docker new install permission issues

I’m trying to get synthing to work on docker. I’ve see the comments on posts 11 and 17 and I’ve set the folders owner to 1000:1000 with chown , but I still get issues:

2018-09-03 22:37:20: Failed to create folder root directory mkdir /Sync/: permission denied
2018-09-03 22:37:20: Error on folder "Default Folder" (default): folder path missing

I mistakenly raised a topic on github and was told to raise my question here with the following comment:

The /Sync directory is not something the docker image does by default. Directories you create, you need to ensure correct permissions on

Issue is I have not created this folder, it appears to be a folder that syncthing needs to create in the container.

Not sure how to get this fixed… Any ideas?

adding a bit more info in case it helps. Here is my docker compose:

  version: '3'
  services:
    syncthing:
      image: syncthing/syncthing:latest
      container_name: syncthing
      network_mode: host
      volumes:
        - /myzfs/Backup/st-cfg:/var/syncthing/config
        - /myzfs/Backup/st-sync:/var/syncthing
      restart: always

and here are the docker-compose logs:

syncthing    | [monitor] 08:53:13 INFO: Starting syncthing
syncthing    | [DRZUJ] 08:53:14 INFO: syncthing v0.14.49 "Dysprosium Dragonfly" (go1.10.3 linux-amd64) docker@syncthing.net 2018-07-10 15:40:06 UTC
syncthing    | [DRZUJ] 08:53:14 INFO: My ID: DRZUJ67-DQ5KZ4J-WQ3YDCB-FCGF6GV-[redacted]
syncthing    | [DRZUJ] 08:53:15 INFO: Single thread SHA256 performance is 70 MB/s using minio/sha256-simd (51 MB/s using crypto/sha256).
syncthing    | [DRZUJ] 08:53:16 INFO: Hashing performance is 68.36 MB/s
syncthing    | [DRZUJ] 08:53:16 WARNING: Failed to create folder root directory mkdir /Sync/: permission denied
syncthing    | [DRZUJ] 08:53:16 INFO: Ready to synchronize "Default Folder" (default) (sendreceive)
syncthing    | [DRZUJ] 08:53:16 INFO: Overall send rate is unlimited, receive rate is unlimited
syncthing    | [DRZUJ] 08:53:16 INFO: Rate limits do not apply to LAN connections
syncthing    | [DRZUJ] 08:53:16 WARNING: Error on folder "Default Folder" (default): folder path missing
syncthing    | [DRZUJ] 08:53:16 INFO: Using discovery server https://discovery-v4.syncthing.net/v2/?nolookup&id=LYXKCHX-VI3NYZR-ALCJBHF-WMZYSPK-[redacted]
syncthing    | [DRZUJ] 08:53:16 INFO: Using discovery server https://discovery-v6.syncthing.net/v2/?nolookup&id=LYXKCHX-VI3NYZR-ALCJBHF-WMZYSPK-[redacted]
syncthing    | [DRZUJ] 08:53:16 INFO: Using discovery server https://discovery.syncthing.net/v2/?noannounce&id=LYXKCHX-VI3NYZR-ALCJBHF-WMZYSPK-[redacted]
syncthing    | [DRZUJ] 08:53:16 INFO: Relay listener (dynamic+https://relays.syncthing.net/endpoint) starting
syncthing    | [DRZUJ] 08:53:16 INFO: Failed initial scan of sendreceive folder "Default Folder" (default)
syncthing    | [DRZUJ] 08:53:16 INFO: TCP listener ([::]:22000) starting
syncthing    | [DRZUJ] 08:53:16 INFO: GUI and API listening on [::]:8384
syncthing    | [DRZUJ] 08:53:16 INFO: Access the GUI via the following URL: http://127.0.0.1:8384/
syncthing    | [DRZUJ] 08:53:16 INFO: Device DRZUJ67-DQ5KZ4J-WQ3YDCB-[redacted] is "HP-N54L" at [dynamic]
syncthing    | [DRZUJ] 08:53:16 INFO: No automatic upgrades; STNOUPGRADE environment variable defined.
syncthing    | [DRZUJ] 08:53:27 INFO: New NAT port mapping: external TCP address 94.174.79.72:53605 to local address 0.0.0.0:22000.
syncthing    | [DRZUJ] 08:53:27 INFO: New NAT port mapping: external TCP address 94.174.79.72:44153 to local address 0.0.0.0:22000.
syncthing    | [DRZUJ] 08:53:27 INFO: Detected 2 NAT services
syncthing    | [DRZUJ] 08:53:32 INFO: Joined relay relay://82.17.118.83:22067

and to confirm, I’ve set the owner to 1000:

cctv@HP-N54L:/myzfs/Backup$ ls -l st-cfg/
total 36
-rw-r--r-- 1 cctv cctv  615 Sep  3 22:56 cert.pem
-rw------- 1 cctv cctv 3629 Sep  3 23:04 config.xml
-rw------- 1 cctv cctv   33 Sep  3 23:04 csrftokens.txt
-rw-r--r-- 1 cctv cctv 1066 Sep  3 22:56 https-cert.pem
-rw------- 1 cctv cctv 1679 Sep  3 22:56 https-key.pem
drwxr-xr-x 2 cctv cctv    8 Sep  4 09:53 index-v0.14.0.db
-rw------- 1 cctv cctv  288 Sep  3 22:56 key.pem
You have new mail in /var/mail/cctv
cctv@HP-N54L:/myzfs/Backup$ id -u cctv
1000

You started the container with a config that was created outside of the container which has the default folder created at /Sync/. The permissions issue is not at your config directory but /Sync/ directory.

Thanks for the quick reply. I’m confused as I have not created the sync folder nor the config. I just created empty st-cfg and st-sync folders, set the ownership then ran docker-compose… just deleted the contents of both st-cfg and st-sync folders again, deleted the container image and restarted docker-compose. Same issue… What am I missing?

Can you post the logs of the container when running for the first time?

Note: I’m running syncthing in the same docker-compose as portainer. As far as I know it should be ok but feel free to prove me wrong.

cctv@HP-N54L:~/portainer$ docker-compose down && docker-compose up 
Removing portainer ... done
Removing network portainer_default
Creating network "portainer_default" with the default driver
Pulling syncthing (syncthing/syncthing:latest)...
latest: Pulling from syncthing/syncthing
8e3ba11ec2a2: Pull complete
f47912f25b63: Pull complete
468120c8601b: Pull complete
70a87776af1d: Pull complete
Digest: sha256:cc0e1c11efa8eb856bfe2a412f6cbae52bcddc91939a[redacted]
Status: Downloaded newer image for syncthing/syncthing:latest
Creating portainer ... done
Creating syncthing ... done
Attaching to syncthing, portainer
syncthing    | [monitor] 10:06:19 INFO: Starting syncthing
syncthing    | [start] 10:06:20 INFO: Generating ECDSA key and certificate for syncthing...
syncthing    | [KOK6Y] 10:06:20 INFO: syncthing v0.14.49 "Dysprosium Dragonfly" (go1.10.3 linux-amd64) docker@syncthing.net 2018-07-10 15:40:06 UTC
syncthing    | [KOK6Y] 10:06:20 INFO: My ID: KOK6YUR-O2X3ZJF-S2MFHCQ-5POOQ7U-7Q2RY3O-[redacted]
portainer    | 2018/09/04 10:06:20 Templates already registered inside the database. Skipping template import.
portainer    | 2018/09/04 10:06:20 Instance already has defined endpoints. Skipping the endpoint defined via CLI.
portainer    | 2018/09/04 10:06:20 Starting Portainer 1.19.1 on :9000
syncthing    | [KOK6Y] 10:06:21 INFO: Single thread SHA256 performance is 80 MB/s using minio/sha256-simd (76 MB/s using crypto/sha256).
syncthing    | [KOK6Y] 10:06:21 INFO: Default folder created and/or linked to new config
syncthing    | [KOK6Y] 10:06:21 INFO: Default config saved. Edit /var/syncthing/config/config.xml to taste or use the GUI
syncthing    | [KOK6Y] 10:06:22 INFO: Hashing performance is 85.56 MB/s
syncthing    | [KOK6Y] 10:06:22 INFO: No stored folder metadata for "default": recalculating
syncthing    | [KOK6Y] 10:06:22 WARNING: Failed to create folder root directory mkdir /Sync/: permission denied
syncthing    | [KOK6Y] 10:06:22 INFO: Ready to synchronize "Default Folder" (default) (sendreceive)
syncthing    | [KOK6Y] 10:06:22 INFO: Overall send rate is unlimited, receive rate is unlimited
syncthing    | [KOK6Y] 10:06:22 INFO: Rate limits do not apply to LAN connections
syncthing    | [KOK6Y] 10:06:22 INFO: Using discovery server https://discovery-v4.syncthing.net/v2/?nolookup&id=LYXKCHX-VI3NYZR-ALCJBHF-WMZYSPK-[redacted]
syncthing    | [KOK6Y] 10:06:22 INFO: Using discovery server https://discovery-v6.syncthing.net/v2/?nolookup&id=LYXKCHX-VI3NYZR-ALCJBHF-WMZYSPK-[redacted]
syncthing    | [KOK6Y] 10:06:22 INFO: Using discovery server https://discovery.syncthing.net/v2/?noannounce&id=LYXKCHX-VI3NYZR-ALCJBHF-WMZYSPK-[redacted]
syncthing    | [KOK6Y] 10:06:22 INFO: TCP listener ([::]:22000) starting
syncthing    | [KOK6Y] 10:06:22 INFO: Relay listener (dynamic+https://relays.syncthing.net/endpoint) starting
syncthing    | [KOK6Y] 10:06:22 WARNING: Error on folder "Default Folder" (default): folder path missing
syncthing    | [KOK6Y] 10:06:22 INFO: Failed initial scan of sendreceive folder "Default Folder" (default)
syncthing    | [KOK6Y] 10:06:22 INFO: Loading HTTPS certificate: open /var/syncthing/config/https-cert.pem: no such file or directory
syncthing    | [KOK6Y] 10:06:22 INFO: Creating new HTTPS certificate
syncthing    | [KOK6Y] 10:06:22 INFO: GUI and API listening on [::]:8384
syncthing    | [KOK6Y] 10:06:22 INFO: Access the GUI via the following URL: http://127.0.0.1:8384/
syncthing    | [KOK6Y] 10:06:22 INFO: Device KOK6YUR-O2X3ZJF-S2MFHCQ-5POOQ7U-7Q2RY3O-[redacted]is "HP-N54L" at [dynamic]
syncthing    | [KOK6Y] 10:06:22 INFO: No automatic upgrades; STNOUPGRADE environment variable defined.
syncthing    | [KOK6Y] 10:06:32 INFO: New NAT port mapping: external TCP address 94.174.79.72:56588 to local address 0.0.0.0:22000.
syncthing    | [KOK6Y] 10:06:32 INFO: New NAT port mapping: external TCP address 94.174.79.72:42507 to local address 0.0.0.0:22000.
syncthing    | [KOK6Y] 10:06:32 INFO: Detected 2 NAT services
syncthing    | [KOK6Y] 10:06:37 INFO: Joined relay relay://31.16.239.1:22067
syncthing    | [KOK6Y] 10:07:59 INFO: Sent usage report (version 3)

Seems like something is stuffed, I am not in a position to test anything as I am on holiday. You can modify the config while the container is not running and remote the folder if there are two, or point it at the right path.

Thanks, I’ve opened the config.xml and I can now indeed see the path="//Sync". So for my example I guess this should be /myzfs/Backup/st-sync/Sync? or should it be in a different location? Sorry for the noob questions, I’ve only just started using syncthing

It doesn’t really matter as long its within the mount.

I wonder if your docker compose or magic removes environment variables that were set in the dockerfile

I’ve tried the linuxserver/syncthing docker image and that worked straight out of the box. not sure what’s wrong with the syncthing/syncthing image. Guess we’ll close this topic or do you want to go through a few things once you’re back from holidays?

I’ll check it if I remember it (probably I won’t).

When are you back? I’ll get in touch then if you want

Monday

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.