github-starred/vikunja
2
0
Fork 0
mirror of https://github.com/go-vikunja/vikunja.git synced 2026-05-06 03:27:53 -05:00
Code Issues 690 Packages Projects Releases 11 Wiki Activity

[GH-ISSUE #2162] Regression in rc4: docker rootless does not start anymore, failed to create test file #6566

New Issue
Closed
opened 2026-04-20 17:09:44 -05:00 by GiteaMirror · 5 comments
GiteaMirror commented 2026-04-20 17:09:44 -05:00
Owner
Copy Link

Originally created by @liquidat on GitHub (Jan 26, 2026).
Original GitHub issue: https://github.com/go-vikunja/vikunja/issues/2162

Description

Summary

With vikunja 1.0.0-rc4, the vikunja container/service fails to start properly due to a permission denied error.
This was not the case with rc3.
The error is also present with :unstable.

Details

I use Vikunja in a rootless docker installation. The following docker compose file works fine with rc3:

---
services:
  vikunja:
    image: vikunja/vikunja:1.0.0-rc3
    env_file:
      - .env
    ports:
      - 3456:3456      
    volumes:
      - /data/vikunja/files:/app/vikunja/files
    depends_on:
      db:
        condition: service_healthy
    restart: unless-stopped

  db:
    image: postgres:18
    volumes:
      - /data/vikunja/db:/var/lib/postgresql
    env_file:
      - .env
    restart: unless-stopped
    healthcheck:
      test: ["CMD-SHELL", "pg_isready -h localhost -U $$POSTGRES_USER"]
      interval: 2s
      start_period: 30s

Logs for the Vikunja container during the successful startup:

vikunja-1  | 2026/01/26 21:03:15 failed to create modcache index dir: mkdir /.cache: permission denied
vikunja-1  | time=2026-01-26T21:03:15.133Z level=INFO msg="No config file found, using default or config from environment variables."
vikunja-1  | time=2026-01-26T21:03:15.133Z level=INFO msg="Running migrations…"
vikunja-1  | time=2026-01-26T21:03:15.640Z level=INFO msg="Ran all migrations successfully."
vikunja-1  | time=2026-01-26T21:03:15.642Z level=INFO msg="Mailer is disabled, not sending reminders per mail"
vikunja-1  | time=2026-01-26T21:03:15.642Z level=INFO msg="Mailer is disabled, not sending overdue per mail"
vikunja-1  | time=2026-01-26T21:03:15.642Z level=INFO msg="Vikunja version v1.0.0-rc3"
vikunja-1  | ⇨ http server started on [::]:3456
...

However, when I change the Vikunja image version to rc4, the container doesn't start successfully, the logs show a permission denied error when trying to create the test file:

vikunja-1  | 2026/01/26 21:35:39 failed to create modcache index dir: mkdir /.cache: permission denied
vikunja-1  | time=2026-01-26T21:35:39.430Z level=INFO msg="No config file found, using default or config from environment variables."
vikunja-1  | time=2026-01-26T21:35:39.430Z level=ERROR msg="Could not init file handler: storage validation failed: failed to create test file at /app/vikunja/files/.vikunja-check-1769463339430480850: open /app/vikunja/files/.vikunja-check-1769463339430480850: permission denied"

Failed attempts to solve the issue

Setting user

Setting the user explicitly in the docker compose file via user: 1009:1009 (the local user of the docker compose setup) does not fix or change the error.

Using volume
Defining a volume and using it instead of a bind mount via the below code does not fix or change the error.

    volumes:
      - vikunja-files:/app/vikunja/files

[...]

volumes:
  vikunja-files:

Ensuring U,Z

Ensuring U,Z in the volume definition via /data/vikunja/files:/app/vikunja/files:U,Z does not fix or change the error.

Environment

$ docker --version
Docker version 29.1.3, build f52814d
$ /usr/libexec/docker/cli-plugins/docker-compose --version
Docker Compose version v5.0.0
$ ls -la /data/vikunja/files
total 8
drwxr-xr-x. 2 vikunjauser vikunjauser 4096 Jan 26 21:19 .
drwxr-xr-x. 4 root        root        4096 Jan 26 16:10 ..
$ id
uid=1009(vikunjauser) gid=1009(vikunjauser) groups=1009(vikunjauser) context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023
$ getenforce
Permissive
$ cat /etc/os-release
NAME="Rocky Linux"
VERSION="9.7 (Blue Onyx)"
ID="rocky"
ID_LIKE="rhel centos fedora"
...

Additional notes

I'd love to have a closer look at the running container itself. But since there is no shell available, there is nothing I can do to for example jump into the container and check the permissions of the files in question, etc.

Vikunja Version

1.0.0-rc4

Browser and version

No response

Can you reproduce the bug on the Vikunja demo site?

No

Screenshots

No response

Originally created by @liquidat on GitHub (Jan 26, 2026). Original GitHub issue: https://github.com/go-vikunja/vikunja/issues/2162 ### Description ### Summary With vikunja 1.0.0-rc4, the vikunja container/service fails to start properly due to a `permission denied` error. This was not the case with rc3. The error is also present with `:unstable`. ### Details I use Vikunja in a rootless docker installation. The following docker compose file works fine with rc3: ``` --- services: vikunja: image: vikunja/vikunja:1.0.0-rc3 env_file: - .env ports: - 3456:3456 volumes: - /data/vikunja/files:/app/vikunja/files depends_on: db: condition: service_healthy restart: unless-stopped db: image: postgres:18 volumes: - /data/vikunja/db:/var/lib/postgresql env_file: - .env restart: unless-stopped healthcheck: test: ["CMD-SHELL", "pg_isready -h localhost -U $$POSTGRES_USER"] interval: 2s start_period: 30s ``` Logs for the Vikunja container during the successful startup: ``` vikunja-1 | 2026/01/26 21:03:15 failed to create modcache index dir: mkdir /.cache: permission denied vikunja-1 | time=2026-01-26T21:03:15.133Z level=INFO msg="No config file found, using default or config from environment variables." vikunja-1 | time=2026-01-26T21:03:15.133Z level=INFO msg="Running migrations…" vikunja-1 | time=2026-01-26T21:03:15.640Z level=INFO msg="Ran all migrations successfully." vikunja-1 | time=2026-01-26T21:03:15.642Z level=INFO msg="Mailer is disabled, not sending reminders per mail" vikunja-1 | time=2026-01-26T21:03:15.642Z level=INFO msg="Mailer is disabled, not sending overdue per mail" vikunja-1 | time=2026-01-26T21:03:15.642Z level=INFO msg="Vikunja version v1.0.0-rc3" vikunja-1 | ⇨ http server started on [::]:3456 ... ``` However, when I change the Vikunja image version to rc4, the container doesn't start successfully, the logs show a permission denied error when trying to create the test file: ``` vikunja-1 | 2026/01/26 21:35:39 failed to create modcache index dir: mkdir /.cache: permission denied vikunja-1 | time=2026-01-26T21:35:39.430Z level=INFO msg="No config file found, using default or config from environment variables." vikunja-1 | time=2026-01-26T21:35:39.430Z level=ERROR msg="Could not init file handler: storage validation failed: failed to create test file at /app/vikunja/files/.vikunja-check-1769463339430480850: open /app/vikunja/files/.vikunja-check-1769463339430480850: permission denied" ``` ### Failed attempts to solve the issue **Setting user** Setting the user explicitly in the docker compose file via `user: 1009:1009` (the local user of the docker compose setup) does not fix or change the error. **Using volume** Defining a volume and using it instead of a bind mount via the below code does not fix or change the error. ``` volumes: - vikunja-files:/app/vikunja/files [...] volumes: vikunja-files: ``` **Ensuring U,Z** Ensuring U,Z in the volume definition via `/data/vikunja/files:/app/vikunja/files:U,Z` does not fix or change the error. ### Environment ``` $ docker --version Docker version 29.1.3, build f52814d $ /usr/libexec/docker/cli-plugins/docker-compose --version Docker Compose version v5.0.0 $ ls -la /data/vikunja/files total 8 drwxr-xr-x. 2 vikunjauser vikunjauser 4096 Jan 26 21:19 . drwxr-xr-x. 4 root root 4096 Jan 26 16:10 .. $ id uid=1009(vikunjauser) gid=1009(vikunjauser) groups=1009(vikunjauser) context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 $ getenforce Permissive $ cat /etc/os-release NAME="Rocky Linux" VERSION="9.7 (Blue Onyx)" ID="rocky" ID_LIKE="rhel centos fedora" ... ``` ### Additional notes I'd love to have a closer look at the running container itself. But since there is no shell available, there is nothing I can do to for example jump into the container and check the permissions of the files in question, etc. ### Vikunja Version 1.0.0-rc4 ### Browser and version _No response_ ### Can you reproduce the bug on the Vikunja demo site? No ### Screenshots _No response_
GiteaMirror commented 2026-04-20 17:09:46 -05:00
Author
Owner
Copy Link

@kolaente commented on GitHub (Jan 26, 2026):

You need to fix the permission of the /data/vikunja/files folder. It has to be writeable by the user running Vikunja, 1000 by default unless you change it with the user: option of the container.

The new rc added validation on startup for this, if the permissions are wrong that means you won't be able to use attachments, backgrounds, user data exports, etc.

<!-- gh-comment-id:3801970941 --> @kolaente commented on GitHub (Jan 26, 2026): You need to fix the permission of the `/data/vikunja/files` folder. It has to be writeable by the user running Vikunja, `1000` by default unless you change it with the `user:` option of the container. The new rc added validation on startup for this, if the permissions are wrong that means you won't be able to use attachments, backgrounds, user data exports, etc.
GiteaMirror commented 2026-04-20 17:09:46 -05:00
Author
Owner
Copy Link

@liquidat commented on GitHub (Jan 27, 2026):

@kolaente The permissions are already correct. As shown above in the output of ls and id, the data path has the owner that tries to launch the containers.

Also the error persists when named volumes are used, indicating that the problem it's something else.

<!-- gh-comment-id:3803605582 --> @liquidat commented on GitHub (Jan 27, 2026): @kolaente The permissions are already correct. As shown above in the output of `ls` and `id`, the data path has the owner that tries to launch the containers. Also the error persists when named volumes are used, indicating that the problem it's something else.
GiteaMirror commented 2026-04-20 17:09:47 -05:00
Author
Owner
Copy Link

@kolaente commented on GitHub (Jan 27, 2026):

I've added a vikunja doctor command in https://github.com/go-vikunja/vikunja/pull/2165 that should help to debug this further - can you run the latest unstable build and run it to see what user Vikunja is actually running as? (should be ready in ~30min)

<!-- gh-comment-id:3804020203 --> @kolaente commented on GitHub (Jan 27, 2026): I've added a `vikunja doctor` command in https://github.com/go-vikunja/vikunja/pull/2165 that should help to debug this further - can you run the latest unstable build and run it to see what user Vikunja is actually running as? (should be ready in ~30min)
GiteaMirror commented 2026-04-20 17:09:48 -05:00
Author
Owner
Copy Link

@vikunja-bot-app[bot] commented on GitHub (Jan 27, 2026):

This issue has been fixed in #2166, please check with the next unstable build (should be ready for deployment in ~30min, also on the demo).

<!-- gh-comment-id:3804872965 --> @vikunja-bot-app[bot] commented on GitHub (Jan 27, 2026): This issue has been fixed in #2166, please check with the next unstable build (should be ready for deployment in ~30min, also on [the demo](https://try.vikunja.io)).
GiteaMirror commented 2026-04-20 17:09:48 -05:00
Author
Owner
Copy Link

@MikaelKW commented on GitHub (Jan 28, 2026):

I'm getting this error with V1.

Issue #2173 explains using variable:
user: "0:0"

But are we not supposed to be able to run Vikunja in rootless mode anymore, or is this simply a bug?

Edit: files folder was only writable by root

<!-- gh-comment-id:3810945573 --> @MikaelKW commented on GitHub (Jan 28, 2026): I'm getting this error with V1. Issue #2173 explains using variable: user: "0:0" But are we not supposed to be able to run Vikunja in rootless mode anymore, or is this simply a bug? Edit: files folder was only writable by root
Sign in to join this conversation.
No Branch/Tag Specified
Branches Tags
Labels
Clear labels
area/api
area/attachments
area/auth
area/avatars
area/backup-restore
area/caldav
area/calendar-view
area/comments
area/config
area/database
area/desktop
area/docker
area/email
area/favorites
area/filters
area/frontend
area/gantt
area/i18n
area/import-export
area/internal-code
area/kanban
area/labels
area/list-view
area/mobile
area/notifications
area/permissions
area/projects
area/pwa
area/recurring-tasks
area/reminders
area/search
area/shortcuts
area/subtasks
area/sync
area/table-view
area/task-editor
area/task-metadata
area/task-relations
area/teams
area/theming
area/time-tracking
area/typesense
area/views
area/webhooks
bug
changes requested
concern/accessibility
concern/performance
concern/regression
concern/ux
confirmed
db/mysql
dependencies
enhancement
good first issue
help wanted
integration/inbound
integration/outbound
kind/bug
kind/feature
needs reproduction
pull-request
Mirrored from GitHub Pull Request
 question
security
support
upstream issue
waiting for reply
wontfix
No Label
Milestone
No items
No Milestone
Projects
Clear projects
No project
Assignees
Clear assignees
GiteaMirror ninjasurge
No Assignees
1 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: github-starred/vikunja#6566
Delete Branch "%!s()"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?