Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

LOG_TO_STDOUT="true" doesn't work for user scripts executed by transmission (non-root user) #2853

Open
7 of 8 tasks
grsjst opened this issue Jun 11, 2024 · 2 comments
Open
7 of 8 tasks

Comments

@grsjst
Copy link

grsjst commented Jun 11, 2024

Is there a pinned issue for this?

  • I have read the pinned issues and could not find my issue

Is there an existing or similar issue/discussion for this?

  • I have searched the existing issues
  • I have searched the existing discussions

Is there any comment in the documentation for this?

  • I have read the documentation, especially the FAQ and Troubleshooting parts

Is this related to a provider?

  • I have checked the provider repo for issues
  • My issue is NOT related to a provider

Are you using the latest release?

  • I am using the latest release

Have you tried using the dev branch latest?

  • I have tried using dev branch

Docker run config used

version: '3.3'
services:
transmission-openvpn:
cap_add:
- NET_ADMIN
volumes:
- nfs-video:/data
- ./config:/config
- ./script:/script
- ./xxx/:/etc/openvpn/custom
environment:
- PUID=5000
- PGID=15000
- GLOBAL_APPLY_PERMISSIONS=true
- OPENVPN_PROVIDER=custom
- OPENVPN_CONFIG=xxx
- OPENVPN_USERNAME=xxx
- OPENVPN_PASSWORD=xxx
- LOCAL_NETWORK=xxx
- OPENVPN_OPTS=--inactive 3600 --ping 10 --ping-exit 60
- TZ=xxx
- LOG_TO_STDOUT=true
- TRANSMISSION_LOG_LEVEL=info
- TRANSMISSION_DOWNLOAD_DIR=/data/Transmission/downloads
- TRANSMISSION_INCOMPLETE_DIR=/data/Transmission/incomplete
- TRANSMISSION_SCRIPT_TORRENT_DONE_ENABLED=true
- TRANSMISSION_SCRIPT_TORRENT_DONE_FILENAME="/script/bin/script-torrent-done"
- TRANSMISSION_SCRIPT_TORRENT_ADDED_ENABLED=true
- TRANSMISSION_SCRIPT_TORRENT_ADDED_FILENAME="/script/bin/script-torrent-added"
logging:
driver: json-file
options:
max-size: 10m
ports:
- '9091:9091'
image: haugene/transmission-openvpn
restart: unless-stopped

Current Behavior

I am running Transmission as a non-root user (using PUID and PGID) and have set LOG_TO_STDOUT=true

Transmission allows executing user scripts on particular events, such as "torrent added", or "torrent completed" (see https://github.com/transmission/transmission/blob/main/docs/Editing-Configuration-Files.md).

my user script ("script-torrent-done") prints messages to stdout (e.g. echo "script started"). However, these messages do not appear (as expected) in the docker log.

Expected Behavior

I expect the logging messages from a user script executed by the transmission (and send to stdout) to appear in the docker logs

How have you tried to solve the problem?

  1. echo "aaaa" >> /proc/1/fd/1 works for the root user, but non-root user results in an error
  2. https://serverfault.com/questions/599103/make-a-docker-application-write-to-stdout/932888#932888 documents the issue, and possibly has a solution

Log output

note IP network info removed from

docker compose logs --follow
transmission-openvpn-1 | Starting container with revision: 07f5a2b
transmission-openvpn-1 | TRANSMISSION_HOME is currently set to: /config/transmission-home
transmission-openvpn-1 | Creating TUN device /dev/net/tun
transmission-openvpn-1 | Using OpenVPN provider: CUSTOM
transmission-openvpn-1 | Running with VPN_CONFIG_SOURCE auto
transmission-openvpn-1 | CUSTOM provider specified but not using default.ovpn, will try to find a valid config mounted to /etc/openvpn/custom

transmission-openvpn-1 | Modification: Point auth-user-pass option to the username/password file
transmission-openvpn-1 | Modification: Change ca certificate path
transmission-openvpn-1 | Modification: Change ping options
transmission-openvpn-1 | Modification: Update/set resolv-retry to 15 seconds
transmission-openvpn-1 | Modification: Change tls-crypt keyfile path
transmission-openvpn-1 | Modification: Set output verbosity to 3
transmission-openvpn-1 | Modification: Remap SIGUSR1 signal to SIGTERM, avoid OpenVPN restart loop
filebot-node | ENVIRONMENT {
filebot-node | FILEBOT_NODE_HOME: '/opt/filebot-node',
filebot-node | SUDO_GID: '0',
filebot-node | PUSER: 'filebot',
filebot-node | PGROUP: 'filebot',
filebot-node | FILEBOT_NODE_SHA256: 'cb799aa3cd9ea333277b7d657336a60ae7cfbe24afb54b77324b695083e744a2',
filebot-node | USER: 'filebot',
filebot-node | FILEBOT_CMD_UID: '5001',
filebot-node | HOSTNAME: '19551fb4e330',
filebot-node | HOME: '/data/filebot',
filebot-node | OLDPWD: '/',
filebot-node | FILEBOT_TASK_CMD: '/opt/filebot-node/task',
filebot-node | FILEBOT_NODE_AUTH: 'NONE',
filebot-node | PGID: '15000',
filebot-node | FILEBOT_NODE_HTTP_PORT: '5452',
transmission-openvpn-1 | Modification: Updating status for config failure detection
transmission-openvpn-1 | Setting OpenVPN credentials...

transmission-openvpn-1 | 2024-06-11 14:00:46 DEPRECATED OPTION: ncp-disable. Disabling cipher negotiation is a deprecated debug feature that will be removed in OpenVPN 2.6
transmission-openvpn-1 | 2024-06-11 14:00:46 DEPRECATED OPTION: --cipher set to 'AES-256-CBC' but missing in --data-ciphers (AES-256-GCM:AES-128-GCM). Future OpenVPN version will ignore --cipher for cipher negotiations. Add 'AES-256-CBC' to --data-ciphers or change --cipher 'AES-256-CBC' to --data-ciphers-fallback 'AES-256-CBC' to silence this warning.
transmission-openvpn-1 | 2024-06-11 14:00:46 WARNING: file '/etc/openvpn/custom/client.key' is group or others accessible
transmission-openvpn-1 | 2024-06-11 14:00:46 OpenVPN 2.5.9 x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] built on Sep 29 2023
transmission-openvpn-1 | 2024-06-11 14:00:46 library versions: OpenSSL 3.0.2 15 Mar 2022, LZO 2.10
transmission-openvpn-1 | 2024-06-11 14:00:46 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
transmission-openvpn-1 | 2024-06-11 14:00:46 TCP/UDP: Preserving recently used remote address: [AF_INET]191.96.168.156:443
transmission-openvpn-1 | 2024-06-11 14:00:46 Socket Buffers: R=[212992->212992] S=[212992->212992]
transmission-openvpn-1 | 2024-06-11 14:00:46 UDP link local: (not bound)
e2bff2e4
transmission-openvpn-1 | 2024-06-11 14:00:46 WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this

transmission-openvpn-1 | 2024-06-11 14:00:46 VERIFY KU OK
transmission-openvpn-1 | 2024-06-11 14:00:46 Validating certificate extended key usage
filebot-node | SUDO_UID: '0',
filebot-node | LOGNAME: 'filebot',
filebot-node | TERM: 'unknown',
filebot-node | FILEBOT_NODE_VERSION: '0.4.6',
filebot-node | FILEBOT_VERSION: '5.1.3',
filebot-node | PATH: '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/snap/bin',
filebot-node | FILEBOT_NODE_HOST: '0.0.0.0',
filebot-node | FILEBOT_NODE_HTTP: 'YES',
filebot-node | LANG: 'C.UTF-8',
filebot-node | FILEBOT_NODE_URL: 'https://github.com/filebot/filebot-node/releases/download/0.4.6/filebot-node_0.4.6.tar.xz',
filebot-node | FILEBOT_NODE_DATA: '/data/filebot/node',
filebot-node | PUID: '5001',
filebot-node | SUDO_COMMAND: '/opt/bin/run /opt/filebot-node/start',
filebot-node | SHELL: '/bin/bash',
filebot-node | FILEBOT_CMD_GID: '15000',
filebot-node | SUDO_USER: 'root',
filebot-node | PWD: '/data/filebot',
filebot-node | FILEBOT_CMD: 'filebot',
filebot-node | FILEBOT_NODE_CLIENT: '/opt/filebot-node/client',
filebot-node | FILEBOT_CMD_CWD: '/'
filebot-node | }
filebot-node | STATUS {
filebot-node | pid: 46,
filebot-node | node: 'v20.14.0',
filebot-node | uptime: '0',
filebot-node | date: 'Tue, 11 Jun 2024 12:00:46 GMT'
filebot-node | }
filebot-node | USER { UID: 5001, GID: 15000 }
filebot-node | filebot-node listening at http://0.0.0.0:5452/
transmission-openvpn-1 | 2024-06-11 14:00:46 ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication
transmission-openvpn-1 | 2024-06-11 14:00:46 VERIFY EKU OK

transmission-openvpn-1 | 2024-06-11 14:00:46 WARNING: 'link-mtu' is used inconsistently, local='link-mtu 1569', remote='link-mtu 1553'
transmission-openvpn-1 | 2024-06-11 14:00:46 WARNING: 'keysize' is used inconsistently, local='keysize 256', remote='keysize 128'
transmission-openvpn-1 | 2024-06-11 14:00:46 Control Channel: TLSv1.3, cipher TLSv1.3 TLS_AES_256_GCM_SHA384, peer certificate: 4096 bit RSA, signature: RSA-SHA256

transmission-openvpn-1 | 2024-06-11 14:00:46 OPTIONS IMPORT: timers and/or timeouts modified
transmission-openvpn-1 | 2024-06-11 14:00:46 OPTIONS IMPORT: --ifconfig/up options modified
transmission-openvpn-1 | 2024-06-11 14:00:46 OPTIONS IMPORT: route options modified
transmission-openvpn-1 | 2024-06-11 14:00:46 OPTIONS IMPORT: route-related options modified
transmission-openvpn-1 | 2024-06-11 14:00:46 OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified
transmission-openvpn-1 | 2024-06-11 14:00:46 OPTIONS IMPORT: peer-id set
transmission-openvpn-1 | 2024-06-11 14:00:46 OPTIONS IMPORT: adjusting link_mtu to 1624
transmission-openvpn-1 | 2024-06-11 14:00:46 Outgoing Data Channel: Cipher 'AES-256-CBC' initialized with 256 bit key
transmission-openvpn-1 | 2024-06-11 14:00:46 Outgoing Data Channel: Using 256 bit message hash 'SHA256' for HMAC authentication
transmission-openvpn-1 | 2024-06-11 14:00:46 Incoming Data Channel: Cipher 'AES-256-CBC' initialized with 256 bit key
transmission-openvpn-1 | 2024-06-11 14:00:46 Incoming Data Channel: Using 256 bit message hash 'SHA256' for HMAC authentication

transmission-openvpn-1 | 2024-06-11 14:00:46 GDG6: remote_host_ipv6=n/a
transmission-openvpn-1 | 2024-06-11 14:00:46 net_route_v6_best_gw query: dst ::
transmission-openvpn-1 | 2024-06-11 14:00:46 sitnl_send: rtnl: generic error (-101): Network is unreachable
transmission-openvpn-1 | 2024-06-11 14:00:46 ROUTE6: default_gateway=UNDEF
transmission-openvpn-1 | 2024-06-11 14:00:46 TUN/TAP device tun0 opened
transmission-openvpn-1 | 2024-06-11 14:00:46 net_iface_mtu_set: mtu 1500 for tun0
transmission-openvpn-1 | 2024-06-11 14:00:46 net_iface_up: set tun0 up
metric -1

transmission-openvpn-1 | 2024-06-11 14:00:51 WARNING: OpenVPN was configured to add an IPv6 route. However, no IPv6 has been configured for tun0, therefore the route installation may fail or may not work as expected.
transmission-openvpn-1 | 2024-06-11 14:00:51 add_route_ipv6(2000::/3 -> :: metric -1) dev tun0
transmission-openvpn-1 | 2024-06-11 14:00:51 net_route_v6_add: 2000::/3 via :: dev tun0 table 0 metric -1

transmission-openvpn-1 | Will exec Transmission with '--log-level=info' argument
transmission-openvpn-1 | Enforcing ownership on transmission directories
transmission-openvpn-1 | Applying permissions to transmission directories
transmission-openvpn-1 | Setting owner for transmission paths to 5000:15000
transmission-openvpn-1 | Setting permissions for download and incomplete directories
transmission-openvpn-1 | umask: 2
transmission-openvpn-1 | Directories: 775
transmission-openvpn-1 | Files: 664
transmission-openvpn-1 | Setting permission for watch directory (775) and its files (664)
transmission-openvpn-1 |
transmission-openvpn-1 | -------------------------------------
transmission-openvpn-1 | Transmission will run as
transmission-openvpn-1 | -------------------------------------
transmission-openvpn-1 | User name: abc
transmission-openvpn-1 | User uid: 5000
transmission-openvpn-1 | User gid: 15000
transmission-openvpn-1 | -------------------------------------
transmission-openvpn-1 |
transmission-openvpn-1 | Updating Transmission settings.json with values from env variables
transmission-openvpn-1 | Attempting to use existing settings.json for Transmission
transmission-openvpn-1 | Successfully used existing settings.json /config/transmission-home/settings.json
transmission-openvpn-1 | Overriding bind-address-ipv4 because TRANSMISSION_BIND_ADDRESS_IPV4 is set to 10.48.4.56
transmission-openvpn-1 | Overriding download-dir because TRANSMISSION_DOWNLOAD_DIR is set to /data/Transmission/downloads
transmission-openvpn-1 | Overriding incomplete-dir because TRANSMISSION_INCOMPLETE_DIR is set to /data/Transmission/incomplete
transmission-openvpn-1 | Overriding rpc-password because TRANSMISSION_RPC_PASSWORD is set to [REDACTED]
transmission-openvpn-1 | Overriding rpc-port because TRANSMISSION_RPC_PORT is set to 9091
transmission-openvpn-1 | Overriding rpc-username because TRANSMISSION_RPC_USERNAME is set to
transmission-openvpn-1 | Overriding script-torrent-added-enabled because TRANSMISSION_SCRIPT_TORRENT_ADDED_ENABLED is set to true
transmission-openvpn-1 | Overriding script-torrent-added-filename because TRANSMISSION_SCRIPT_TORRENT_ADDED_FILENAME is set to /script/bin/script-torrent-added
transmission-openvpn-1 | Overriding script-torrent-done-enabled because TRANSMISSION_SCRIPT_TORRENT_DONE_ENABLED is set to true
transmission-openvpn-1 | Overriding script-torrent-done-filename because TRANSMISSION_SCRIPT_TORRENT_DONE_FILENAME is set to /script/bin/script-torrent-done
transmission-openvpn-1 | Overriding watch-dir because TRANSMISSION_WATCH_DIR is set to /data/watch
transmission-openvpn-1 | sed'ing True to true
transmission-openvpn-1 | STARTING TRANSMISSION
transmission-openvpn-1 | Transmission startup script complete.
transmission-openvpn-1 | 2024-06-11 14:00:52 Initialization Sequence Completed
transmission-openvpn-1 | [2024-06-11 14:00:53.351] inf session.cc:646 Transmission version 4.0.5 (a6fe2a64aa) starting (session.cc:646)
transmission-openvpn-1 | [2024-06-11 14:00:53.351] inf session.cc:404 Listening to incoming peer connections on [10.48.4.56]:51413 (session.cc:404)
transmission-openvpn-1 | [2024-06-11 14:00:53.351] inf session.cc:404 Listening to incoming peer connections on [::]:51413 (session.cc:404)

transmission-openvpn-1 | [2024-06-11 14:00:53.351] inf tr-udp.cc:202 Bound UDP IPv6 address [::]:51413 (tr-udp.cc:202)
transmission-openvpn-1 | [2024-06-11 14:00:53.351] inf rpc-server.cc:763 Added '127.0.0.1' to host whitelist (rpc-server.cc:763)
transmission-openvpn-1 | [2024-06-11 14:00:53.351] inf rpc-server.cc:763 Added '::1' to host whitelist (rpc-server.cc:763)
transmission-openvpn-1 | [2024-06-11 14:00:53.351] inf rpc-server.cc:907 Serving RPC and Web requests on 0.0.0.0:9091/transmission/ (rpc-server.cc:907)
transmission-openvpn-1 | [2024-06-11 14:00:53.351] inf rpc-server.cc:713 Listening for RPC and Web requests on '0.0.0.0:9091' (rpc-server.cc:713)
transmission-openvpn-1 | [2024-06-11 14:00:53.351] inf rpc-server.cc:923 Serving RPC and Web requests from '/usr/local/share/transmission/public_html' (rpc-server.cc:923)
transmission-openvpn-1 | [2024-06-11 14:00:53.351] inf daemon.cc:715 Loading settings from '/config/transmission-home' (daemon.cc:715)

HW/SW Environment

- OS: Ubuntu 24.04
- Docker:Docker version 26.1.4, build 5650f9b

Anything else?

No response

@DriesSchaumont
Copy link

What LOG_TO_STDOUT does is:

  1. Change the owner of /dev/stdout
  2. Set --logfile argument for the transmission-daemon command to /dev/stdout.

What happens when you set LOG_TO_STDOUT=false, does output from your script appear in config/transmission-home/transmission.log?

@grsjst
Copy link
Author

grsjst commented Jan 4, 2025

Dear Dries,

Thanks for picking this up!

Setting LOG_TO_STDOUT=false makes me receive the log messages from transmission to config/transmission-home/transmission.log, but not the output from my script (a simple echo message).

I did investigate further back in June and managed to make it (kind of) work. I don't recall the details, but I found the process executing the user defined script doesn't have the right permission to write to /dev/stdout

the work around i used (fragment copied below) creates a pipe (as root user) and copies all input it receives to stdout

# scripts/transmission-post-start.sh
mkfifo /tmp/stdout 
chown 5000:15000 /tmp/stdout #  PUID=5000, PGID=15000 in docker-compose.yml (service transmission)
bash -c "while true; do cat /tmp/stdout >&1; sleep 1; done" &
# scripts/script-torrent-done
echo "my script" >> /tmp/stdout

i am open to a more elegant solution :)

thanks,
j

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

2 participants