ -v ./palworld:/palworld/ \ @@ -145,6 +148,7 @@ correct values. Change your docker run command to this: ```bash docker run -d \ --name palworld-server \ + --user 0:0 \ -p 8211:8211/udp \ -p 27015:27015/udp \ -v ./palworld:/palworld/ \ diff --git a/docker-compose.yml b/docker-compose.yml index 993579833..3ce77a86a 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -4,6 +4,7 @@ services: image: thijsvanloef/palworld-server-docker:latest restart: unless-stopped container_name: palworld-server + user: 0:0 stop_grace_period: 30s # Set to however long you are willing to wait for the container to gracefully stop ports: - 8211:8211/udp From 4806147b7099832cff602eed94c6937091b9be9c Mon Sep 17 00:00:00 2001 From: "Carlos M. Martinez" Date: Sat, 17 Feb 2024 15:57:05 -0500 Subject: [PATCH 26/27] Remove user in compose and docker run --- README.md | 4 ---- docker-compose.yml | 1 - 2 files changed, 5 deletions(-) diff --git a/README.md b/README.md index 8976de0ee..cad749819 100644 --- a/README.md +++ b/README.md @@ -68,7 +68,6 @@ services: image: thijsvanloef/palworld-server-docker:latest restart: unless-stopped container_name: palworld-server - user: 0:0 stop_grace_period: 30s # Set to however long you are willing to wait for the container to gracefully stop ports: - 8211:8211/udp @@ -101,7 +100,6 @@ services: image: thijsvanloef/palworld-server-docker:latest restart: unless-stopped container_name: palworld-server - user: 0:0 stop_grace_period: 30s # Set to however long you are willing to wait for the container to gracefully stop ports: - 8211:8211/udp @@ -119,7 +117,6 @@ Change every <> to your own configuration ```bash docker run -d \ --name palworld-server \ - --user 0:0 \ -p 8211:8211/udp \ -p 27015:27015/udp \ -v ./palworld:/palworld/ \ @@ -148,7 +145,6 @@ correct values. Change your docker run command to this: ```bash docker run -d \ --name palworld-server \ - --user 0:0 \ -p 8211:8211/udp \ -p 27015:27015/udp \ -v ./palworld:/palworld/ \ diff --git a/docker-compose.yml b/docker-compose.yml index 3ce77a86a..993579833 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -4,7 +4,6 @@ services: image: thijsvanloef/palworld-server-docker:latest restart: unless-stopped container_name: palworld-server - user: 0:0 stop_grace_period: 30s # Set to however long you are willing to wait for the container to gracefully stop ports: - 8211:8211/udp From 02e3a60e767b767e33a8a7966760593f92ac2237 Mon Sep 17 00:00:00 2001 From: Thijs van Loef Date: Sun, 18 Feb 2024 20:02:26 +0100 Subject: [PATCH 27/27] update docusaurus --- .../docs/guides/running-without-root.md | 26 +++++++++++++++++++ 1 file changed, 26 insertions(+) create mode 100644 docusaurus/docs/guides/running-without-root.md diff --git a/docusaurus/docs/guides/running-without-root.md b/docusaurus/docs/guides/running-without-root.md new file mode 100644 index 000000000..a71a7a957 --- /dev/null +++ b/docusaurus/docs/guides/running-without-root.md @@ -0,0 +1,26 @@ +--- +sidebar_position: 6 +--- + +# Running without root + +This is only for advanced users + +It is possible to run this container and +[override the default user](https://docs.docker.com/engine/reference/run/#user) which is root in this image. + +Because you are specifiying the user and group `PUID` and `PGID` are ignored. + +If you want to find your UID: `id -u` +If you want to find your GID: `id -g` + +You must set user to `NUMBERICAL_UID:NUMBERICAL_GID` + +Below we assume your UID is 1000 and your GID is 1001 + +* In docker run add `--user 1000:1001 \` above the last line. +* In docker compose add `user: 1000:1001` above ports. + +If you wish to run it with a different UID/GID than your own you will need to change the ownership of the directory that +is being bind: `chown UID:GID palworld/` +or by changing the permissions for all other: `chmod o=rwx palworld/`