Docker Error: EACCES: permission denied, mkdir '/home/node/trilium-data/log'

[beeyev]

Hello, I am trying to run trilium under docker, i use this command from the official documentation: docker run -d -p 0.0.0.0:8080:8080 -v ~/trilium-data:/home/node/trilium-data zadam/trilium:0.47-latest

And after this i got this error, how can i fix that?

trilium_1  | internal/fs/utils.js:269
trilium_1  |     throw err;
trilium_1  |     ^
trilium_1  |
trilium_1  | Error: EACCES: permission denied, mkdir '/home/node/trilium-data/log'
trilium_1  |     at Object.mkdirSync (fs.js:921:3)
trilium_1  |     at Object.<anonymous> (/usr/src/app/src/services/log.js:7:8)
trilium_1  |     at Module._compile (internal/modules/cjs/loader.js:1015:30)
trilium_1  |     at Object.Module._extensions..js (internal/modules/cjs/loader.js:1035:10)
trilium_1  |     at Module.load (internal/modules/cjs/loader.js:879:32)
trilium_1  |     at Function.Module._load (internal/modules/cjs/loader.js:724:14)
trilium_1  |     at Module.require (internal/modules/cjs/loader.js:903:19)
trilium_1  |     at require (internal/modules/cjs/helpers.js:74:18)
trilium_1  |     at Object.<anonymous> (/usr/src/app/src/app.js:1:13)
trilium_1  |     at Module._compile (internal/modules/cjs/loader.js:1015:30) {
trilium_1  |   errno: -13,
trilium_1  |   syscall: 'mkdir',
trilium_1  |   code: 'EACCES',
trilium_1  |   path: '/home/node/trilium-data/log'
trilium_1  | }```

[zadam]

Hi, same issue as in https://github.com/zadam/trilium/issues/1960

[ivosm]

I've have same/similar issue. The problem is the user "node" /usr/src/app $ getent passwd node node:x:1000:1000:Linux User,,,:/home/node:/bin/sh Which means, that dir ~/trilium-data needs permission for user with uid=1000 but it has permission of the user the daemon runs. In my case root. drwxr-xr-x 2 root root 4096 kvě 24 19:42 trilium-data Quick workaround is setting permission for uid=1000 user but we are then in situation, when user x with uid=1001 has his data accessible by user y with uid=1000. I think we can either use some unused uid and standard volumes managed by docker or better uid of current user. The reason is, that there has to be more running containers, one for each user and in that case could have every user access to his own data.

[thw26]

A possible solution might be found in Docker's userns functionality.

https://docs.docker.com/engine/security/userns-remap/

[dvjn]

I am facing the same issue. I am mounting a volume instead of binding a folder so I cannot chmod 777 as mentioned in #1960

Any fixes?

[zadam]

Check also solutions described in https://github.com/zadam/trilium/issues/1747

[gyKa]

@divykj

If you use docker-compose, then:

1. run docker-compose up -d
2. your container will fail and that is expected. Check your name of volume by typing docker volume ls
3. remove failing container: docker stop trilium && docker rm trilium
4. run chown command: docker run --rm -v <your_volume_name>:/home/node/trilium-data --name trilium-chown -u root -it zadam/trilium:0.47.7 chown -R node:node /home/node
5. run againdocker-compose up -d

If you do not use docker-compose, then replace first and 5th step by your docker run command.

[popey456963]

Could someone update https://github.com/zadam/trilium/wiki/Docker-server-installation with instructions that work? I'm struggling to get it working without entering the docker container and running chown within it.

I'm trying to automate the process with Ansible, so would ideally like to run things from the host.

[JoelKle]

@zadam I think it would help to create the data directory at image build time and give user node the needed permissions. This would avoid, that the dir /home/node/trilium-data will be created with root:root permissions if someone would use Docker volumes (`-v trilium:/home/node/trilium-data'). Instead the directory is already there with the correct permissions.

Test:

Dockerfile

...
# Bundle app source
COPY . .

ENV TRILIUM_DATA_DIR /home/node/trilium-data
RUN mkdir -p "$TRILIUM_DATA_DIR" && chown -R node:node "$TRILIUM_DATA_DIR" && chmod 750 "$TRILIUM_DATA_DIR"

USER node

EXPOSE 8080
CMD [ "node", "./src/www" ]

Idea is based on: http://www.inanzzz.com/index.php/post/q1rj/running-docker-container-with-a-non-root-user-and-fixing-shared-volume-permissions-with-dockerfile and the postgres Dockerfile

But I'm not a Container expert. Sorry :)

[Waldorf3]

I'm not a container expert either, but creating a functioning data volume is practically done by every single docker app in existence, why is this different?

Actually

    environment:
      - TRILIUM_DATA_DIR=/data

seems to refer to the internal folder. I fail to understand why that even need to have an environment variable, but hey. Just set it to /data as in the example regardless of where you mount that on the host, then it works.

[sigaloid]

Volumes can make it harder to allow upgrades, as well as make it more difficult to back up the data directory directly (as opposed to just copying the folder bind).

[yllekz]

Most of the linuxserver.io containers have environment variables for user (PUID) and group (PGID). Can this container get those as options? Tonight I attempted to spin up a brand new trilium container with no prior data and it errors out trying to set up its own volume folders which is a poor first time user experience.

[Simchof]

Using the command : sudo docker exec -t -i -u root Trilium chown -R node:node /data worked for me !

[Stitch10925]

So basically people running docker swarm now need to create their own stack or image in order to get the permissions set correctly and run Trillium?

The documentation does mention something about using USER_UID and USER_GID, but I'm not quite clear on what they do. Either way, setting them to root (0) does not work.

I am running docker swarm with a Samba volume, so if anyone knows how I can fix this issue without manual intervention I would be very grateful!