Core: Python packages cant be installed when running as none-root user

Did you modify the docker image somehow (extending it)?

Because inside the docker container everything is run as root.

Only thing i do is set UID and GID for the user which should run the container.
(User: xxx:xxx when using docker-compose)

This has always worked flawless before 0.94

Same here! :(

Same here! :(

any fix for this?

I've been staying on version 0.93.2 for this exact reason...

I've been staying on version 0.93.2 for this exact reason...

I've been able to upgrade but everytime I create the docker image I have to run this command:
docker exec -it --user=root homeassistant pip3 install aiofiles
and restart homeassistant. Waiting for the good fix

This is still happening. Seems to be related to some kind of permission change on 0.94.

So checked further and found the issue happens on the vanilla python 3.7 docker image. Reported an issue here: https://github.com/docker-library/python/issues/414

This does not seem to be an upstream issue to me. In https://github.com/home-assistant/home-assistant/pull/24175 an explicit check for running inside docker was added, that prevents --user (and the appropriate $PYTHONUSERBASE) from being set:

https://github.com/home-assistant/home-assistant/blob/3534b8a9772974a43ceff0d6954068fba51ea1e6/homeassistant/requirements.py#L93-L94

It appears that changing this check so that it does not trigger when uid != 0 would make it possible to install python packages locally and run the docker image as non-root user again. Anyone have insights on why exactly this change was made? @pvizeli maybe?

If no one has objections, I can prepare a PR to try and get this resolved.

That is how our docker backend work and that will be not changed. If you want run HA without root privileged, you need build your own image or work with workarounds above.

That most of our integration work correct inside Docker, we suggest that this images run:

• Root / Privileged
• Host network

To protect HA, you should use AppArmor. You are free to run HA in any other modes but we can't promise that all components works or you can life workaround free.

Hey, @pvizeli. Thanks for the clarification. I'm sorry if I gave the impression of complaining how your backend works - I only tried to understand the reasoning. I certainly didn't want to step on anybody's toes.

Let me rephrase the question: If I can confirm that a trivial check somewhere that re-enables --user for pip when running inside docker as non-root user is indeed enough to make this problem go away for those who choose to run in an unsupported configuration, would you consider merging a PR that adds such a check?

@pvizeli Could you elaborate on why the backend is built with the assumption the user is a Root/Privileged user? I understand the idea of using AppArmor, but it is common Linux convention, on Docker or otherwise to not run user services as root.

I meanDocker is normally static and install packages on runtime a bit special for docker. Our project is so big that dynamic package install need to be, otherwise you have 2-3GB of library they need to be preinstalled.

So if you want to follow the strict way of docker, you need to build your images and don't use the unusually way to use a container like a VM.

We provide a container they should work on so many different scenarios if you run it like we prefer this. Otherwise, we provide wheels and you can easily build your own container that works in your scenario as you prefer.

I don't think that a way/path is wrong or that someone of you did wrong stuff.

So after a lengthy discussion in https://github.com/home-assistant/home-assistant/pull/26471 I came up with a simple solution:

https://github.com/tribut/homeassistant-docker-venv

This uses the official docker image, but wraps HA in a venv, so package installation works. Let me know if you run into any problems.

@tribut So far, so good! Gone are the errors everytime my container is recreated, for which I am beyond thankful. I got tired of having to run several docker exec -it --user=root commands to manually install missing packages as a work-around!

For the record: as I use docker-compose, I had to add command: /config/docker/run to my docker-compose.yml file to make this work.

There hasn't been any activity on this issue recently. Due to the high number of incoming GitHub notifications, we have to clean some of the old issues, as many of them have already been resolved with the latest updates.
Please make sure to update to the latest Home Assistant version and check if that solves the issue. Let us know if that works for you by adding a comment 👍
This issue now has been marked as stale and will be closed if no further activity occurs. Thank you for your contributions.

Don't disagree with closing this issue, but it would be great if these instructions where included somewhere in the official documentation, making it easier to find. Would the team be open to a PR to do that?