Webreaper
Better Docker permissions model
Initially reported as below, but basically the Docker image needs to support UID and GID variables - similar to the Linuxserver model.
For consideration, we need to bear in mind that to increase the number of inotify nodes for filewatchers, we need root access. So need to fail gracefully and log if it doesn't work, and allow the end user to manually configure this.... Or disable filewatcher support otherwise.
Bug report:
Fresh start for a docker image and it won't run. The compose example says nothing about rooting /app so this must be broken in the image. Or there is another volume missing from the docker example. I'm using webreaper/damselfly on debian10. Or maybe this software only works on synology?
System.UnauthorizedAccessException: Access to the path '/app/wwwroot/downloads' is denied. ---> System.IO.IOException: Permission denied --- End of inner exception stack trace --- at System.IO.FileSystem.CreateDirectory(String fullPath) at System.IO.DirectoryInfo.Create() at Damselfly.Core.Services.DownloadService.SetDownloadPath(String contentRootPath) in /src/Damselfly.Core/Services/DownloadService.cs:line 73 at Damselfly.Web.Startup.Configure(IApplicationBuilder app, IWebHostEnvironment env) in /src/Damselfly.Web/Startup.cs:line 109 at System.RuntimeMethodHandle.InvokeMethod(Object target, Object[] arguments, Signature sig, Boolean constructor, Boolean wrapExceptions) at System.Reflection.RuntimeMethodInfo.Invoke(Object obj, BindingFlags invokeAttr, Binder binder, Object[] parameters, CultureInfo culture) at Microsoft.AspNetCore.Hosting.ConfigureBuilder.Invoke(Object instance, IApplicationBuilder builder) at Microsoft.AspNetCore.Hosting.ConfigureBuilder.<>c__DisplayClass4_0.<Build>b__0(IApplicationBuilder builder) at Microsoft.AspNetCore.Hosting.ConventionBasedStartup.Configure(IApplicationBuilder app) at Microsoft.AspNetCore.Mvc.Filters.MiddlewareFilterBuilderStartupFilter.<>c__DisplayClass0_0.<Configure>g__MiddlewareFilterBuilder|0(IApplicationBuilder builder) at Microsoft.AspNetCore.HostFilteringStartupFilter.<>c__DisplayClass0_0.<Configure>b__0(IApplicationBuilder app) at Microsoft.AspNetCore.Hosting.WebHost.BuildApplication() [15:45:50.918-0001-INF] Damselfly Webserver terminated with exception: Access to the path '/app/wwwroot/downloads' is denied. [15:45:50.918-0001-INF] Shutting down.
Sure. I just realized I added the the user setting so that files would be owned by the right id. That seemed to work because the db folder showed up with 1019:1001. /config and /thumbs are both owned by 1019. The /pictures folder has write access to the shared group 1001. But I'm not sure where /app/wwwroot should be.
damselfly: image: webreaper/damselfly container_name: damselfly volumes: - /apps/damselfly:/config - /apps/damselfly/thumbs:/thumbs - /media/pictures:/pictures ports: - 6363:6363/tcp user: "1019:1001" restart: unless-stopped
Ah, I guess the user setting doesn't work. I took that off and it started. I'm not sure what user it runs as without specifying?
Don't know portainer, but my hunch is that -user is changing the user the process is running as within the container, but that user isn't matching the owners of the folders in the container, hence the write failure...
I'll look onto updating the container build to support PGID and PUID like Linuxserver images do....
Thanks, I don't really care about the filesystem, but it looks like damselfly is running as root and I'd rather avoid that.
Background here (notes for my implementation): https://medium.com/@mccode/understanding-how-uid-and-gid-work-in-docker-containers-c37a01d01cf