Docker Resilio-Sync Permissions to write in a directory

    • OMV 4.x
    • Docker Resilio-Sync Permissions to write in a directory

      Hello,

      Apologies if this isn't the right location I made this thread in, but I could use some help if someone has experienced this before.

      I am using Docker and the Resilio-Sync container to sync data from another server (UnRaid for now until I switch to OMV) to my new OMV server.

      I was able to map the Directory along with all the shares fine, and I mapped the location with the director I want to sync.

      The issue is, when I try and create a new folder, or even try and sync it within Resilio-Sync WebUI, I get the error "You do not have permissions to write to this directory".

      I've gone through and made sure all the users had admin/root privileges and made sure that the shared directory is Read/Write for the admin account.

      I am not sure how to allow privileges to Docker/Resilio to allow writing.

      Any help would be greatly appreciated!
      Images
      • resilio error.png

        6.41 kB, 793×113, viewed 31 times
    • Sorry, you'd run chmod as a command from the command line when you SSH into your OMV machine, or use the Shellinabox plugin.

      The docker plug-in is really just a small plug-in to manage docker containers. Think of each docker container a mini-PC running on your OMV system. Rather than try to make your OMV system itself hospitable to each application, the docker system lets you run lots of small, individual systems tailored to the app. This is a godsend because now you're not managing different apps against different versions of common libraries or even the base system. OMV is built on top of Debian, for example, but you can run a dockerized app on top of Alpine Linux or whatever. You can have Python 2.7 installed in one container for an older app, and Python 3.x installed in another container for a newer one, without the headaches that would normally bring.

      So the way Docker interfaces with your "host" system is that you have to map your host drives to the docker container. For example, let's say you're like me and running the docker container "portainer" to manage your dockers. So you create a directory on your host system where the docker info for portainer is going to live, in my case, /opt/portainer. I map that to the docker container in the settings as -v /opt/portainer:/config, since /config is where I know my docker container expects the files to be.

      I can then use my command-line interface from my OMV system to go to /opt, and run "chmod -R 755 portainer." This sets folder permissions on portainer as 755, or "owner may read, write, execute; group and other may read and execute." I would also need to run "chown user:group portainer" are the user/group I want to "own" portainer, for example "chown docker:users portainer" would set it so that the user "docker" was the owner of the portainer folder, and any user in the "users" group would be able to read and execute, but not write, in the portainer folder.

      If you're running into permissions issues, you could, temporarily, set the folder to "read write execute everyone," or 777. But ordinarily you don't want any device exposed to a public connection to have execute access for anyone but the owner of the folder, because it could lead to people using XSS attacks. So you could change it to 777 temporarily, let resilio set up the folders it needs, then switch it back to 755 or even 666/644 (read/write access only) as the case may be, since theoretically resilio only needs to read your local file structure to sync with the remote host.

      Of course, if the box you're dealing with isn't exposed to the internet at all, then there's no reason why you couldn't just leave it at 777 all the time, since you'd need local access to screw anything up.
    • Hi thank you for your help with this so far!

      I understand what you outlined and thank you it definitively make a lot of sense for all this.

      So I've followed what you suggested but I am still running in to the same issue.

      To make things easier, below are the locations of my docker so that I cam make more sense.

      I used the default install directory so it is located at /var/lib/docker

      So I ran 2 commands

      chmod -R755 docker
      chown Admin:Admins docker

      Admin is my main user (for testing before I activate a live environment)
      Admins is a user group I created

      do you think I did this right so far?
    • you need a space between your option "-R" and 755, and you need to make sure you run the chmod command when you're already in /var/lib. Personally, I would run the command as:

      "chmod -R 755 /var/lib/docker" just because I want to make sure I'm running on the right file. To avoid having to type it all out, use tab-complete. When you type "/var/lib/d" for example, you should be able to press your tab key and have it auto-complete docker. It makes typing command line commands so much easier.

      Also, this is just a matter of personal preference, but I never use capitals in my users or groups because you never know when software is going to get touchy about them.

      Next, I'm not sure that would work, because I don't know what user is trying to run the docker program. If "Admin" is the user that actually runs the docker daemon, you're probably OK. But I'm not familiar enough with Docker to know how it actually runs, so someone smarter than me may have to chime in here. It looks like on my install, /var/lib/docker is drwx--x--x, with user:group as root:root, so I don't know if I'd monkey with /var/lib/docker. To change it back, you'd run "chmod -R 711 /var/lib/docker" and "chown -R root:root /var/lib/docker".

      I was thinking more for whatever directory resilio was looking to sync from, which shouldn't be /var/lib/docker but whatever syncs you've set up in resilio (which I've only used sporadically). So for example, let's say you've got a hard drive set up as "MediaDrive" and it's got a folder on there called "Documents" and you want to sync everything in Documents with resilio to a remote share. You'd need to make sure that /media/MediaDrive/Documents/ was set up with permissions so that resilio (and resilio's internal user) could read and maybe write the files. So the chmod you'd run would be on /media/MediaDrive/Documents/, not /var/lib/docker. A "chmod -R 775 /media/MediaDrive/Documents/" would be the right command to use.
    • AlphaZev wrote:

      Hello,

      Apologies if this isn't the right location I made this thread in, but I could use some help if someone has experienced this before.

      I am using Docker and the Resilio-Sync container to sync data from another server (UnRaid for now until I switch to OMV) to my new OMV server.

      Display Spoiler

      I was able to map the Directory along with all the shares fine, and I mapped the location with the director I want to sync.

      The issue is, when I try and create a new folder, or even try and sync it within Resilio-Sync WebUI, I get the error "You do not have permissions to write to this directory".

      I've gone through and made sure all the users had admin/root privileges and made sure that the shared directory is Read/Write for the admin account.

      I am not sure how to allow privileges to Docker/Resilio to allow writing.

      Any help would be greatly appreciated!


      Which Resilio-sync container are you using? Linuxserver.io?