Docker container permissions not working as expected

imthenachoman · January 19, 2021, 5:58pm

I got syncthings working in Docker using Docker Compose.

compose file

  syncthing:
    image: syncthing/syncthing
    container_name: syncthing
    hostname: syncthing
    restart: always
    networks:
      - trust
    ports:
      - "8384:8384"
      - "22000:22000"
    volumes:
      - ${ROOT_DOCKER_CONTAINER_DIR}/syncthing:/var/syncthing
      - /data:/data
      - ${ROOT_DOCKER_CONTAINER_DIR}/shared:/shared
    environment:
      - PUID=${PUID}
      - PGID=${PGID}
      - TZ=${TZ}

issue

I am trying to share /data/folder/docs. The PUID ID does have access to /data on my host system. But when I try to add /data/folder/docs as a folder in Syncthing, I see these errors:

2021-01-19 12:41:56: Loading ignores: lstat /data/folder/docs/.stignore: permission denied

2021-01-19 12:41:56: Failed to create folder root directory stat /data/folder/docs: permission denied

2021-01-19 12:41:56: Error on folder “anchal docs” (z7v5z-pkmcr): stat /data/folder/docs: permission denied

From my host, I can see /data in the container.

ID container is running as:

$ docker exec -it 01b7df68bf65 id

uid=0(root) gid=0(root) groups=0(root),1(bin),2(daemon),3(sys),4(adm),6(disk),10(wheel),11(floppy),20(dialout),26(tape),27(video)

container’s environment variables:

$ docker exec -it 01b7df68bf65 env

PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
HOSTNAME=syncthing
TERM=xterm
PUID=1000
PGID=998
TZ=America/New_York
HOME=/var/syncthing
STGUIADDRESS=0.0.0.0:8384

contents of the folder:

$ docker exec -it 01b7df68bf65 ls /data/folder/docs

...redacted content

stating the folder:

$ docker exec -it 01b7df68bf65 stat /data/anchal/docs

  File: /data/folder/docs
  Size: 4096            Blocks: 8          IO Block: 4096   directory
Device: 801h/2049d      Inode: 106692779   Links: 35
Access: (2770/drwxrws---)  Uid: ( 1000/ UNKNOWN)   Gid: ( 1001/ UNKNOWN)
Access: 2021-01-19 02:00:11.000000000
Modify: 2020-12-14 23:34:28.000000000
Change: 2020-12-15 11:14:59.000000000

creating a file

$ docker exec -it 01b7df68bf65 touch /data/anchal/docs/sync
$ $ ls -la /data/anchal/docs/sync    # looking at file from the host

-rw-rw---- 1 root data 0 Jan 19 12:56 /data/anchal/docs/sync

So it is creating the file as root even though PUID is 1000. And I don’t understand why I get those errors when the container can access the path.

calmh · January 19, 2021, 6:03pm

You’re running your commands as root so no surprise your file ends up owned by root. You’re also not showing what you set PUID/PGID to. I suggest looking closer at Docker and maybe docker-compose docs and help, as this looks like a Docker setup issue.

imthenachoman · January 19, 2021, 6:15pm

PUID is set to 1000 and PGID is set to 998. I can see that this is getting set in the container – env in container shows it.

Oh. Ha. Duh! You’re right. That makes sense. How can I replicate what ST is doing to see why it is failing?

calmh · January 19, 2021, 6:20pm

I think something like docker exec -it -u $PUID:$PGID $containerID /bin/bash. And, of course, check with ps that Syncthing is in fact running as the user you expect it to be.

imthenachoman · January 19, 2021, 7:04pm

@calmh Thanks! That helped me.

The /data point in the container was owned by root so PUID could not access it. Once I ran this command, it started working:

docker exec -it 01b7df68bf65 chown 1000 /data

system · February 18, 2021, 7:04pm

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.