Question Docker Permissions Question

Currently reading
Question Docker Permissions Question

733
247
NAS
DS418play, DS213j, DSM 7.0.1-14401
I set up jlesage/docker-mkvtoolnix and have run into a confounding issue that seems permissions related.

One of the container volume mappings "/storage" is for where video files reside for editing. Initially I mapped /videos (the shared folder auto-created by Synology's Video Station package), however, when I opened the "storage" folder it was empty (no files/folders visible).

Next, I remapped the container's /storage to a subfolder under my shared folder /docker (the shared folder auto-created by Synology's Docker package), and files/folders were visible under the "storage" folder. But that's not where I want to edit my video files.

Lastly, I mapped the container's /storage folder to a shared folder I created a few weeks ago "/downloads". Again, no files/folders were visible.

I'm thinking this is a permissions issue of some sort, but it's not obvious to me. The Docker volume mappings are "rw" and there's nothing jumping out at me that distinguishes the shared folder /docker permissions from the other shared folders (/video /downloads).

Where should I look to find the issue?
 
8
2
NAS
DS218+
Operating system
macOS
Mobile operating system
iOS
Does that package have PGID and PUID environment variables? If so, to what did you set them?
 
8
2
NAS
DS218+
Operating system
macOS
Mobile operating system
iOS
I glanced at the documentation. That package does NOT use the more common PUID and PGID environment variables.

User/Group IDs

When using data volumes (-v flags), permissions issues can occur between the host and the container. For example, the user within the container may not exists on the host. This could prevent the host from properly accessing files and folders on the shared volume.


To avoid any problem, you can specify the user the application should run as.


This is done by passing the user ID and group ID to the container via the USER_ID and GROUP_ID environment variables.
 
If the image uses a restirected user, than docker allows to modify that users UID:GID, by starting a container with the -u option. The same is feasable in docker-compose deployment; the config item is user:.

On the shell use `stat /path/to/your/folder` to see the ownership and set those ID's in the -u option.
Containers rely on the unix permission only. Synology uses ACL's to configure permissions; those are typicaly ignored by containers.

Update: oh, now I see that the last line of Seaprobe's quote statess how permission mapping is done for this image, seems like you need to use the ENV's USER_ID and GROUP_ID instead.

Permission mapping is nothing docker provides, it is in the responsiblity of the image maintainer to implement it - that is if he wants to support it at all! If they implement it, it is up to them how the name the ENV variables they use to make it work. Typicaly an entrypoint script takes those values and applies them to the default restricted user inside the container.
 
Last edited:
733
247
NAS
DS418play, DS213j, DSM 7.0.1-14401
seems like you need to use the ENV's USER_ID and GROUP_ID instead.
I'll try this, but I can tell you that running sonarr with my admin PGID/PUID has the same problem. In that case I gave up and put my videos under the shared folder "Docker" since they weren't seen under "Video". This is so puzzling.
 
733
247
NAS
DS418play, DS213j, DSM 7.0.1-14401
OK... That seemed to work when I changed the group from user to administrators (while using an administrator ID). Now to figure out why the user group doesn't work. on a folder where if I log in as a "user" I have full access. @Seaprobe @one-eyed-king 🍪 🍪 🍪 🍪
 

Create an account or login to comment

You must be a member in order to leave a comment

Create account

Create an account on our community. It's easy!

Log in

Already have an account? Log in here.

Welcome to SynoForum.com!

SynoForum.com is an unofficial Synology forum for NAS owners and enthusiasts.

Registration is free, easy and fast!

Similar threads

Top