Help: setup user permissions in synology docker

[proohit]

TLDR: I want to know how to setup user permissions for the mounted volume in the shared docker folder. Getting permission denied when attempting to write /data/updates.json

Note that I did not change folder permissions manually since that might conflict with permission management by dsm. I wanted to know if it's possible to manage permission via dsm.

What are you using to run the container: docker (via dsm frontend)

Logs:

2021-09-07 16:25:48 | stdout | 2021/09/07 16:25:48 INFO Shutdown successful
2021-09-07 16:25:48 | stdout | 2021/09/07 16:25:48 ERROR open /updater/data/updates.json: permission denied
2021-09-07 16:25:48 | stdout | 💰 Help me? https://www.paypal.me/qmcgaw https://github.com/sponsors/qdm12
2021-09-07 16:25:48 | stdout | 💻 Email? [email protected]
2021-09-07 16:25:48 | stdout | ☕ Discussion? https://github.com/qdm12/ddns-updater/discussions/new
2021-09-07 16:25:48 | stdout | ✨ New feature? https://github.com/qdm12/ddns-updater/issues/new
2021-09-07 16:25:48 | stdout | 🐛 Bug? https://github.com/qdm12/ddns-updater/issues/new
2021-09-07 16:25:48 | stdout | 🔧 Need help? https://github.com/qdm12/ddns-updater/discussions/new
2021-09-07 16:25:48 | stdout |  
2021-09-07 16:25:48 | stdout | Running version latest built on 2021-08-25T00:28:52Z (commit 335c82b)

Host OS: DSM 7

[qdm12]

You should use the SSH terminal, I think there is one in the DSM UI. I think it's named terminal from my memory.

Please don't close the issue, I'll add this to the documentation.

Alternatively you can run the container as user 0 (root) although that's not great security wise.

[GeorgesOrwell]

You have to do this in SSH (with Putty):

# Owned by user ID of Docker container (1000)
chown -R 1000 data
# all access (for creating json database file data/updates.json)
chmod 700 data

[proohit]

Sorry for the late reply. I know that this works, as mentioned in my initial post. I was just wondering if it was also possible without it, similar to how e.g. the jdownloader image does it.

[qdm12]

@proohit it's mentioned in the readme:

You could also just run the container as root with --user="0" but this is not advised security wise.

The jdownloader container probably runs as root, which isn't good security wise (if it gets compromised then an attacker has privileges).

[m0veax]

Just if someone finds this issue, i did this:

# Owned by user ID of Docker container (1000)
sudo chown -R 1000 data
# all access (for creating json database file data/updates.json)
chmod 700 data
chmod 400 data/config.json

It works great with DSM7. The chown wouldn't work without sudo or you have to login as root. If you need another User ID, you need to build the container by yourself.

[redtripleAAA]

@m0veax do you have any users with id 1000 in your DSM?

Default is root: uid=0(root) gid=0(root) groups=0(root),2(daemon),19(log)

and usually the second admin user is: 1026

Did you create it manually to match that ID 1000? or am I missing something?