Question Docker Permissions Question

Currently reading
Question Docker Permissions Question

4,027
1,378
NAS
DS4l8play, DS202j, DS3623xs+, DSM 7.3.3-25847
I set up jlesage/docker-mkvtoolnix and have run into a confounding issue that seems permissions related.

One of the container volume mappings "/storage" is for where video files reside for editing. Initially I mapped /videos (the shared folder auto-created by Synology's Video Station package), however, when I opened the "storage" folder it was empty (no files/folders visible).

Next, I remapped the container's /storage to a subfolder under my shared folder /docker (the shared folder auto-created by Synology's Docker package), and files/folders were visible under the "storage" folder. But that's not where I want to edit my video files.

Lastly, I mapped the container's /storage folder to a shared folder I created a few weeks ago "/downloads". Again, no files/folders were visible.

I'm thinking this is a permissions issue of some sort, but it's not obvious to me. The Docker volume mappings are "rw" and there's nothing jumping out at me that distinguishes the shared folder /docker permissions from the other shared folders (/video /downloads).

Where should I look to find the issue?
 
I glanced at the documentation. That package does NOT use the more common PUID and PGID environment variables.

User/Group IDs

When using data volumes (-v flags), permissions issues can occur between the host and the container. For example, the user within the container may not exists on the host. This could prevent the host from properly accessing files and folders on the shared volume.


To avoid any problem, you can specify the user the application should run as.


This is done by passing the user ID and group ID to the container via the USER_ID and GROUP_ID environment variables.
 
Last edited:
If the image uses a restirected user, than docker allows to modify that users UID:GID, by starting a container with the -u option. The same is feasable in docker-compose deployment; the config item is user:.

On the shell use `stat /path/to/your/folder` to see the ownership and set those ID's in the -u option.
Containers rely on the unix permission only. Synology uses ACL's to configure permissions; those are typicaly ignored by containers.

Update: oh, now I see that the last line of Seaprobe's quote statess how permission mapping is done for this image, seems like you need to use the ENV's USER_ID and GROUP_ID instead.

Permission mapping is nothing docker provides, it is in the responsiblity of the image maintainer to implement it - that is if he wants to support it at all! If they implement it, it is up to them how the name the ENV variables they use to make it work. Typicaly an entrypoint script takes those values and applies them to the default restricted user inside the container.
 

Create an account or login to comment

You must be a member in order to leave a comment

Create account

Create an account on our community. It's easy!

Log in

Already have an account? Log in here.

Similar threads

  • Solved
Brilliant, thanks again (y) 1638624696 It's working fine now, thanks very much for your help (y)
Replies
4
Views
3,177
Yes I did... just a typo in the post Not sure what you are looking for... the container itself doesnt...
Replies
17
Views
24,780
@one-eyed-king , I have tried your first step: sudo synogroup --add docker and encounter the following...
Replies
11
Views
30,667
I can’t find any option to restore just the settings. 1710356648 Phew, managed to fix it. Within the...
Replies
4
Views
401
Good to hear. Deluge has not been updated for almost two years now as an app, nevertheless. But it gives...
Replies
12
Views
968
  • Question
Open an issue on that GitHub page. The developers will be glad to assist. OP has posted two threads on...
Replies
5
Views
965

Welcome to SynoForum.com!

SynoForum.com is an unofficial Synology forum for NAS owners and enthusiasts.

Registration is free, easy and fast!

Back
Top