[GH-ISSUE #606] Add user: "${UID}:${GID}" in compose.yaml #387

New issue

Closed

opened 2026-03-02 11:49:23 +03:00 by kerem · 10 comments

kerem commented 2026-03-02 11:49:23 +03:00

Owner

Copy link

Originally created by @Ronaldvr on GitHub (Oct 31, 2024).
Original GitHub issue: https://github.com/karakeep-app/karakeep/issues/606

Describe the feature you'd like

When experimenting with hoarder I found that deleting documents in the mounted directories was impossible without root access. This means the images are mounted with the root (1000) user. A simple solution is using the
user: "${UID}:${GID}"
in the yaml and adding those variables to the .env file
As explained for instance her: https://stackoverflow.com/questions/40462189/docker-compose-set-user-and-group-on-mounted-volume

Describe the benefits this would bring to existing Hoarder users

Not only is this strongly recommended behaviour these days https://www.howtogeek.com/devops/why-processes-in-docker-containers-shouldnt-run-as-root/ it is easier and safer.

Can the goal of this request already be achieved via other means?

No

Have you searched for an existing open/closed issue?

• I have searched for existing issues and none cover my fundamental request

Additional context

No response

Originally created by @Ronaldvr on GitHub (Oct 31, 2024). Original GitHub issue: https://github.com/karakeep-app/karakeep/issues/606 ### Describe the feature you'd like When experimenting with hoarder I found that deleting documents in the mounted directories was impossible without root access. This means the images are mounted with the root (1000) user. A simple solution is using the user: "${UID}:${GID}" in the yaml and adding those variables to the .env file As explained for instance her: https://stackoverflow.com/questions/40462189/docker-compose-set-user-and-group-on-mounted-volume ### Describe the benefits this would bring to existing Hoarder users Not only is this strongly recommended behaviour these days https://www.howtogeek.com/devops/why-processes-in-docker-containers-shouldnt-run-as-root/ it is easier and safer. ### Can the goal of this request already be achieved via other means? No ### Have you searched for an existing open/closed issue? - [X] I have searched for existing issues and none cover my fundamental request ### Additional context _No response_

kerem 2026-03-02 11:49:23 +03:00

• closed this issue
• added the
  feature request
  pri/high
  status/approved
  labels

kerem commented 2026-03-02 11:49:24 +03:00

Author

Owner

Copy link

@bishtawi commented on GitHub (Dec 4, 2024):

Support for running the image as non-root would be greatly appriciated. When I attempt to run the image as user 1000:1000, I get the following error:

s6-rc: info: service s6rc-oneshot-runner: starting
s6-rc: info: service s6rc-oneshot-runner successfully started
s6-rc: info: service fix-attrs: starting
s6-rc: info: service init-db-migration: starting
Running db migration script
s6-rc: info: service fix-attrs successfully started
s6-rc: info: service legacy-cont-init: starting
s6-rc: info: service legacy-cont-init successfully started

/db_migrations/index.js:815
		[util.cppdb]: { value: new addon.Database(filename, filenameGiven, anonymous, readonly, fileMustExist, timeout, verbose || null, buffer || null) },
		                      ^
SqliteError: unable to open database file
    at new Database (/db_migrations/index.js:815:26)
    at /db_migrations/index.js:11751:16
    at /db_migrations/index.js:11825:3
    at Object.<anonymous> (/db_migrations/index.js:11828:12)
    at Module._compile (node:internal/modules/cjs/loader:1546:14)
    at Object..js (node:internal/modules/cjs/loader:1689:10)
    at Module.load (node:internal/modules/cjs/loader:1318:32)
    at Function._load (node:internal/modules/cjs/loader:1128:12)
    at TracingChannel.traceSync (node:diagnostics_channel:315:14)
    at wrapModuleLoad (node:internal/modules/cjs/loader:218:24) {
  code: 'SQLITE_CANTOPEN'
}

Node.js v22.11.0
s6-rc: warning: unable to start service init-db-migration: command exited 1

When I exec into the container and run id, I am root even though I overridden the user to be non-root.

<!-- gh-comment-id:2516132560 --> @bishtawi commented on GitHub (Dec 4, 2024): Support for running the image as non-root would be greatly appriciated. When I attempt to run the image as user `1000:1000`, I get the following error: ``` s6-rc: info: service s6rc-oneshot-runner: starting s6-rc: info: service s6rc-oneshot-runner successfully started s6-rc: info: service fix-attrs: starting s6-rc: info: service init-db-migration: starting Running db migration script s6-rc: info: service fix-attrs successfully started s6-rc: info: service legacy-cont-init: starting s6-rc: info: service legacy-cont-init successfully started /db_migrations/index.js:815 [util.cppdb]: { value: new addon.Database(filename, filenameGiven, anonymous, readonly, fileMustExist, timeout, verbose || null, buffer || null) }, ^ SqliteError: unable to open database file at new Database (/db_migrations/index.js:815:26) at /db_migrations/index.js:11751:16 at /db_migrations/index.js:11825:3 at Object.<anonymous> (/db_migrations/index.js:11828:12) at Module._compile (node:internal/modules/cjs/loader:1546:14) at Object..js (node:internal/modules/cjs/loader:1689:10) at Module.load (node:internal/modules/cjs/loader:1318:32) at Function._load (node:internal/modules/cjs/loader:1128:12) at TracingChannel.traceSync (node:diagnostics_channel:315:14) at wrapModuleLoad (node:internal/modules/cjs/loader:218:24) { code: 'SQLITE_CANTOPEN' } Node.js v22.11.0 s6-rc: warning: unable to start service init-db-migration: command exited 1 ``` When I exec into the container and run `id`, I am root even though I overridden the user to be non-root.

kerem commented 2026-03-02 11:49:24 +03:00

Author

Owner

Copy link

@kapsh commented on GitHub (Apr 9, 2025):

I've been able to run every service defined in project's example compose from non-root user, e.g. apps with uid/gid 568.

This requires managing data volumes manually, so first create base directory ${APPS_DATASET}/karakeep writeable for user apps where APPS_DATASET is some absolute path of your choice. Subdirectories data, cache and search inside it will be used instead of named volumes, which is usually better idea for precious data than docker magic anyway.
Next, mount subdirectories: data at default /data for karakeep itself, search at /melli_search (also their defaults) and cache shared for other things.
To actually use /cache configure it's path in environment variables:

• COREPACK_HOME - most important. Without this karakeep cannot start, because corepack tries to download pnpm into /.cache in rootfs.
• HOME for chrome service. It will cache fonts and certificates in there and maybe could work without setting, just shows warning on launch.

With this configuration karakeep runs, saves links, their screenshots and archives, OCR, tags and search work, etc. Resulting compose (only settings relevant to topic):

services:

  karakeep:
    image: ghcr.io/karakeep-app/karakeep:0.23.1
    volumes:
      - ${APPS_DATASET}/karakeep/data:/data
      - ${APPS_DATASET}/karakeep/cache:/cache
    environment:
      DATA_DIR: /data
      COREPACK_HOME: /cache/corepack
      OCR_CACHE_DIR: /cache/ocr
    user: "568:568"

  chrome:
    image: gcr.io/zenika-hub/alpine-chrome:124
    environment:
      HOME: /cache/chrome
    volumes:
      - ${APPS_DATASET}/karakeep/cache:/cache
    user: "568:568"

  meilisearch:
    image: getmeili/meilisearch:v1.13.3
    volumes:
      - ${APPS_DATASET}/karakeep/search:/meili_data
    user: "568:568"

There are some partially solved issues, like this error in logs when browsing or probably creating previews:

 ⨯ Failed to write image to cache Wieiqxxj-xhnpz2SHeXAUqn0CRer6gg1yVUlctnBFO0= Error: EACCES: permission denied, mkdir '/app/apps/web/.next/cache'
    at async Object.mkdir (node:internal/fs/promises:857:10)
    at async writeToCacheDir (/app/node_modules/next/dist/server/image-optimizer.js:178:5)
    at async ImageOptimizerCache.set (/app/node_modules/next/dist/server/image-optimizer.js:451:13)
    at async /app/node_modules/next/dist/server/response-cache/index.js:121:25
    at async /app/node_modules/next/dist/lib/batcher.js:45:32 {
  errno: -13,
  code: 'EACCES',
  syscall: 'mkdir',
  path: '/app/apps/web/.next/cache'
}

Sound like Next.js data cache, I couldn't find how to configure it's location. Doesn't break anything visible, but to be safe this path can be hacked with some post-deploy command like docker compose exec -u0 karakeep install -d -o 568 /app/apps/web/.next/cache which runs from root to create writable for user 568 directory inside running container.

<!-- gh-comment-id:2791098848 --> @kapsh commented on GitHub (Apr 9, 2025): I've been able to run every service defined in project's example compose from non-root user, e.g. `apps` with uid/gid `568`. This requires managing data volumes manually, so first create base directory `${APPS_DATASET}/karakeep` writeable for user `apps` where `APPS_DATASET` is some absolute path of your choice. Subdirectories `data`, `cache` and `search` inside it will be used instead of named volumes, which is usually better idea for precious data than docker magic anyway. Next, mount subdirectories: `data` at default `/data` for karakeep itself, `search` at `/melli_search` (also their defaults) and `cache` shared for other things. To actually use `/cache` configure it's path in environment variables: - `COREPACK_HOME` - most important. Without this karakeep cannot start, because corepack tries to download pnpm into `/.cache` in rootfs. - `HOME` for chrome service. It will cache fonts and certificates in there and maybe could work without setting, just shows warning on launch. With this configuration karakeep runs, saves links, their screenshots and archives, OCR, tags and search work, etc. Resulting compose (only settings relevant to topic): ```yaml services: karakeep: image: ghcr.io/karakeep-app/karakeep:0.23.1 volumes: - ${APPS_DATASET}/karakeep/data:/data - ${APPS_DATASET}/karakeep/cache:/cache environment: DATA_DIR: /data COREPACK_HOME: /cache/corepack OCR_CACHE_DIR: /cache/ocr user: "568:568" chrome: image: gcr.io/zenika-hub/alpine-chrome:124 environment: HOME: /cache/chrome volumes: - ${APPS_DATASET}/karakeep/cache:/cache user: "568:568" meilisearch: image: getmeili/meilisearch:v1.13.3 volumes: - ${APPS_DATASET}/karakeep/search:/meili_data user: "568:568" ``` There are some partially solved issues, like this error in logs when browsing or probably creating previews: ``` ⨯ Failed to write image to cache Wieiqxxj-xhnpz2SHeXAUqn0CRer6gg1yVUlctnBFO0= Error: EACCES: permission denied, mkdir '/app/apps/web/.next/cache' at async Object.mkdir (node:internal/fs/promises:857:10) at async writeToCacheDir (/app/node_modules/next/dist/server/image-optimizer.js:178:5) at async ImageOptimizerCache.set (/app/node_modules/next/dist/server/image-optimizer.js:451:13) at async /app/node_modules/next/dist/server/response-cache/index.js:121:25 at async /app/node_modules/next/dist/lib/batcher.js:45:32 { errno: -13, code: 'EACCES', syscall: 'mkdir', path: '/app/apps/web/.next/cache' } ``` Sound like Next.js data cache, I couldn't find how to configure it's location. Doesn't break anything visible, but to be safe this path can be hacked with some post-deploy command like `docker compose exec -u0 karakeep install -d -o 568 /app/apps/web/.next/cache` which runs _from root_ to create writable for user 568 directory inside running container.

kerem commented 2026-03-02 11:49:24 +03:00

Author

Owner

Copy link

@MohamedBassem commented on GitHub (Jun 2, 2025):

Folks, I'm a bit confused. Is this actually still an issue? I can't seem to repro at least in the latest release:

$ id
uid=1000(mbassem) gid=1000(mbassem)

$ mkdir /tmp/karakeep-data

$ ls -la /tmp/karakeep-data
total 80
drwxr-xr-x   2 mbassem mbassem  4096 Jun  2 00:04 ./
drwxrwxrwt 199 root    root    73728 Jun  2 00:04 ../


$ docker run -e DATA_DIR=/data -v /tmp/karakeep-data:/data -u 1000:1000 -it --rm ghcr.io/karakeep-app/karakeep:release
/package/admin/s6-overlay/libexec/preinit: info: /run belongs to uid 0 instead of 1000 - fixing it
s6-rc: info: service s6rc-oneshot-runner: starting
s6-rc: info: service s6rc-oneshot-runner successfully started
s6-rc: info: service fix-attrs: starting
s6-rc: info: service init-db-migration: starting
Running db migration script
s6-rc: info: service fix-attrs successfully started
s6-rc: info: service legacy-cont-init: starting
s6-rc: info: service legacy-cont-init successfully started
s6-rc: info: service init-db-migration successfully started
s6-rc: info: service svc-workers: starting
s6-rc: info: service svc-web: starting
s6-rc: info: service svc-workers successfully started
s6-rc: info: service svc-web successfully started
s6-rc: info: service legacy-services: starting
s6-rc: info: service legacy-services successfully started
  ▲ Next.js 14.2.25
  - Local:        http://localhost:3000
  - Network:      http://0.0.0.0:3000

 ✓ Starting...
 ✓ Ready in 120ms
! Corepack is about to download https://registry.npmjs.org/pnpm/-/pnpm-9.0.0-alpha.8.tgz

> @karakeep/workers@0.1.0 start:prod /app/apps/workers
> tsx index.ts

2025-06-02T00:05:05.033Z info: Workers version: 0.24.1
2025-06-02T00:05:05.046Z info: [crawler] Loading adblocker ...
...


$ ls -la /tmp/karakeep-data
total 460
drwxr-xr-x   2 mbassem mbassem   4096 Jun  2 00:05 ./
drwxrwxrwt 199 root    root     73728 Jun  2 00:05 ../
-rw-r--r--   1 mbassem mbassem      0 Jun  2 00:05 auth_failures.log
-rw-r--r--   1 mbassem mbassem 339968 Jun  2 00:05 db.db
-rw-r--r--   1 mbassem mbassem  49152 Jun  2 00:05 queue.db

It seems to me that passing a user works just fine? What am I missing?

<!-- gh-comment-id:2928171684 --> @MohamedBassem commented on GitHub (Jun 2, 2025): Folks, I'm a bit confused. Is this actually still an issue? I can't seem to repro at least in the latest release: ``` $ id uid=1000(mbassem) gid=1000(mbassem) $ mkdir /tmp/karakeep-data $ ls -la /tmp/karakeep-data total 80 drwxr-xr-x 2 mbassem mbassem 4096 Jun 2 00:04 ./ drwxrwxrwt 199 root root 73728 Jun 2 00:04 ../ $ docker run -e DATA_DIR=/data -v /tmp/karakeep-data:/data -u 1000:1000 -it --rm ghcr.io/karakeep-app/karakeep:release /package/admin/s6-overlay/libexec/preinit: info: /run belongs to uid 0 instead of 1000 - fixing it s6-rc: info: service s6rc-oneshot-runner: starting s6-rc: info: service s6rc-oneshot-runner successfully started s6-rc: info: service fix-attrs: starting s6-rc: info: service init-db-migration: starting Running db migration script s6-rc: info: service fix-attrs successfully started s6-rc: info: service legacy-cont-init: starting s6-rc: info: service legacy-cont-init successfully started s6-rc: info: service init-db-migration successfully started s6-rc: info: service svc-workers: starting s6-rc: info: service svc-web: starting s6-rc: info: service svc-workers successfully started s6-rc: info: service svc-web successfully started s6-rc: info: service legacy-services: starting s6-rc: info: service legacy-services successfully started ▲ Next.js 14.2.25 - Local: http://localhost:3000 - Network: http://0.0.0.0:3000 ✓ Starting... ✓ Ready in 120ms ! Corepack is about to download https://registry.npmjs.org/pnpm/-/pnpm-9.0.0-alpha.8.tgz > @karakeep/workers@0.1.0 start:prod /app/apps/workers > tsx index.ts 2025-06-02T00:05:05.033Z info: Workers version: 0.24.1 2025-06-02T00:05:05.046Z info: [crawler] Loading adblocker ... ... $ ls -la /tmp/karakeep-data total 460 drwxr-xr-x 2 mbassem mbassem 4096 Jun 2 00:05 ./ drwxrwxrwt 199 root root 73728 Jun 2 00:05 ../ -rw-r--r-- 1 mbassem mbassem 0 Jun 2 00:05 auth_failures.log -rw-r--r-- 1 mbassem mbassem 339968 Jun 2 00:05 db.db -rw-r--r-- 1 mbassem mbassem 49152 Jun 2 00:05 queue.db ``` It seems to me that passing a user works just fine? What am I missing?

kerem commented 2026-03-02 11:49:24 +03:00

Author

Owner

Copy link

@tribut commented on GitHub (Jun 2, 2025):

This seems to only work for uid 1000, here is what happens with uid 150:

$ sudo chown -R 150:150 /tmp/karakeep-data
$ docker run -v /tmp/karakeep-data:/data -e DATA_DIR=/data -u 150:150 -it --rm ghcr.io/karakeep-app/karakeep:release
/package/admin/s6-overlay/libexec/preinit: info: /run belongs to uid 0 instead of 150 - fixing it
s6-rc: info: service s6rc-oneshot-runner: starting
s6-rc: info: service s6rc-oneshot-runner successfully started
s6-rc: info: service fix-attrs: starting
s6-rc: info: service init-db-migration: starting
s6-rc: info: service fix-attrs successfully started
s6-rc: info: service legacy-cont-init: starting
Running db migration script
s6-rc: info: service legacy-cont-init successfully started
s6-rc: info: service init-db-migration successfully started
s6-rc: info: service svc-workers: starting
s6-rc: info: service svc-web: starting
s6-rc: info: service svc-workers successfully started
s6-rc: info: service svc-web successfully started
s6-rc: info: service legacy-services: starting
s6-rc: info: service legacy-services successfully started
  ▲ Next.js 14.2.25
  - Local:        http://localhost:3000
  - Network:      http://0.0.0.0:3000

 ✓ Starting...
node:fs:1364
  const result = binding.mkdir(
                         ^

Error: EACCES: permission denied, mkdir '/.cache/node/corepack/v1'
    at mkdirSync (node:fs:1364:26)
    at getTemporaryFolder (/usr/local/lib/node_modules/corepack/dist/lib/corepack.cjs:21493:27)
    at download (/usr/local/lib/node_modules/corepack/dist/lib/corepack.cjs:21767:21)
    at installVersion (/usr/local/lib/node_modules/corepack/dist/lib/corepack.cjs:21861:61)
    at async Engine.ensurePackageManager (/usr/local/lib/node_modules/corepack/dist/lib/corepack.cjs:22323:32)
    at async Engine.executePackageManagerRequest (/usr/local/lib/node_modules/corepack/dist/lib/corepack.cjs:22423:25)
    at async Object.runMain (/usr/local/lib/node_modules/corepack/dist/lib/corepack.cjs:23110:7) {
  errno: -13,
  code: 'EACCES',
  syscall: 'mkdir',
  path: '/.cache/node/corepack/v1'
}

Node.js v22.15.0
 ✓ Ready in 238ms
node:fs:1364
  const result = binding.mkdir(
                         ^
[...]

This seems to be mostly fixed by adding -e HOME=/var/tmp. However, I have made some more changes to my docker-compose (which works fine, started using karakeep a few weeks ago). I don't have the time to do more tests right now to see if all of this is strictly necessary, but this is what I added:

services:
  karakeep:
    user: 157:172
    environment:
      S6_READ_ONLY_ROOT: "1"
      DATA_DIR: "/data"
      HOME: "/var/tmp"
    tmpfs:
      - /run:exec,uid=157,gid=172,size=32M
      - /app/apps/web/.next/cache:exec,uid=157,gid=172,size=32M
    security_opt:
      - no-new-privileges=true

<!-- gh-comment-id:2929632951 --> @tribut commented on GitHub (Jun 2, 2025): This seems to only work for uid 1000, here is what happens with uid 150: ~~~ $ sudo chown -R 150:150 /tmp/karakeep-data $ docker run -v /tmp/karakeep-data:/data -e DATA_DIR=/data -u 150:150 -it --rm ghcr.io/karakeep-app/karakeep:release /package/admin/s6-overlay/libexec/preinit: info: /run belongs to uid 0 instead of 150 - fixing it s6-rc: info: service s6rc-oneshot-runner: starting s6-rc: info: service s6rc-oneshot-runner successfully started s6-rc: info: service fix-attrs: starting s6-rc: info: service init-db-migration: starting s6-rc: info: service fix-attrs successfully started s6-rc: info: service legacy-cont-init: starting Running db migration script s6-rc: info: service legacy-cont-init successfully started s6-rc: info: service init-db-migration successfully started s6-rc: info: service svc-workers: starting s6-rc: info: service svc-web: starting s6-rc: info: service svc-workers successfully started s6-rc: info: service svc-web successfully started s6-rc: info: service legacy-services: starting s6-rc: info: service legacy-services successfully started ▲ Next.js 14.2.25 - Local: http://localhost:3000 - Network: http://0.0.0.0:3000 ✓ Starting... node:fs:1364 const result = binding.mkdir( ^ Error: EACCES: permission denied, mkdir '/.cache/node/corepack/v1' at mkdirSync (node:fs:1364:26) at getTemporaryFolder (/usr/local/lib/node_modules/corepack/dist/lib/corepack.cjs:21493:27) at download (/usr/local/lib/node_modules/corepack/dist/lib/corepack.cjs:21767:21) at installVersion (/usr/local/lib/node_modules/corepack/dist/lib/corepack.cjs:21861:61) at async Engine.ensurePackageManager (/usr/local/lib/node_modules/corepack/dist/lib/corepack.cjs:22323:32) at async Engine.executePackageManagerRequest (/usr/local/lib/node_modules/corepack/dist/lib/corepack.cjs:22423:25) at async Object.runMain (/usr/local/lib/node_modules/corepack/dist/lib/corepack.cjs:23110:7) { errno: -13, code: 'EACCES', syscall: 'mkdir', path: '/.cache/node/corepack/v1' } Node.js v22.15.0 ✓ Ready in 238ms node:fs:1364 const result = binding.mkdir( ^ [...] ~~~ This seems to be mostly fixed by adding `-e HOME=/var/tmp`. However, I have made some more changes to my docker-compose (which works fine, started using karakeep a few weeks ago). I don't have the time to do more tests right now to see if all of this is strictly necessary, but this is what I added: ~~~yaml services: karakeep: user: 157:172 environment: S6_READ_ONLY_ROOT: "1" DATA_DIR: "/data" HOME: "/var/tmp" tmpfs: - /run:exec,uid=157,gid=172,size=32M - /app/apps/web/.next/cache:exec,uid=157,gid=172,size=32M security_opt: - no-new-privileges=true ~~~

kerem commented 2026-03-02 11:49:25 +03:00

Author

Owner

Copy link

@MohamedBassem commented on GitHub (Jun 7, 2025):

Ok, this is now fixed in main in github.com/karakeep-app/karakeep@169e14d35d. It'll be available in the nightly build in ~30mins and will be coming to the next release hopefully tomorrow. The trick was to get rid of corepack and pnpm completely from the prod build.

<!-- gh-comment-id:2952588661 --> @MohamedBassem commented on GitHub (Jun 7, 2025): Ok, this is now fixed in main in https://github.com/karakeep-app/karakeep/commit/169e14d35dad99543eeb5c6960cdc639f0c0f7ca. It'll be available in the nightly build in ~30mins and will be coming to the next release hopefully tomorrow. The trick was to get rid of `corepack` and `pnpm` completely from the prod build.

kerem commented 2026-03-02 11:49:25 +03:00

Author

Owner

Copy link

@johncalls commented on GitHub (Jun 9, 2025):

It appears that this issue was not completely resolved with 0.25.0. I'm seeing the following log entries now after the installation when attempting to access the app for the first time:

/package/admin/s6-overlay/libexec/preinit: info: /run belongs to uid 0 instead of 1000 - fixing it
s6-rc: info: service s6rc-oneshot-runner: starting
s6-rc: info: service s6rc-oneshot-runner successfully started
s6-rc: info: service fix-attrs: starting
s6-rc: info: service init-db-migration: starting
Running db migration script
s6-rc: info: service fix-attrs successfully started
s6-rc: info: service legacy-cont-init: starting
s6-rc: info: service legacy-cont-init successfully started
s6-rc: info: service init-db-migration successfully started
s6-rc: info: service svc-workers: starting
s6-rc: info: service svc-web: starting
s6-rc: info: service svc-workers successfully started
s6-rc: info: service svc-web successfully started
s6-rc: info: service legacy-services: starting
s6-rc: info: service legacy-services successfully started
  ▲ Next.js 14.2.25
  - Local:        http://localhost:3000
  - Network:      http://0.0.0.0:3000

 ✓ Starting...
 ✓ Ready in 389ms
2025-06-09T10:30:35.562Z info: Workers version: 0.25.0
2025-06-09T10:30:35.639Z info: [crawler] Loading adblocker ...
2025-06-09T10:30:37.381Z info: [Crawler] Connecting to existing browser instance: http://chrome:9222
2025-06-09T10:30:37.382Z info: [Crawler] Successfully resolved IP address, new address: http://172.21.0.3:9222/
2025-06-09T10:30:37.487Z info: Starting crawler worker ...
2025-06-09T10:30:37.487Z info: Starting inference worker ...
2025-06-09T10:30:37.488Z info: Starting search indexing worker ...
2025-06-09T10:30:37.488Z info: Starting tidy assets worker ...
2025-06-09T10:30:37.488Z info: Starting video worker ...
2025-06-09T10:30:37.489Z info: Starting feed worker ...
2025-06-09T10:30:37.489Z info: Starting asset preprocessing worker ...
2025-06-09T10:30:37.489Z info: Starting webhook worker ...
2025-06-09T10:30:37.489Z info: Starting rule engine worker ...
d [TRPCError]: User settings not found
    at /app/apps/web/.next/server/chunks/6815.js:1:41820
    at async X.h.middlewares (/app/apps/web/.next/server/chunks/269.js:4:46337)
    at async F (/app/apps/web/.next/server/chunks/269.js:7:68)
    at async G (/app/apps/web/.next/server/chunks/269.js:4:45731)
    at async F (/app/apps/web/.next/server/chunks/269.js:7:68)
    at async F (/app/apps/web/.next/server/chunks/269.js:7:68)
    at async F (/app/apps/web/.next/server/chunks/269.js:7:68)
    at async G (/app/apps/web/.next/server/chunks/269.js:4:46537)
    at async /app/apps/web/.next/server/chunks/269.js:7:5476
    at async Promise.all (index 1) {
  cause: undefined,
  code: 'NOT_FOUND',
  digest: '4237581454'
}
d [TRPCError]: User settings not found
    at /app/apps/web/.next/server/chunks/6815.js:1:41820
    at async X.h.middlewares (/app/apps/web/.next/server/chunks/269.js:4:46337)
    at async F (/app/apps/web/.next/server/chunks/269.js:7:68)
    at async G (/app/apps/web/.next/server/chunks/269.js:4:45731)
    at async F (/app/apps/web/.next/server/chunks/269.js:7:68)
    at async F (/app/apps/web/.next/server/chunks/269.js:7:68)
    at async F (/app/apps/web/.next/server/chunks/269.js:7:68)
    at async G (/app/apps/web/.next/server/chunks/269.js:4:46537)
    at async /app/apps/web/.next/server/chunks/269.js:7:5476
    at async Promise.all (index 1) {
  cause: undefined,
  code: 'NOT_FOUND',
  digest: '4237581454'
}

<!-- gh-comment-id:2955388447 --> @johncalls commented on GitHub (Jun 9, 2025): It appears that this issue was not completely resolved with `0.25.0`. I'm seeing the following log entries now *after* the installation when attempting to access the app for the first time: ``` /package/admin/s6-overlay/libexec/preinit: info: /run belongs to uid 0 instead of 1000 - fixing it s6-rc: info: service s6rc-oneshot-runner: starting s6-rc: info: service s6rc-oneshot-runner successfully started s6-rc: info: service fix-attrs: starting s6-rc: info: service init-db-migration: starting Running db migration script s6-rc: info: service fix-attrs successfully started s6-rc: info: service legacy-cont-init: starting s6-rc: info: service legacy-cont-init successfully started s6-rc: info: service init-db-migration successfully started s6-rc: info: service svc-workers: starting s6-rc: info: service svc-web: starting s6-rc: info: service svc-workers successfully started s6-rc: info: service svc-web successfully started s6-rc: info: service legacy-services: starting s6-rc: info: service legacy-services successfully started ▲ Next.js 14.2.25 - Local: http://localhost:3000 - Network: http://0.0.0.0:3000 ✓ Starting... ✓ Ready in 389ms 2025-06-09T10:30:35.562Z info: Workers version: 0.25.0 2025-06-09T10:30:35.639Z info: [crawler] Loading adblocker ... 2025-06-09T10:30:37.381Z info: [Crawler] Connecting to existing browser instance: http://chrome:9222 2025-06-09T10:30:37.382Z info: [Crawler] Successfully resolved IP address, new address: http://172.21.0.3:9222/ 2025-06-09T10:30:37.487Z info: Starting crawler worker ... 2025-06-09T10:30:37.487Z info: Starting inference worker ... 2025-06-09T10:30:37.488Z info: Starting search indexing worker ... 2025-06-09T10:30:37.488Z info: Starting tidy assets worker ... 2025-06-09T10:30:37.488Z info: Starting video worker ... 2025-06-09T10:30:37.489Z info: Starting feed worker ... 2025-06-09T10:30:37.489Z info: Starting asset preprocessing worker ... 2025-06-09T10:30:37.489Z info: Starting webhook worker ... 2025-06-09T10:30:37.489Z info: Starting rule engine worker ... d [TRPCError]: User settings not found at /app/apps/web/.next/server/chunks/6815.js:1:41820 at async X.h.middlewares (/app/apps/web/.next/server/chunks/269.js:4:46337) at async F (/app/apps/web/.next/server/chunks/269.js:7:68) at async G (/app/apps/web/.next/server/chunks/269.js:4:45731) at async F (/app/apps/web/.next/server/chunks/269.js:7:68) at async F (/app/apps/web/.next/server/chunks/269.js:7:68) at async F (/app/apps/web/.next/server/chunks/269.js:7:68) at async G (/app/apps/web/.next/server/chunks/269.js:4:46537) at async /app/apps/web/.next/server/chunks/269.js:7:5476 at async Promise.all (index 1) { cause: undefined, code: 'NOT_FOUND', digest: '4237581454' } d [TRPCError]: User settings not found at /app/apps/web/.next/server/chunks/6815.js:1:41820 at async X.h.middlewares (/app/apps/web/.next/server/chunks/269.js:4:46337) at async F (/app/apps/web/.next/server/chunks/269.js:7:68) at async G (/app/apps/web/.next/server/chunks/269.js:4:45731) at async F (/app/apps/web/.next/server/chunks/269.js:7:68) at async F (/app/apps/web/.next/server/chunks/269.js:7:68) at async F (/app/apps/web/.next/server/chunks/269.js:7:68) at async G (/app/apps/web/.next/server/chunks/269.js:4:46537) at async /app/apps/web/.next/server/chunks/269.js:7:5476 at async Promise.all (index 1) { cause: undefined, code: 'NOT_FOUND', digest: '4237581454' } ```

kerem commented 2026-03-02 11:49:25 +03:00

Author

Owner

Copy link

@erphise commented on GitHub (Jun 19, 2025):

4237581454

I am having the same problem

<!-- gh-comment-id:2986386788 --> @erphise commented on GitHub (Jun 19, 2025): > 4237581454 I am having the same problem

kerem commented 2026-03-02 11:49:25 +03:00

Author

Owner

Copy link

@Dinth commented on GitHub (Oct 6, 2025):

Im having this problem when running as a user:

karakeep              | 2025-10-06T05:15:57.571035054Z s6-overlay-suexec: fatal: child failed with exit code 100
karakeep              | 2025-10-06T05:16:26.506615695Z /package/admin/s6-overlay/libexec/preinit: fatal: /run belongs to uid 0 instead of 1003, has insecure and/or unworkable permissions, and we're lacking the privileges to fix it.
karakeep              | 2025-10-06T05:16:26.506701711Z s6-overlay-suexec: fatal: child failed with exit code 100
karakeep              | 2025-10-06T05:19:56.897357330Z /package/admin/s6-overlay/libexec/preinit: fatal: /run belongs to uid 0 instead of 1003, has insecure and/or unworkable permissions, and we're lacking the privileges to fix it.

<!-- gh-comment-id:3370017948 --> @Dinth commented on GitHub (Oct 6, 2025): Im having this problem when running as a user: ``` karakeep | 2025-10-06T05:15:57.571035054Z s6-overlay-suexec: fatal: child failed with exit code 100 karakeep | 2025-10-06T05:16:26.506615695Z /package/admin/s6-overlay/libexec/preinit: fatal: /run belongs to uid 0 instead of 1003, has insecure and/or unworkable permissions, and we're lacking the privileges to fix it. karakeep | 2025-10-06T05:16:26.506701711Z s6-overlay-suexec: fatal: child failed with exit code 100 karakeep | 2025-10-06T05:19:56.897357330Z /package/admin/s6-overlay/libexec/preinit: fatal: /run belongs to uid 0 instead of 1003, has insecure and/or unworkable permissions, and we're lacking the privileges to fix it. ```

kerem commented 2026-03-02 11:49:25 +03:00

Author

Owner

Copy link

@fictiontoreality commented on GitHub (Nov 19, 2025):

@MohamedBassem Thank you for looking into this. Please disable auto-resolving issues after a push. This allows time for users to manually resolve issues after they confirm the fix, otherwise issue churn occurs and context/momentum is lost such as cases like this where the initial change does not fully resolve the issue.

<!-- gh-comment-id:3553017378 --> @fictiontoreality commented on GitHub (Nov 19, 2025): @MohamedBassem Thank you for looking into this. Please disable auto-resolving issues after a push. This allows time for users to manually resolve issues after they confirm the fix, otherwise issue churn occurs and context/momentum is lost such as cases like this where the initial change does not fully resolve the issue.

kerem commented 2026-03-02 11:49:25 +03:00

Author

Owner

Copy link

@niklasthorild commented on GitHub (Jan 17, 2026):

You need to assign /run to the user id you are running the container as. For example, in docker compose:

tmpfs:
  - /run:uid=1000,gid=1000,exec

Works fine for me after doing that.

<!-- gh-comment-id:3764045178 --> @niklasthorild commented on GitHub (Jan 17, 2026): You need to assign /run to the user id you are running the container as. For example, in docker compose: ```docker-compose tmpfs: - /run:uid=1000,gid=1000,exec ``` Works fine for me after doing that.

kerem referenced this issue 2026-03-02 11:58:24 +03:00

[PR #388] [MERGED] Removing referrer header when clicking on links #387 #1610

Sign in to join this conversation.

No Branch/Tag specified

Branches Tags

main

refactor/use-npm-singlefile

onetab

claude/issue-2596-20260321-1401

claude/fix-docs-button-responsive-V3aBQ

claude/review-import-backpressure-D4ArJ

claude/fix-archived-bookmarks-mobile-P9OJW

claude/issue-1189-20260211-1601

claude/fix-nested-smart-lists-3uFkt

claude/issue-2298-20251223-1704

feat/import-v3

claude/add-cli-search-subcommand-6kIe0

claude/add-bookmark-indexing-timestamps-96bPj

claude/auto-disable-failing-feeds-fkDhP

claude/add-tag-search-aliases-HzESD

feat/docker-compose-dev

claude/add-attachedby-tags-endpoint-01WYfemMGHJJjXsPYLvUJAno

claude/fix-crawler-memory-leaks-NE7Ct

bookmark-debugger

claude/issue-2352-20260106-1120

claude/issue-1977-20260102-2348

claude/add-banner-rendering-JeLUk

claude/add-descendant-qualifier-cUm26

claude/skip-metadata-refresh-archives-CAo4Y

claude/fix-archive-pending-banner-pAyGM

claude/add-embeddings-support-h2swV

claude/nested-manage-lists-QVV85

claude/privacy-type-system-MG1bT

claude/add-action-menu-icons-6hNKw

claude/issue-2299-20251223-1711

claude/bookmark-indexing-progress-QwZSI

claude/migrate-bookmark-attachments-3O2te

claude/add-2025-wrapped-feature-tIUIh

claude/improve-ai-settings-design-639tq

claude/add-youtube-metascraper-plugin-0lWC7

claude/add-problem-reporting-gSSEV

claude/add-mobile-list-menus-spcS7

claude/shadcn-bookmark-cards-WWHzP

claude/add-extensions-link-HTeXc

claude/add-onboarding-screens-hsYMO

claude/fix-settings-switch-overflow-nlzM4

claude/clamp-bookmark-titles-diAEz

claude/port-stats-mobile-expo-MuXAn

claude/whats-new-base-version-vrv8C

claude/fix-settings-auth-checks-jgyD8

claude/add-server-version-display-3sGa2

claude/fix-tag-editor-scrolling-rzdbG

claude/add-company-pricing-card-y5mHY

claude/audit-optimize-transactions-xpDVc

codex/ensure-consistent-ui-experience-across-app-pages

claude/plan-opentelemetry-integration-01Jx183mz1Ev8h8JoYj97Auw

libsql

db-indicies

claude/export-import-lists-01UuCWwdaqduAd35NppvjnMD

claude/configurable-worker-timeout-0198GQh6YrrRzqG62xnogyrz

claude/check-import-quota-01CPdxTpHp18Ba62bYcBTVbA

claude/scraper-worker-thread-01FEHen6MGrQHmdBstJSuiyA

claude/customize-dialog-styling-01CVjEv2KgyZJSpCg3mqkvR7

claude/add-asset-cache-headers-0175WhNcqwiwurrmjj52jnLT

claude/add-db-search-plugin-017Xxd4Jq3MfjWT788vgfbaq

benchmarks-2

claude/add-filtered-deletion-01DTxWNcg3hhqdNpeNLa3s6L

claude/actionbutton-loading-spinner-015DY5ZTvgPgFAXTZz3UGaYv

claude/add-broken-links-qualifier-01S31X1LsKiYb9gE1dXTKvi3

claude/docker-release-tag-trigger-01UmzFXEumhK2jdmRGtMcueo

claude/spread-feed-fetch-scheduling-01EihUtmZSyqeE1HfRMessxW

restate-idempotency

claude/align-android-ios-colors-01GJfkhEyZVBReohVioPa8ok

claude/improve-mobile-app-colors-0155LzHfkd5HyJr6YyZMsus5

codex/add-autocomplete-for-search-query-language

claude/add-bookmark-backups-016L2A8Z94n7tDgDdMPdFuAd

claude/restrict-binary-user-permissions-01FSGyy2RXGZvE26YbAejzGi

effect-ts

claude/prepare-trpc-npm-publish-0193EjfwpxSNVNcLXqXjs6Ln

shared-list-sidebar

claude/lazy-load-tiktoken-017UTNpJPTcMMQvNEBa1aFwo

codex/fix-asset-pre-processing-worker-abort-signals

add-groupid

claude/add-bookmark-list-button-01VF7uXYNLsVDzqdozWMXP5M

claude/extract-shared-ui-components-01DSVfaCr6WRqAyx1vJTZk9r

claude/migrate-shadcn-sidebar-01DKjpg9MD5PJ2potemSnbvW

claude/add-collaborators-rate-limits-01VjXyRWWPUkGQKa8d8D8qKj

claude/modernize-dark-mode-01FRfE81PAY5C44pFu1cYocf

claude/add-signed-url-bookmark-01PjYT1ZhvLK2FPJNTAhJsWf

restate-group-id

claude/add-highlights-page-012vhHpn8fVNp3gf7gBeW14s

claude/disable-shared-bookmark-features-01B9fiGUdu6NyWaxSQFsQBxP

claude/mobile-bookmark-grid-layouts-018cGBBMhPJVq6PJVRBpqT2r

claude/add-mobile-bookmark-summary-01494LYoh4sJW5Fj4GPm62Vj

claude/add-mobile-tags-screen-01WRADt4ZzvXVew1Y9vqF8SV

claude/add-highlight-notes-01LpanRLS4a2YMnT1qB5GTqX

claude/add-search-bar-014k2ngaqjwYRVSvqmbuECqr

claude/hide-collaborator-emails-01TQrkkMupC7CR9BTuDkireg

claude/list-invitation-approval-0129V89M1riXW6JqmoF74VfM

claude/add-bookmark-archive-sort-018VbGPGvtmsGgXFEERoAX7B

claude/add-mobile-smart-lists-01251tYo9u1SywE6XFezAv9e

claude/bookmark-drag-drop-01DmWq286ogHpDGHKcXjKr3z

claude/add-rss-import-01DH1Q2axcDeq8nQJR5MWjPJ

claude/mobile-inapp-browser-auth-01KiT6bwyntRPQ1X4oTtAveC

claude/offline-mode-react-query-01D1rE2bdBEPw2teGqunr5Gd

claude/add-singlefile-extension-support-01BEB9QQZABzwfZDvR9Bz5b2

claude/custom-list-slugs-01VxcfkNUXZ97FNpNVURopMq

claude/issue-2148-20251118-1133

claude/add-groupid-queue-fairness-011CV1r8Wb46HuGAg5o95i3m

claude/hide-viewer-shared-lists-01Fst6NBvdxrXXnDhUmjsNDP

claude/collaborative-lists-013AvDvMqkoszDVcSoCYgBcM

claude/implement-feature-01LT5XzGsbEhZkYXNEjEwdui

claude/fix-bookmark-loading-state-01AgF4H2drxwuTCJDB2Xgiu4

claude/admin-user-edit-013tbiRmb1KX2fhSYqmGKCu8

claude/expose-all-api-01YTruEW72WQYMtq4iZoaPkA

claude/add-doc-link-main-016NYLxShpKuH6R8XCBgeZtc

claude/fix-issue-2133-019JLvdSRAUbU4FtjQztcM6S

claude/explore-effect-ts-integration-01F7xb1dWwP1ma4LnLbFGfDD

claude/optimize-dockerfile-build-011CV5gDnPZbdbbVSPDofC4e

claude/add-custom-headers-guide-011CV249t16aWDRb1mCrzQdC

claude/mobile-app-signup-011CUxPtCXgU6U3T8GShTR2Q

claude/crawler-worker-fetch-browser-011CUvcRc24XEr9DTWDW6MX8

claude/fix-issue-784-011CUvubQrcZHG9S3KjpCKbK

codex/add-user-settings-for-inference-language-and-screenshots

claude/fix-mobile-signin-server-address-011CUnaUWwY2Fhq5Xbwhgr8H

better-auth-2

claude/issue-2028-20251012-1429

claude/issue-1010-20251012-1154

codex/update-feed-refresh-job-idempotency-key

restate

import-v2

fix-public-lists

recurse-delete-list

abort-dangling-processing

tag-pagination

ratelimit-plugin

claude/issue-1937-20250914-0912

codex/implement-title-search-query-qualifier

copilot/add-edit-button-for-notes

cookie-path

ai-tag-cleanup

codex/add-allowlist-and-blocklist-env-variables

mobile-retheme

expo-next-upgrade

opencode/issue1788-20250727215611

fix-trailing-slash-deduplication

edit-bookmark-dialog

bookmark-embeddings

rag

nextjs-15

bookmark-hover-bar

sapling-pr-archive-MohamedBassem

track-bookmark-assets

json-cli

admin-settings

mobile-dark-mode

android/v1.9.2-0

ios/v1.9.1-1

android/v1.9.1-0

ios/v1.9.1-0

ios/v1.9.0-2

ios/v1.9.0-1

android/v1.9.0-1

extension/v1.2.9

cli/v0.31.0

sdk/v0.31.0

mcp/v0.31.0

android/v1.9.0-0

ios/v1.9.0-0

v0.31.0

android/v1.8.5-0

cli/v0.30.0

sdk/v0.30.0

ios/v1.8.4-0

android/v1.8.4-0

v0.30.0

cli/v0.29.1

v0.29.3

v0.29.2

v0.29.1

sdk/v0.29.0

cli/v0.29.0

mcp/v0.29.0

ios/v1.8.3-0

android/v1.8.3-0

extension/v1.2.8

v0.29.0

android/v1.8.2-2

android/v1.8.2-1

ios/v1.8.2-0

android/v1.8.2-0

extension/v1.2.7

android/v1.8.1-0

ios/v1.8.1-0

v0.28.0

cli/v0.27.1

cli/v0.27.0

v0.27.1

sdk/v0.27.0

v0.27.0

android/v1.8.0-1

ios/v1.8.0-1

mcp/v0.26.0

sdk/v0.26.0

v0.26.0

cli/v0.25.0

ios/v1.7.0-1

mcp/v0.25.0

v0.25.0

extension/v1.2.6

ios/v1.7.0-0

android/v1.7.0-0

v0.24.1

v0.24.0

mcp/v0.23.10

mcp/v0.23.9

mcp/v0.23.8

extension/v1.2.5

mcp/v0.23.7

mcp/v0.23.6

mcp/v0.23.5

mcp/v0.23.4

sdk/v0.23.2

cli/v0.23.0

extension/v1.2.4

android/v1.6.9-1

ios/v1.6.9-1

v0.23.2

v0.23.1

sdk/v0.23.0

v0.23.0

ios/v1.6.9-0

sdk/v0.22.0

v0.22.0

android/v1.6.8-0

ios/v1.6.8-0

sdk/v0.21.2

sdk/v0.21.1

sdk/v0.21.0

v0.21.0

cli/v0.20.0

v0.20.0

ios/v1.6.7-4

android/v1.6.7-4

ios/v1.6.7-3

android/v1.6.7-3

android/v1.6.7-2

ios/v1.6.7-2

android/v1.6.7-1

ios/v1.6.7-1

ios/v1.6.7-0

android/v1.6.7-0

v0.19.0

android/v1.6.6-0

android/v1.6.5-0

ios/v1.6.5-0

ios/v1.6.4-0

android/v1.6.4-0

v0.18.0

v0.17.1

v0.17.0

ios/v1.6.3-0

android/v1.6.3-0

extension/v1.2.3

ios/v1.6.2-1

android/v1.6.2-1

ios/v1.6.2-0

android/v1.6.2-0

v0.16.0

ios/v1.6.1-3

android/v1.6.1-3

ios/v1.6.1-2

android/v1.6.1-2

android/v1.6.1-1

ios/v1.6.1-1

android/v1.6.1-0

ios/v1.6.1-0

extension/v1.2.2

android/v1.6.0-1

ios/v1.6.0-1

ios/v1.6.0

android/v1.6.0

cli/v0.13.7

cli/v0.13.6

v0.15.0

cli/v0.13.5

extension/v1.2.1

v0.14.0

cli/v0.13.3

cli/v0.13.2

cli/v0.13.1

cli/v0.13.0

v0.13.1

v0.13.0

mobile-v1.5.0

mobile-v1.4.0

v0.12.2

v0.12.1

v0.12.0

v0.11.1

v0.11.0

v0.10.1

v0.10.0

v0.9.0

v0.8.0

v0.7.0

v0.6.0

v0.5.0

v0.4.1

v.0.4.0

v.0.3.1

v0.3.0

v0.2.2

v0.2.1

v0.2.0

v0.1.0

Labels

Clear labels   

UI/UX

  

android

  

bug

  

dependencies

  

documentation

  

documentation

  

extension

  

feature request

  

feature request

  

good first issue

  

ios

  

long-term

  

performance

  

pri/high

  

pri/low

  

pri/medium

  

pull-request

Mirrored from GitHub Pull Request

  

question

  

status/approved

  

status/icebox

  

status/pending_clarification

  

status/untriaged

No labels

UI/UX

android

bug

dependencies

documentation

documentation

extension

feature request

feature request

good first issue

ios

long-term

performance

pri/high

pri/low

pri/medium

pull-request

question

status/approved

status/icebox

status/pending_clarification

status/untriaged

Milestone

Clear milestone

No items

No milestone

Projects

Clear projects

No items

No project

Assignees

Clear assignees

No assignees

1 participant

Notifications

Subscribe

Due date

The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference

starred/karakeep#387

No description provided.