starred/vaultwarden_ldap_sync
1
0
Fork 0
mirror of https://github.com/sirtoobii/vaultwarden_ldap_sync.git synced 2026-04-26 20:45:54 +03:00
Code Issues 5 Projects Releases 2 Packages Wiki Activity

[GH-ISSUE #18] Permission Denied on vaultwarden_cookies.txt in Non-Root Mode #11

New issue
Closed
opened 2026-03-04 00:59:39 +03:00 by kerem · 2 comments
kerem commented 2026-03-04 00:59:39 +03:00
Owner
Copy link

Originally created by @ottvladimir on GitHub (Sep 11, 2025).
Original GitHub issue: https://github.com/sirtoobii/vaultwarden_ldap_sync/issues/18

When deploying with securityContext in Kubernetes (e.g., runAsUser: 1001, fsGroup: 1001), the following error occurs due to lack of write permissions on the cookie file path:

2025-09-11:03:57:15 ERROR [sync.py] Something went wrong. Error: [Errno 13] Permission denied: '../vaultwarden_cookies.txt'
2025-09-11:03:57:15 DEBUG [sync.py] Traceback (most recent call last):
  File "/src/vaultwarden_user_sync/sync.py", line 104, in <module>
    sync_result = SyncResult.factory(vwc, ls, ldap_emails)
                  ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/src/vaultwarden_user_sync/compare.py", line 60, in factory
    vw_users = vwc.get_all_users()
               ^^^^^^^^^^^^^^^^^^^
  File "/src/vaultwarden_user_sync/backends/vaultwarden.py", line 70, in get_all_users
    result = self.make_authenticated_request('{}/admin/users'.format(self.vaultwarden_url),
             ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/src/vaultwarden_user_sync/backends/vaultwarden.py", line 57, in make_authenticated_request
    self.client.cookies.save()
  File "/usr/lib/python3.11/http/cookiejar.py", line 2093, in save
    os.open(filename, os.O_CREAT | os.O_WRONLY | os.O_TRUNC, 0o600),
    ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

PermissionError: [Errno 13] Permission denied: '../vaultwarden_cookies.txt'
This failure happens during cookie saving in the vaultwarden.py backend, as the non-root user (e.g., UID 1001) cannot write to the default relative path ../vaultwarden_cookies.txt, which likely points to a root-owned or restricted directory outside the container's writable area.

Originally created by @ottvladimir on GitHub (Sep 11, 2025). Original GitHub issue: https://github.com/sirtoobii/vaultwarden_ldap_sync/issues/18 When deploying with securityContext in Kubernetes (e.g., runAsUser: 1001, fsGroup: 1001), the following error occurs due to lack of write permissions on the cookie file path: ``` 2025-09-11:03:57:15 ERROR [sync.py] Something went wrong. Error: [Errno 13] Permission denied: '../vaultwarden_cookies.txt' 2025-09-11:03:57:15 DEBUG [sync.py] Traceback (most recent call last): File "/src/vaultwarden_user_sync/sync.py", line 104, in <module> sync_result = SyncResult.factory(vwc, ls, ldap_emails) ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ File "/src/vaultwarden_user_sync/compare.py", line 60, in factory vw_users = vwc.get_all_users() ^^^^^^^^^^^^^^^^^^^ File "/src/vaultwarden_user_sync/backends/vaultwarden.py", line 70, in get_all_users result = self.make_authenticated_request('{}/admin/users'.format(self.vaultwarden_url), ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ File "/src/vaultwarden_user_sync/backends/vaultwarden.py", line 57, in make_authenticated_request self.client.cookies.save() File "/usr/lib/python3.11/http/cookiejar.py", line 2093, in save os.open(filename, os.O_CREAT | os.O_WRONLY | os.O_TRUNC, 0o600), ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ ``` PermissionError: [Errno 13] Permission denied: '../vaultwarden_cookies.txt' This failure happens during cookie saving in the vaultwarden.py backend, as the non-root user (e.g., UID 1001) cannot write to the default relative path ../vaultwarden_cookies.txt, which likely points to a root-owned or restricted directory outside the container's writable area.
kerem 2026-03-04 00:59:39 +03:00
  • closed this issue
  • added the
    bug
         label
kerem commented 2026-03-04 00:59:41 +03:00
Author
Owner
Copy link

@sirtoobii commented on GitHub (Sep 13, 2025):

Hi @ottvladimir Thanks for raising this issue. I've pushed a fix in fix/cookie_store_location can you confirm that this solves it?

<!-- gh-comment-id:3287785273 --> @sirtoobii commented on GitHub (Sep 13, 2025): Hi @ottvladimir Thanks for raising this issue. I've pushed a fix in `fix/cookie_store_location` can you confirm that this solves it?
kerem commented 2026-03-04 00:59:41 +03:00
Author
Owner
Copy link

@ottvladimir commented on GitHub (Sep 19, 2025):

Hi! Yes, this fixed the problem.

<!-- gh-comment-id:3311643287 --> @ottvladimir commented on GitHub (Sep 19, 2025): Hi! Yes, this fixed the problem.
Sign in to join this conversation.
No Branch/Tag specified
Branches Tags
main
fix/cookie_store_location
fix/user_not_adopted
big-refactor
test/GeorgeIT
1.1.0
1.0.0
Labels
Clear labels   
bug

   
good first issue

   
help wanted

   
pull-request

Mirrored from GitHub Pull Request

  
question

   
question

   
question
No labels
bug
good first issue
help wanted
pull-request
question
question
question
Milestone
Clear milestone
No items
No milestone
Projects
Clear projects
No items
No project
Assignees
Clear assignees
No assignees
1 participant
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference
starred/vaultwarden_ldap_sync#11
No description provided.