[Suggestion] add GID UID UMASK

[zilexa]

I completely changed this ticket, I asked to include unrar to the image, but I found Unpackerr. Will use that in stead.

I do have another question:
I am impressed by this image because it is only 150MB and fully functional, but now see all my downloads are owned by root. Is it possible to support something like GID and GPID like Linuxserver does, to set correct user permissions?

[emmercm]

I'll be fully honest, I don't know the most about user and group permissioning when it comes to Docker. Are you saying that because the Docker daemon is run as root that any files created in the mount are owned by root?

[zilexa]

Hi yes that is what it looks like, but I guess I need to do further testing..
I will install hotio qbittorrent and see what the difference is.
Every download related package, both from hotio and linuxserver force you to change the IDs. I guess its for a reason.
Still I prefer yours because the image is half the size compared to others.

[michaelkrieger]

Assuming you're using user 1000 and group 1000, add user: 1000:1000 to your docker compose (or --user 1000:1000 to your docker run command) to run the whole thing as a certain user ID. The quirk is that you should either pre-create the volume folders, as they get created as root (by docker) and so the 1000 user won't have the ability to write to them. This is why many other scripts run as root and then drop privileges, as they chown the various volume mount points and then use su to run the start command as the user.

EDIT:
I stand corrected. The way this container is set up, it is very oriented around the /root folder. When mounting /config, docker oddly follows the symbolic link and mounts at /root/.config/qBittorrent (same with the data folder at /root/.local/share/qBittorrent). This makes it fully reliant on /root and the restrictive 700 permissions of /root.

There is really no need I can see to run qBittorrent as root.

Possible solution 1
The easiest solution would be if these symbolic links were the other way around [so /config is the folder and /root/.config/qBittorrent was the symbolic link]. This could even be created at runtime by the entrypoint script. At that point, the user could add 'user 1000:1000' to their start command and shouldn't have any permission issues (assuming the folder itself has the right permissions at a system level).

Possible solution 2

1. opening up /root 's permissions (chmod 777 /root /root/.local/share/qBittorrent /root/.config/qBittorrent)
2. Having an adduser -h '/root' -u PUID-D -H user [where the PUID is supplied via a variable] in the entrypoint script. The username doesn't really matter within the container, so I've just used user
3. Running su -m -c "$@" user instead of just the exec.

[jee-r]

I figured out how to run qBittorrent rootless :

docker-compose.yml

version: "3"

services:
  qbittorrent:
    image: emmercm/qbittorrent:latest
    container_name: qbittorent
    #restart: unless-stopped
    user: 1000:1000
    networks:
      - torrent
    environment:
      - TZ=Europe/Paris
      - HOME=/home/abc
    ports:
      - 30000:30000
      - 8080:8080
      - 6881:6881/tcp
      - 6881:6881/udp
    volumes:
      - /etc/localtime:/etc/localtime:ro
      - ./etc_passwd:/etc/passwd:ro
      - ./entrypoint.sh:/entrypoint.sh
      - ./config:/home/abc/

networks:
  torrent:
    external: true

entrypoint.sh

#!/usr/bin/env sh
set -euo pipefail

PING_IPS=${PING_IPS:-1.1.1.1 1.0.0.1}
IP_URL=${IP_URL:-http://whatismyip.akamai.com}


# Wait for internet connection
# Note: can't use `ping` due to a known issue (https://forums.docker.com/t/ping-from-within-a-container-does-not-actually-ping/11787)
echo "Waiting for internet connection ..."
while true; do
    for PING_IP in ${PING_IPS}; do
        if curl --silent --output /dev/null --max-time 1 ${PING_IP}; then
            break 2
        fi
    done
    sleep 1
done

# Print external IP
EXTERNAL_IP=$(curl --max-time 10 --silent "${IP_URL}")
echo
echo "*****************$(printf "%${#EXTERNAL_IP}s\n" | tr " " "*")****"
echo "*                $(printf "%${#EXTERNAL_IP}s\n" | tr " " " ")   *"
echo "*   External IP: ${EXTERNAL_IP}   *"
echo "*                $(printf "%${#EXTERNAL_IP}s\n" | tr " " " ")   *"
echo "*****************$(printf "%${#EXTERNAL_IP}s\n" | tr " " "*")****"
echo


# Default qBittorrent config
if [[ ! -f /config/qBittorrent.conf ]]; then
    cp /qBittorrent.conf /home/abc/.config/qBittorrent/qBittorrent.conf
fi

exec "$@"

etc_passwd:

root:x:0:0:root:/root:/bin/ash
bin:x:1:1:bin:/bin:/sbin/nologin
daemon:x:2:2:daemon:/sbin:/sbin/nologin
adm:x:3:4:adm:/var/adm:/sbin/nologin
lp:x:4:7:lp:/var/spool/lpd:/sbin/nologin
sync:x:5:0:sync:/sbin:/bin/sync
shutdown:x:6:0:shutdown:/sbin:/sbin/shutdown
halt:x:7:0:halt:/sbin:/sbin/halt
mail:x:8:12:mail:/var/mail:/sbin/nologin
news:x:9:13:news:/usr/lib/news:/sbin/nologin
uucp:x:10:14:uucp:/var/spool/uucppublic:/sbin/nologin
operator:x:11:0:operator:/root:/sbin/nologin
man:x:13:15:man:/usr/man:/sbin/nologin
postmaster:x:14:12:postmaster:/var/mail:/sbin/nologin
cron:x:16:16:cron:/var/spool/cron:/sbin/nologin
ftp:x:21:21::/var/lib/ftp:/sbin/nologin
sshd:x:22:22:sshd:/dev/null:/sbin/nologin
at:x:25:25:at:/var/spool/cron/atjobs:/sbin/nologin
squid:x:31:31:Squid:/var/cache/squid:/sbin/nologin
xfs:x:33:33:X Font Server:/etc/X11/fs:/sbin/nologin
games:x:35:35:games:/usr/games:/sbin/nologin
cyrus:x:85:12::/usr/cyrus:/sbin/nologin
vpopmail:x:89:89::/var/vpopmail:/sbin/nologin
ntp:x:123:123:NTP:/var/empty:/sbin/nologin
smmsp:x:209:209:smmsp:/var/spool/mqueue:/sbin/nologin
guest:x:405:100:guest:/dev/null:/sbin/nologin
nobody:x:65534:65534:nobody:/:/sbin/nologin
abc:x:1000:1000:abc:/home/abc:/bin/ash

then you've to create directories with the right permission (1000:1000 or UUID:GUID of your choice) :

mkdir -p ./config/.config/qBittorrent ./config/.local/share/qBittorrent
chown -R 1000:1000 .config

and finally run qBittorrent

docker-compose pull
docker-compose up -d