alpine-qbittorrent-openvpn
alpine-qbittorrent-openvpn copied to clipboard
guillaumedsde
Permission denied for /config/openvpn
Information
Whenever I try to run it on Ubuntu 20.04.3 (amd64) the container logs say following:
2022-01-10 20:31:32 cd to '/config/openvpn' failed: Permission denied (errno=13)
2022-01-10 20:31:32 Exiting due to fatal error
The /config/openvpn directory is set to 700 and owned by the correct user with the id 1000.
Current setup
Ubuntu Server 20.04.3 on an amd64 machine.
Latest docker image.
docker-compose.yml file or docker run command
how did you start the container? (don't forget to use backticks for creating a proper code block)
docker run --cap-add=NET_ADMIN -d \
--name alpine-qbittorrent-openvpn \
-v /pladde/Downloads:/downloads \
-v /pladde/Downloads/qbittorrent:/config \
-v /etc/localtime:/etc/localtime:ro \
-e OPENVPN_PROVIDER=WINDSCRIBE \
-e OPENVPN_CONFIG=Copenhagen-LEGO-tcp \
-e OPENVPN_USERNAME=USER \
-e OPENVPN_PASSWORD=PASS \
-e PUID=1000 \
-e PGID=1000 \
-e LAN=192.168.1.0/24 \
-p 8080:8080 \
guillaumedsde/alpine-qbittorrent-openvpn:latest
Attempted Fix(es)
I tried to chmod the /config/openvpn (/pladde/qbittorrent/openvpn) directory to 770 or even 777. After every restart of the docker container it's back to 700.
I created a directory for vuetorrent inside /config/openvpn and this won't get touched at all.
When I remove the whole /config/openvpn directory and restart the container, the directory permissions are set to 755 owned by root:root. But as soon as I restart the container again, it's back on 700 and owned by my local user and group and stops working.
I absolutely can't determine what causes this.
(Temporary) fix: I run this container as systemd Service with this .service file:
[Unit]
Description=guillaumedsde/alpine-qbittorrent-openvpn docker container
After=docker.service
Requires=docker.service
[Service]
User=USER
Group=USER
Type=simple
TimeoutStartSec=0
ExecStartPre=-/usr/bin/docker kill alpine-qbittorrent-openvpn
ExecStartPre=-/usr/bin/docker rm alpine-qbittorrent-openvpn
ExecStartPre=/usr/bin/docker pull guillaumedsde/alpine-qbittorrent-openvpn
ExecStart=/usr/bin/docker run \
--name alpine-qbittorrent-openvpn \
--cap-add=NET_ADMIN -d \
-v /pladde/Downloads:/downloads \
-v /pladde/Downloads/qbittorrent:/config:rw \
-v /etc/localtime:/etc/localtime:ro \
-e OPENVPN_PROVIDER=WINDSCRIBE \
-e OPENVPN_CONFIG=Copenhagen-LEGO-tcp \
-e OPENVPN_USERNAME=USER \
-e OPENVPN_PASSWORD=PASS \
-e LAN=192.168.1.0/24 \
-p 8080:8080 \
-e PUID=1000 \
-e GUID=1000 \
guillaumedsde/alpine-qbittorrent-openvpn
ExecStartPost=/bin/sleep 5
ExecStartPost=/usr/bin/docker exec -d alpine-qbittorrent-openvpn chmod -R 755 /config
ExecStop=/usr/bin/docker kill alpine-qbittorrent-openvpn
ExecStopPost=-/usr/bin/docker rm alpine-qbittorrent-openvpn
RemainAfterExit=yes
Restart=always
RestartSec=5
[Install]
WantedBy=multi-user.target
By using
ExecStartPost=/bin/sleep 5
ExecStartPost=/usr/bin/docker exec -d alpine-qbittorrent-openvpn chmod -R 755 /config
I set the correct permissions after a 5 second wait, which is needed to wait for the container to be started completely.
This works well but it's just a workaround.
I have this issue too. For me, it seems like the openvpn/ directory isn't getting PGID and PUID applied, even though those are being specified as environment variables for the image:
drwx------ 1 systemd-network systemd-journal 46 Oct 31 20:54 openvpn
drwx------ 1 myuser mygroup 0 Oct 31 20:54 qBittorrent
drwxrwxr-x 1 myuser mygroup 36 Oct 31 20:54 .
drwxrwxrwx 1 myuser mygroup 264 Oct 31 03:39 ..
computer1% sudo cat /etc/group | grep systemd
systemd-journal:x:101:
systemd-network:x:102:
systemd-resolve:x:103:
systemd-timesync:x:106:
computer1% sudo cat /etc/passwd | grep systemd
systemd-network:x:100:102:systemd Network Management,,,:/run/systemd:/usr/sbin/nologin
systemd-resolve:x:101:103:systemd Resolver,,,:/run/systemd:/usr/sbin/nologin
systemd-timesync:x:103:106:systemd Time Synchronization,,,:/run/systemd:/usr/sbin/nologin
So IIUC, the default UID (100) and GID (101) inside the container are still being applied to openvpn/.
