HA Supervisor addon: /data directory is read only for non root users

modbus2mqtt · November 21, 2023, 10:41am

Hi,

an addon for HA supervisor should not run with root permissions. It makes it more vulnerable to hacking.

However, if the add on runs as non root user and it needs write access. to the. /data directory, it will fail, because the /data directory has the following permissions:

drwxr-xr-x 2 root root /data

How can the /data directory get write access for a non root user?

If the add on runs in a standalone docker container, it can be configured in docker compose and in the directory of the docker host.

modbus2mqtt · November 21, 2023, 11:20am

The run.sh can also run as root, but it calls the service via sudo -u node
So, the service doesn’t have root permissions.

chown node:node /data
sudo -u node bash -c '
ls -lsd /data
node blabla.js 
'

Tinkerer · November 21, 2023, 11:35am

Most if not all the containers run as root. That’s unlikely to change.