Crowdsec been great i but container restart when configuring notifications

I am using the docker container crowdsecurity/crowdsec in unraid. All been fine for a long while but now moving stuff off Cloudflare and back to nginx so I wanted to get some notifications happening. I read all the doco and made these changes - But the container restarts over and over once the notifications is enabled and restarted… Logs dont seem too useful - just this thing - api server init: unable to run plugin broker: while loading plugin: while getting current user: user

New users cant post much info here it seems… so pulling out the two yaml snippits

profiles.yaml -

 - email_default
on_success: break
smtp_username: mygmail 
smtp_password: my-app-password 
smtp_port: 587
auth_type: login
sender_name: CrowdSec
sender_email: my-gmail 
email_subject: Crowdsec-Security-Notification
- my-gmail
# One of "ssltls", "none"
encryption_type: ssltls

The logs are stating that the current configured notification user within /etc/crowdsec/config.yaml isnt a user that exists within the container itself.

normally it default to

  user: nobody # plugin process would be ran on behalf of this user
  group: nogroup # plugin process would be ran on behalf of this group

but if you switch from alpine to debian based container these may not exist, so my suggestion comment out the notification get the container running exec into the container and check if the configured user and group exists

Thanks for the assist.
I can see its set to nobody/nobody.

This is the container installed from the unraid community app store and I have no idea what it is based on.

I have limited experience with unraid and their dockers but I know that unraid’s default is nobody/users, and that the appdata/crowdsec folder is owned by nobody/users. And all the files/folder under there are owned by nobody/users.

I can get into the container, but dont know how to check if the configured user and group exists you you said.

You can run the following commands

id nobody
grep "^nobody:" /etc/group

If their command returns an error then the group/id doesnt exist

in my previous experience it most likely the group is incorrect and should be nogroup instead

This is the output - again - thanks.


There is a nogroup in there also…

I tried a vi on /etc/passwd to change the group like you said - but permission denied…
Am I on the right track through ?

Hmm maybe im mistaken then, as both user and group both exist.

Are you sure you are executing these within the crowdsec container and not on unraid itself?

Yep - opening console on the container, then running.

groups -

Interesting… hmmm, could you run whoami within the container


Could you grab a list of running processes?

ps aux | grep crowdsec

I think the issue may be the container is running as an unknown user so it cannot execute a sub process since the uid is not found

Sorry for the late reply - time diff - as I am in Australia.


All good! hmmm okay so the container is configured to run as user 99 and that user doesnt exist within the container scope so my guess is when it is trying to exec a subprocess because it cant verify the current running user it just fails.

Do you have control over which UID the container runs as?

I think in other containers they have a user and group setting in unraid. I seem to remember 100 and 99 for some. my emby container for example has this :slight_smile:

Is that what you mean ?

I just checked the crowdsec container settings, and in its xtra parameters, it has this - which I thin is the same thing :slight_smile:
restart=unless-stopped --memory=2G --user 99:100

Yes, cause the user doesnt exist the 99/100 might cause issues. So you either need to choose a user that exists on host and within the container scope or just revert to 0:0 as that is root

Thanks again -
I set it to 0:0 and restarted the container - check.
Edited the profiles.yaml to turn nofications on - restarted - checked logs - Still running - check
So I am past that issue now with your help.

I guess I will wait for a decision to fire and hopefully see the email…

Not exactly sure when the emails should come in ?
Is it when there is a decision ?
I got one but no email and no error in the log - as if it did not try to send anything.