- 62
- 24
- NAS
- DS716+
- Router
- Operating system
- Linux
- macOS
- Windows
- Mobile operating system
- Android
- iOS
Last edited:
It's a long story, but please bear with me...
For the convenience of those unfamiliar with Docker, I am planning to automatically generate Synology packages for all LinuxServer.io applications (that use Docker to run).
I already have Portainer templates and docker-compose files available for those applications, so I thought this would not be such a big deal. But for some reason, I can't get it right.
Below I describe the typical installation via docker-compose and the installation via a Synology package and the problems that arise.
Installing using docker-compose
The steps are:
Installing using a package
Sample package here. This package is broken. For illustration only. Better not use it.
In DSM 7 the packages no longer run as root user, but as a regular user (and non admin group). This is configured in the privilege file.
Packages can obtain system resources even in lower privilege identity. In DSM 7 the "Docker worker" was added where a Docker resource file is transformed to
In the resource file you can add volumes, ports, environment variables just like in a
I think there are two options to set the
Problem 1
This means I have to set both
Problem 2
Another problem is that the volume host directories are created as root user which may result in permission issues.
Because the package runs as a regular user, it is not possible to
I get the feeling that Synology did not think things through. Or maybe I'm missing the obvious?
Any thoughts, ideas anyone? Thanks.
Screenshots
For the convenience of those unfamiliar with Docker, I am planning to automatically generate Synology packages for all LinuxServer.io applications (that use Docker to run).
I already have Portainer templates and docker-compose files available for those applications, so I thought this would not be such a big deal. But for some reason, I can't get it right.
Below I describe the typical installation via docker-compose and the installation via a Synology package and the problems that arise.
Installing using docker-compose
The steps are:
- Pick a user (e.g.
sonarr-docker
) - Create the volume host directories as that user
- Determine
PUID
andPGID
from that user (more info here) - Create a docker-compose file and set the environment variables
PUID
andPGID
Installing using a package
Sample package here. This package is broken. For illustration only. Better not use it.
In DSM 7 the packages no longer run as root user, but as a regular user (and non admin group). This is configured in the privilege file.
Packages can obtain system resources even in lower privilege identity. In DSM 7 the "Docker worker" was added where a Docker resource file is transformed to
docker-compose
format to create/start and stop/remove services.In the resource file you can add volumes, ports, environment variables just like in a
docker-compose
file. If I understand correctly the resource file is "locked" so it is not updatable by the package installation process.I think there are two options to set the
PUID
and PGID
and create the volume host directories- Use the user from the privilege file (in this case
sonarr-docker
) - Use a different user (e.g.
docker-user
)
Problem 1
This means I have to set both
PUID
and PGID
using the package installation wizard and set both PUID
and PGID
as environment variables in the resource file. But because the file is "locked" I cannot seem to find a way to do this.Problem 2
Another problem is that the volume host directories are created as root user which may result in permission issues.
Code:
sysop@DS716:/volume1/docker/sonarr-docker$ ls -l
total 0
drwxrwxrwx+ 1 admin users 246 Jul 10 09:04 config
drwxrwxrwx+ 1 root root 0 Jul 10 09:03 downloads
drwxrwxrwx+ 1 root root 0 Jul 10 09:03 tv
sysop@DS716:/volume1/docker/sonarr-docker$
Because the package runs as a regular user, it is not possible to
chown
the directories.I get the feeling that Synology did not think things through. Or maybe I'm missing the obvious?
Any thoughts, ideas anyone? Thanks.
Screenshots