Crowdsec been great i but container restart when configuring notifications

vw-kombi · June 15, 2024, 1:53am

I am using the docker container crowdsecurity/crowdsec in unraid. All been fine for a long while but now moving stuff off Cloudflare and back to nginx so I wanted to get some notifications happening. I read all the doco and made these changes - But the container restarts over and over once the notifications is enabled and restarted… Logs dont seem too useful - just this thing - api server init: unable to run plugin broker: while loading plugin: while getting current user: user

New users cant post much info here it seems… so pulling out the two yaml snippits

profiles.yaml -

notifications:
 - email_default
on_success: break

vw-kombi · June 15, 2024, 1:55am

smtp_host: smtp.gmail.com
smtp_username: mygmail 
smtp_password: my-app-password 
smtp_port: 587
auth_type: login
sender_name: CrowdSec
sender_email: my-gmail 
email_subject: Crowdsec-Security-Notification
receiver_emails:
- my-gmail
# One of "ssltls", "none"
encryption_type: ssltls

iiAmLoz · June 15, 2024, 7:40am

The logs are stating that the current configured notification user within /etc/crowdsec/config.yaml isnt a user that exists within the container itself.

normally it default to

plugin_config:
  user: nobody # plugin process would be ran on behalf of this user
  group: nogroup # plugin process would be ran on behalf of this group

but if you switch from alpine to debian based container these may not exist, so my suggestion comment out the notification get the container running exec into the container and check if the configured user and group exists

vw-kombi · June 15, 2024, 8:40am

Thanks for the assist.
I can see its set to nobody/nobody.

This is the container installed from the unraid community app store and I have no idea what it is based on.

I have limited experience with unraid and their dockers but I know that unraid’s default is nobody/users, and that the appdata/crowdsec folder is owned by nobody/users. And all the files/folder under there are owned by nobody/users.

I can get into the container, but dont know how to check if the configured user and group exists you you said.

iiAmLoz · June 15, 2024, 8:57am

You can run the following commands

id nobody
grep "^nobody:" /etc/group

If their command returns an error then the group/id doesnt exist

in my previous experience it most likely the group is incorrect and should be nogroup instead

vw-kombi · June 15, 2024, 9:18am

This is the output - again - thanks.

vw-kombi · June 15, 2024, 9:19am

There is a nogroup in there also…

vw-kombi · June 15, 2024, 9:23am

I tried a vi on /etc/passwd to change the group like you said - but permission denied…
Am I on the right track through ?

iiAmLoz · June 15, 2024, 9:31am

Hmm maybe im mistaken then, as both user and group both exist.

Are you sure you are executing these within the crowdsec container and not on unraid itself?

vw-kombi · June 15, 2024, 9:42am

Yep - opening console on the container, then running.

groups -

iiAmLoz · June 15, 2024, 9:49am

Interesting… hmmm, could you run whoami within the container

vw-kombi · June 15, 2024, 10:18am

iiAmLoz · June 15, 2024, 12:07pm

Could you grab a list of running processes?

ps aux | grep crowdsec

I think the issue may be the container is running as an unknown user so it cannot execute a sub process since the uid is not found

vw-kombi · June 16, 2024, 12:23am

Sorry for the late reply - time diff - as I am in Australia.

iiAmLoz · June 16, 2024, 8:01am

All good! hmmm okay so the container is configured to run as user 99 and that user doesnt exist within the container scope so my guess is when it is trying to exec a subprocess because it cant verify the current running user it just fails.

Do you have control over which UID the container runs as?

vw-kombi · June 16, 2024, 9:22am

I think in other containers they have a user and group setting in unraid. I seem to remember 100 and 99 for some. my emby container for example has this

Is that what you mean ?

vw-kombi · June 16, 2024, 9:23am

I just checked the crowdsec container settings, and in its xtra parameters, it has this - which I thin is the same thing
restart=unless-stopped --memory=2G --user 99:100

iiAmLoz · June 17, 2024, 8:04am

Yes, cause the user doesnt exist the 99/100 might cause issues. So you either need to choose a user that exists on host and within the container scope or just revert to 0:0 as that is root

vw-kombi · June 18, 2024, 12:02am

Thanks again -
I set it to 0:0 and restarted the container - check.
Edited the profiles.yaml to turn nofications on - restarted - checked logs - Still running - check
So I am past that issue now with your help.

I guess I will wait for a decision to fire and hopefully see the email…

vw-kombi · June 18, 2024, 12:16am

Not exactly sure when the emails should come in ?
Is it when there is a decision ?
I got one but no email and no error in the log - as if it did not try to send anything.

Topic		Replies	Views
Docker confused crowdsec	2	878	October 29, 2023
No alert/decisions on crowdsec docker-Unraid crowdsec	0	118	October 15, 2024
Container not creating files and folders when started crowdsec	7	3917	January 3, 2022
Crowdsec Postgresql and Kubernetes crowdsec	7	2046	October 28, 2021
Crowdsec Docker Container Crashed after File Upload Nextcloud crowdsec	1	24	March 3, 2025

Crowdsec been great i but container restart when configuring notifications

Related topics