Docker container permissions not working as expected

I got syncthings working in Docker using Docker Compose.

compose file

    image: syncthing/syncthing
    container_name: syncthing
    hostname: syncthing
    restart: always
      - trust
      - "8384:8384"
      - "22000:22000"
      - ${ROOT_DOCKER_CONTAINER_DIR}/syncthing:/var/syncthing
      - /data:/data
      - ${ROOT_DOCKER_CONTAINER_DIR}/shared:/shared
      - PUID=${PUID}
      - PGID=${PGID}
      - TZ=${TZ}


I am trying to share /data/folder/docs. The PUID ID does have access to /data on my host system. But when I try to add /data/folder/docs as a folder in Syncthing, I see these errors:

2021-01-19 12:41:56: Loading ignores: lstat /data/folder/docs/.stignore: permission denied

2021-01-19 12:41:56: Failed to create folder root directory stat /data/folder/docs: permission denied

2021-01-19 12:41:56: Error on folder “anchal docs” (z7v5z-pkmcr): stat /data/folder/docs: permission denied

From my host, I can see /data in the container.

ID container is running as:

$ docker exec -it 01b7df68bf65 id
uid=0(root) gid=0(root) groups=0(root),1(bin),2(daemon),3(sys),4(adm),6(disk),10(wheel),11(floppy),20(dialout),26(tape),27(video)

container’s environment variables:

$ docker exec -it 01b7df68bf65 env

contents of the folder:

$ docker exec -it 01b7df68bf65 ls /data/folder/docs
...redacted content

stating the folder:

$ docker exec -it 01b7df68bf65 stat /data/anchal/docs
  File: /data/folder/docs
  Size: 4096            Blocks: 8          IO Block: 4096   directory
Device: 801h/2049d      Inode: 106692779   Links: 35
Access: (2770/drwxrws---)  Uid: ( 1000/ UNKNOWN)   Gid: ( 1001/ UNKNOWN)
Access: 2021-01-19 02:00:11.000000000
Modify: 2020-12-14 23:34:28.000000000
Change: 2020-12-15 11:14:59.000000000

creating a file

$ docker exec -it 01b7df68bf65 touch /data/anchal/docs/sync
$ $ ls -la /data/anchal/docs/sync    # looking at file from the host
-rw-rw---- 1 root data 0 Jan 19 12:56 /data/anchal/docs/sync

So it is creating the file as root even though PUID is 1000. And I don’t understand why I get those errors when the container can access the path.

You’re running your commands as root so no surprise your file ends up owned by root. You’re also not showing what you set PUID/PGID to. I suggest looking closer at Docker and maybe docker-compose docs and help, as this looks like a Docker setup issue.


PUID is set to 1000 and PGID is set to 998. I can see that this is getting set in the container – env in container shows it.

Oh. Ha. Duh! You’re right. That makes sense. How can I replicate what ST is doing to see why it is failing?

I think something like docker exec -it -u $PUID:$PGID $containerID /bin/bash. And, of course, check with ps that Syncthing is in fact running as the user you expect it to be.

1 Like

@calmh Thanks! That helped me.

The /data point in the container was owned by root so PUID could not access it. Once I ran this command, it started working:

docker exec -it 01b7df68bf65 chown 1000 /data
1 Like

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.