Permission denied on Synology NAS

I’m trying to set up the syncthing docker image on my Synology NAS DS420+. However, after adding the mounted volume in the frontend, I receive the following error messages:

2024-06-10 21:05:29: Loading ignores: lstat /var/sync/.stignore: permission denied

2024-06-10 21:05:29: Failed to create folder marker: stat /var/sync/.stfolder: permission denied

2024-06-10 21:05:29: Error on folder "Sync" (xdhrg-enr9h): stat /var/sync/.stfolder: permission denied

I’ve started my container via docker-compose with the following yaml:

---
version: "3"
services:
  syncthing:
    image: syncthing/syncthing
    container_name: syncthing
    hostname: myshare
    environment:
      - PUID=1026
      - PGID=100
    volumes:
      - /volume1/docker/syncthing:/var/syncthing
      - /volume1/Files/sync:/var/sync
    ports:
      - 8384:8384 # Web UI
      - 22000:22000/tcp # TCP file transfers
      - 22000:22000/udp # QUIC file transfers
      - 21027:21027/udp # Receive local discovery broadcasts
    restart: unless-stopped

The user is part of group docker and has puid 1026 and pgid 100.

Via /var/syncthing syncthing is able to write files into /volume1/docker/syncthing. When I “log into” the container, I’m able to create files in /var/sync as well (but I’m logged in as root, not a a user with UID 1026).

ls -l on my NAS gives me

drwxrwxrwx+ 1 myuser(with UID 1026) users      0 Jun 10 21:01  sync

ls -l in /var inside the container returns

d---------    1 1026     users            0 Jun 10 19:01 sync

Adding a syncronized folder in /var/syncthing seems to work.

chmod 777 /var/sync

seems so solve the issue. Am I’m doing something wrong? I assume there is a better way to fix this.

I would only use such PUID and PGID if the corresponding user has been created in the Synology DSM. Assigning this user to Docker is wrong, it would be a coincidence if the Docker group had read and write permissions in the relevant directory. The user created in DSM can either be assigned to a group that already has the appropriate directory rights, or the desired read and write rights are assigned to the user in DSM in the shared folders area and inherited in the subdirectories.