docker icon indicating copy to clipboard operation
docker copied to clipboard

Published 20 hours ago verified publisher icon nextcloud

Unable to write to mergerfs pool, PUID and GUID has no effect

Open amrap030 opened this issue 2 years ago • 3 comments

Hello,

I would like to map the data directory to my mergerfs pool via:

volumes:
      - '{{ docker_dir }}/{{ container_name }}/data:/var/www/html'
      - '{{ mergerfs_root }}/nextcloud/data:/var/www/html'

However, I am not able to do that, because permissions are denied. I assume that this is because nextcloud uses the www-data user. Now I wanted to use the environment variables PUID and GUID to run nextcloud with a different user, but the problem still remains. Since I am not able to change permissions in my mergerfs pool, how can I run nextcloud with a different user?

amrap030 avatar Aug 13 '22 12:08 amrap030

I don't really know what else I can try. I basically tried everything but nothing works. It only works, when I use the volume where the docker container run, but I would like to use my storage drives which are set up with mergerfs.

I also tried to deploy a different service (photoprism) and used my mergerfs pool as the storage volume and for this service it works.

I think the following is the problem. When I exec into the container and look at the folder permissions it shows this:

drwxr-xr-x 48 www-data root  4096 Aug 13 16:17 apps
drwxr-xr-x  2 www-data root  4096 Aug 13 16:17 config
-rw-r--r--  1 www-data root  4095 Aug 13 16:17 console.php
drwxr-xr-x 22 www-data root  4096 Aug 13 16:17 core
-rw-r--r--  1 www-data root  6260 Aug 13 16:17 cron.php
drwxr-xr-x  2 www-data root  4096 Aug 13 16:17 custom_apps
drwxrwx---  3     1000 1000  4096 Aug 13 16:17 data
drwxr-xr-x  2 www-data root 12288 Aug 13 16:17 dist
-rw-r--r--  1 www-data root   156 Aug 13 16:17 index.html
-rw-r--r--  1 www-data root  3456 Aug 13 16:17 index.php
drwxr-xr-x  6 www-data root  4096 Aug 13 16:17 lib
-rwxr-xr-x  1 www-data root   283 Aug 13 16:17 occ
drwxr-xr-x  2 www-data root  4096 Aug 13 16:17 ocm-provider

As you can see, the data folder inherits the permissions from the mergerfs filesystem. How can I change this back to www-data root?

I already tried sudo docker exec nextcloud chown -R www-data:www-data /var/www/html/data, but it stays at 1000:1000.

amrap030 avatar Aug 13 '22 13:08 amrap030

I got it working but I am not sure if this was the correct way.

I executed the following command sudo docker exec nextcloud usermod -u 1000 www-data and then it worked. Can you guys tell me if this is okay or should this have been done differently?

amrap030 avatar Aug 13 '22 14:08 amrap030

The www-data uid of your system and the id inside the container are not necessarily the same. https://docs.docker.com/engine/reference/run/#user https://docs.docker.com/engine/security/userns-remap/

If you start the container as root, it will set all permissions and then start PHP as limited user. If you start the container as arbitrary user, you have to make sure that all the permissions are set correctly or this user has access to them.

J0WI avatar Sep 09 '22 12:09 J0WI