Which package is this bug report for? If unsure which one to select, leave blank
None
Issue description
In my crawlee k8 setup, I have a persistent volume mounted at /home/myuser/storage (the reason I do this is so if a pod churns before it finishes a scrape, any pod can pick up where it left off). One quirk of this is that I need the UID and GID of the volume mount to match the myuser user that the crawlee docker image sets up.
I attempted to update my crawlee docker image from apify/actor-node-playwright-chrome:22-1.52.0 to apify/actor-node-playwright-chrome:24-1.58.1 but started getting permission errors from my storage mount. I traced it back to that at some point between these two versions, the uid and gid of the myuser user changed from 997:997 to 996:996
The exact value isnt important but its inconvenient if it floats as it can cause strange bugs like this.
The issue is in layer 19 of the dockerfile
RUN /bin/bash -o pipefail -c apt update && apt install --fix-missing -yq --no-install-recommends xvfb xauth wget curl git ca-certificates procps gnupg unzip && wget -qO- https://dl-ssl.google.com/linux/linux_signing_key.pub | gpg --dearmor | tee /usr/share/keyrings/google-linux-signing.gpg > /dev/null && sh -c 'echo "deb [arch=amd64 signed-by=/usr/share/keyrings/google-linux-signing.gpg] http://dl.google.com/linux/chrome/deb/ stable main" >> /etc/apt/sources.list.d/google-chrome.list' && apt update && apt install -y --no-install-recommends google-chrome-stable fonts-freefont-ttf fonts-kacst-one fonts-thai-tlwg fonts-wqy-zenhei && npx playwright install-deps chrome && npx playwright install chrome && npx playwright install chromium && ln -s ${PLAYWRIGHT_BROWSERS_PATH}/chromium-*/chrome-linux*/chrome ${PLAYWRIGHT_BROWSERS_PATH}/ && mkdir -p /etc/default && echo 'repo_add_once=false' > /etc/default/google-chrome && mkdir -p /etc/opt/chrome/policies/managed && echo '{ "CommandLineFlagSecurityWarningsEnabled": false }' > /etc/opt/chrome/policies/managed/managed_policies.json && echo '{ "ComponentUpdatesEnabled": false }' > /etc/opt/chrome/policies/managed/component_update.json && groupadd -r myuser && useradd -r -g myuser -G audio,video myuser && mkdir -p /home/myuser/Downloads && chown -R myuser:myuser /home/myuser && npm config --global set update-notifier false && rm -rf /var/lib/apt/lists/* && rm -rf /src/*.deb && apt clean -y && apt autoremove -y && rm -rf /root/.npm && mkdir -p /tmp/.X11-unix && chmod 1777 /tmp/.X11-unix # buildkit
changing it to
... && groupadd --system --gid <gid> myuser && useradd --system --uid <uid> --gid <gid> ...
should do the trick
Code sample
On apify/actor-node-playwright-chrome:22-1.52.0
$ cat /etc/passwd
#root:x:0:0:root:/root:/bin/bash
daemon:x:1:1:daemon:/usr/sbin:/usr/sbin/nologin
bin:x:2:2:bin:/bin:/usr/sbin/nologin
sys:x:3:3:sys:/dev:/usr/sbin/nologin
sync:x:4:65534:sync:/bin:/bin/sync
games:x:5:60:games:/usr/games:/usr/sbin/nologin
man:x:6:12:man:/var/cache/man:/usr/sbin/nologin
lp:x:7:7:lp:/var/spool/lpd:/usr/sbin/nologin
mail:x:8:8:mail:/var/mail:/usr/sbin/nologin
news:x:9:9:news:/var/spool/news:/usr/sbin/nologin
uucp:x:10:10:uucp:/var/spool/uucp:/usr/sbin/nologin
proxy:x:13:13:proxy:/bin:/usr/sbin/nologin
www-data:x:33:33:www-data:/var/www:/usr/sbin/nologin
backup:x:34:34:backup:/var/backups:/usr/sbin/nologin
list:x:38:38:Mailing List Manager:/var/list:/usr/sbin/nologin
irc:x:39:39:ircd:/run/ircd:/usr/sbin/nologin
_apt:x:42:65534::/nonexistent:/usr/sbin/nologin
nobody:x:65534:65534:nobody:/nonexistent:/usr/sbin/nologin
node:x:1000:1000::/home/node:/bin/bash
systemd-network:x:998:998:systemd Network Management:/:/usr/sbin/nologin
messagebus:x:100:101::/nonexistent:/usr/sbin/nologin
myuser:x:997:997::/home/myuser:/bin/sh
On apify/actor-node-playwright-chrome:24-1.58.1
$ cat /etc/passwd
root:x:0:0:root:/root:/bin/bash
daemon:x:1:1:daemon:/usr/sbin:/usr/sbin/nologin
bin:x:2:2:bin:/bin:/usr/sbin/nologin
sys:x:3:3:sys:/dev:/usr/sbin/nologin
sync:x:4:65534:sync:/bin:/bin/sync
games:x:5:60:games:/usr/games:/usr/sbin/nologin
man:x:6:12:man:/var/cache/man:/usr/sbin/nologin
lp:x:7:7:lp:/var/spool/lpd:/usr/sbin/nologin
mail:x:8:8:mail:/var/mail:/usr/sbin/nologin
news:x:9:9:news:/var/spool/news:/usr/sbin/nologin
uucp:x:10:10:uucp:/var/spool/uucp:/usr/sbin/nologin
proxy:x:13:13:proxy:/bin:/usr/sbin/nologin
www-data:x:33:33:www-data:/var/www:/usr/sbin/nologin
backup:x:34:34:backup:/var/backups:/usr/sbin/nologin
list:x:38:38:Mailing List Manager:/var/list:/usr/sbin/nologin
irc:x:39:39:ircd:/run/ircd:/usr/sbin/nologin
_apt:x:42:65534::/nonexistent:/usr/sbin/nologin
nobody:x:65534:65534:nobody:/nonexistent:/usr/sbin/nologin
node:x:1000:1000::/home/node:/bin/bash
systemd-network:x:998:998:systemd Network Management:/:/usr/sbin/nologin
messagebus:x:997:997:System Message Bus:/nonexistent:/usr/sbin/nologin
myuser:x:996:996::/home/myuser:/bin/sh
The last two entries are different:
`messagebus:x:100:101::/nonexistent:/usr/sbin/nologin` to
`messagebus:x:997:997:System Message Bus:/nonexistent:/usr/sbin/nologin`
`myuser:x:997:997::/home/myuser:/bin/sh` to
`myuser:x:996:996::/home/myuser:/bin/sh`
Package version
3.15.3
Node.js version
24
Operating system
Kubernetes/linux
Apify platform
I have tested this on the next release
NA
Other context
No response
Which package is this bug report for? If unsure which one to select, leave blank
None
Issue description
In my crawlee k8 setup, I have a persistent volume mounted at
/home/myuser/storage(the reason I do this is so if a pod churns before it finishes a scrape, any pod can pick up where it left off). One quirk of this is that I need the UID and GID of the volume mount to match themyuseruser that the crawlee docker image sets up.I attempted to update my crawlee docker image from
apify/actor-node-playwright-chrome:22-1.52.0toapify/actor-node-playwright-chrome:24-1.58.1but started getting permission errors from my storage mount. I traced it back to that at some point between these two versions, the uid and gid of the myuser user changed from997:997to996:996The exact value isnt important but its inconvenient if it floats as it can cause strange bugs like this.
The issue is in layer 19 of the dockerfile
RUN /bin/bash -o pipefail -c apt update && apt install --fix-missing -yq --no-install-recommends xvfb xauth wget curl git ca-certificates procps gnupg unzip && wget -qO- https://dl-ssl.google.com/linux/linux_signing_key.pub | gpg --dearmor | tee /usr/share/keyrings/google-linux-signing.gpg > /dev/null && sh -c 'echo "deb [arch=amd64 signed-by=/usr/share/keyrings/google-linux-signing.gpg] http://dl.google.com/linux/chrome/deb/ stable main" >> /etc/apt/sources.list.d/google-chrome.list' && apt update && apt install -y --no-install-recommends google-chrome-stable fonts-freefont-ttf fonts-kacst-one fonts-thai-tlwg fonts-wqy-zenhei && npx playwright install-deps chrome && npx playwright install chrome && npx playwright install chromium && ln -s ${PLAYWRIGHT_BROWSERS_PATH}/chromium-*/chrome-linux*/chrome ${PLAYWRIGHT_BROWSERS_PATH}/ && mkdir -p /etc/default && echo 'repo_add_once=false' > /etc/default/google-chrome && mkdir -p /etc/opt/chrome/policies/managed && echo '{ "CommandLineFlagSecurityWarningsEnabled": false }' > /etc/opt/chrome/policies/managed/managed_policies.json && echo '{ "ComponentUpdatesEnabled": false }' > /etc/opt/chrome/policies/managed/component_update.json && groupadd -r myuser && useradd -r -g myuser -G audio,video myuser && mkdir -p /home/myuser/Downloads && chown -R myuser:myuser /home/myuser && npm config --global set update-notifier false && rm -rf /var/lib/apt/lists/* && rm -rf /src/*.deb && apt clean -y && apt autoremove -y && rm -rf /root/.npm && mkdir -p /tmp/.X11-unix && chmod 1777 /tmp/.X11-unix # buildkitchanging it to
... && groupadd --system --gid <gid> myuser && useradd --system --uid <uid> --gid <gid> ...should do the trick
Code sample
Package version
3.15.3
Node.js version
24
Operating system
Kubernetes/linux
Apify platform
I have tested this on the
nextreleaseNA
Other context
No response