DOCS: path cleanup, TZ removal

Signed-off-by: jokob-sk <jokob.sk@gmail.com>
2025-12-07 01:26:11 -08:00 · 2025-11-16 09:26:18 +11:00
parent c38758d61a
commit 093d595fc5
16 changed files with 149 additions and 115 deletions
--- a/docs/FILE_PERMISSIONS.md
+++ b/docs/FILE_PERMISSIONS.md
@@ -35,8 +35,8 @@ Sometimes, permission issues arise if your existing host directories were create

 ```bash
 docker run -it --rm --name netalertx --user "0" \
-  -v local/path/config:/data/config \
-  -v local/path/db:/data/db \
+  -v /local_data_dir/config:/data/config \
+  -v /local_data_dir/db:/data/db \
  ghcr.io/jokob-sk/netalertx:latest
 ```

@@ -46,6 +46,13 @@ docker run -it --rm --name netalertx --user "0" \

 > The container startup script detects `root` and runs `chown -R 20211:20211` on all volumes, fixing ownership for the secure `netalertx` user.

+> [!TIP]
+> If you are facing permissions issues run the following commands on your server. This will change the owner and assure sufficient access to the database and config files that are stored in the `/local_data_dir/db` and `/local_data_dir/config` folders (replace `local_data_dir` with the location where your `/db` and `/config` folders are located). 
+>  ```bash
+>  sudo chown -R 20211:20211 /local_data_dir
+>  sudo chmod -R a+rwx  /local_data_dir
+>  ```
+
 ---

 ## Example: docker-compose.yml with `tmpfs`
@@ -55,17 +62,19 @@ services:
  netalertx:                                  
    container_name: netalertx                
    image: "ghcr.io/jokob-sk/netalertx"  
-    network_mode: "host"       
-    cap_add:
-      - NET_RAW
-      - NET_ADMIN
-      - NET_BIND_SERVICE
+    network_mode: "host"      
+    cap_drop:                                       # Drop all capabilities for enhanced security
+      - ALL 
+    cap_add:                                        # Add only the necessary capabilities
+      - NET_ADMIN                                   # Required for ARP scanning
+      - NET_RAW                                     # Required for raw socket operations
+      - NET_BIND_SERVICE                            # Required to bind to privileged ports (nbtscan)
    restart: unless-stopped
    volumes:
-      - local/path/config:/data/config         
-      - local/path/db:/data/db                 
-    environment:
-      - TZ=Europe/Berlin      
+      - /local_data_dir/config:/data/config         
+      - /local_data_dir/db:/data/db       
+      - /etc/localtime:/etc/localtime          
+    environment: 
      - PORT=20211
    tmpfs:
      - "/tmp:uid=20211,gid=20211,mode=1700,rw,noexec,nosuid,nodev,async,noatime,nodiratime"