Folder permission issues

[cavedog]

Hi all.

Okay so I run a docker downloader in a docker container as root.

It downloads all, the files to /home/cavedog/Downloads in 2 subfolders called /home/cavedog/Downloads/radarr and /home/cavedog/Downloads/tv-sonarr

Docker ID is 911 and obviously he is the owner of the folders and files he creates as root.

Now I have apps installed under a user called cavedog. I want all processes run under cavedog to have read, write and execute permissions in these folders.

I have set the permissions but and have changed the owners but the apps are still getting "access denied"



I need advice on how to allow cavedog read, write and execute permissions on /home/cavedog/Downloads and all subfolders and files that are created afterwords by the root user 911. I tried everything I can't win and as a last ditch efford I'm thing of just giving cavedog root privileges.

 

[newklear]

The quick fix is to chown each time, but that is not a feasible option.

chown -R cavedog:cavedog /home/cavedog/Downloads

Ultimately you should set the docker user with useradd when running the container.

 

[PhireSide]

Under Sonarr/Radarr settings -> media management you can set permissions as well. Also check what permissions your downloader is using and make sure it matches what you require.

Something to maybe have a look at.

 

[cavedog]

The quick fix is to chown each time, but that is not a feasible option.

chown -R cavedog:cavedog /home/cavedog/Downloads

Ultimately you should set the docker user with useradd when running the container.

Yeah it's not ideal. It messes with the automation.

So I modified the the docker container to now add the user --user 1004:1004 but then the container isn;t working. It starts fine without any errors but the app isn't accessible. What a nightmare struggle I'm having.

 

[cavedog]

Under Sonarr/Radarr settings -> media management you can set permissions as well. Also check what permissions your downloader is using and make sure it matches what you require.

Something to maybe have a look at.

I checked those but those only set the folder it manages. Sonarr doesn't have root access to modify the file the docker container is creating. i need to figure out why my docker container isn't working when I specify user as being cavedog.

 

[Sinbad]

Are those directories inside the container? How are they persisted?

 

[cavedog]

I've given up on this. Not gettig it working after 4 hours of googling and trying non stop still not getting it fixed.

 

[PhireSide]

I've given up on this. Not gettig it working after 4 hours of googling and trying non stop still not getting it fixed.

I'll share my config with you a bit later. I think our setups are similar so maybe we can compare notes and see if we can figure it out

 

[SauRoNZA]

If you run all the things as the same user you shouldn’t have a problem.

But as Sinbad said is this from within the container or outside of it?

Presumably they are all bind mounts and the problem is on the host level?

Also are you sure you are mapping/binding the folders correctly in the other apps? I’ve seen a supposed “permission” error when the other app actually can’t see the folders due to the mapping being wrong.

Which apps are giving the problem? Maybe draw us a picture.

 

[PhireSide]

My Unix is a bit rusty, but can't you add UID=cavedog to the same group that docker belongs to? Run cat /etc/group to find the group that docker belongs to. Maybe that sets you off on the correct path.

I struggled for a long, long time to get mine setup the way I want it and it's still not 100% but it is working, at least working enough to be of use.

 

[PPLdude]

setfacl -mR u:davedog,rwx /home/cavedog/Downloads
setfacl -mR d:u:davedog,rwx /home/cavedog/Downloads

 

[CT_Biker]

Hmmm…i sense Ubuntu has entered the Chat

 

[cavedog]

Thanks for all the suggestions.

I will try them out.

Basically the setup is swizzin with sonarr and radarr running as user cavedog. I'm using a real0debrid downloader that is based on the qbitorrent api which adds and downloads files from real-debrid without having to do the torrents in a torrent client because most content is cached on real-debrid already so it's fast and instant single http links.

This downloader runs in a docket container. The download patch set for ~/home/cavedog/Downloads This is the home directory of cavedog. The issue is docker runs as root so all the files it creates in ~/home/cavedog/Downloads has the owner root. Other users like cavedog have read access but not write and execute access.

Constantly running chown -R cavedog:cavedog /home/cavedog/Downloads as root fixes the permission but only for the files and folders that are already there. When new ones gets downloaded it's an issue again.

Running the docker container with -u 1004:1004 which the user id for cavedog creates a bunch of docker permission errors and the container doesn't run.

I have just decided that I will run the setup on my windows machine and well setting the permissions is a breeze. Windows is easy. Simple one click solution to change the owner of subsequent files. Exactly what I want to do.

 

[PPLdude]

have just decided that I will run the setup on my windows machine

 

[netstrider]

Just ask @AfriNatic

/s

 

[ctriaan]

Don't run docker as root.

The official way to avoid permission errors:
sudo usermod -aG docker $USER # to add myself to docker group
sudo chgrp docker /usr/local/bin/docker-compose # to give docker-compose to docker group,
sudo chmod 750 /usr/local/bin/docker-compose # to allow docker group users to execute it

or the less secure, but sure to work way:
sudo chmod +x /usr/local/bin/docker-compose
sudo chmod 777 /var/run/docker.sock #warning - this opens the docker socket for all users

And add this to your docker-compose.yml
environment:
- PUID=1000
- PGID=1000

 

[midasza]

Also - a cron job that changes the file permissions every 5 minutes on the Download folders.