Share Folder Permission Problem after installing new Docker

  • Hi, I have been encountering a problem with my share folder permission after installing new docker. I had problems with using Nextcloud and Let's encrypt previously so I decided to delete everything on my docker share and start over and now its messing up with the permission. I have to go and do reset permission on the folder even when it it set to everyone allowed. It seems the reset perm is also struggling? where it takes very long time but normally it is very fast..


    the folder have permission of the following when check with ls -l

    Code
    drwxrwsrwx 3 root users 4096

    Is there a way to install docker without messing up the permissions?


    System:

    Raspberry Pi 4 OMV 5-5-5.1

    Portainer 19.03.12


    Any info can be requested to help

  • I've never had an issue with Docker messing with the permissions, usually just a case on ensuring when you are setting up the container you are providing it with an PGID and PUID to use that has appropriate permissions on the folders it is allowed to access.


    If the contaner makes files or folders, then that way they are created with the appropriate permissions.


    I usually make a user called docker, add it to a group called docker, but also add it to the users group so that any files created by the docker user are accessible via any user in the users group and vice versa

  • I've never had an issue with Docker messing with the permissions, usually just a case on ensuring when you are setting up the container you are providing it with an PGID and PUID to use that has appropriate permissions on the folders it is allowed to access.


    If the contaner makes files or folders, then that way they are created with the appropriate permissions.


    I usually make a user called docker, add it to a group called docker, but also add it to the users group so that any files created by the docker user are accessible via any user in the users group and vice versa

    Code
    - PUID=1000
    - PGID=100

    This is the PUID and PGID that I set when I installed the dockers that I want. I am not sure what the problem is but I have deleted all docker related files and trying to restart once again and see what settings might have messed up such as portainer install. I'll see the docker user and group thing but not sure if i know what I'm doing iwth user group.. Should I give all permission for the docker user?

  • Hi is anyone still viewing this post.... I reinstalled omv but the problem still occurs... I installed docker via omv extras but the docker dir become inaccessible, which my account that i connect with has highest priority while all permission is basically allowed on this appdata share... someone tell me what is the problem?


    ">


    This makes portainer inaccessible via web gui as well because after installing portainer its blocked by the permission, so stuff just won't load


    Code
    #I tried give the dir permission via ssh with
    sudo chmod 777 docker
    #still don't work
  • Why are you trying to access the Docker folder? Depending on the what you're trying to run in Docker, usually you would share a folder with Docker and it would write to it and be able to access other things you put in there.

    Ie. E Plex, give it access to a movie folder for example. It can write as the Docker user (ie for renaming) and read as the movies were added under the "user" group.

    Don't think you should be messing with the Docker folder that is made when docker installs as you will have removed Portainers permissions to the same folder.

  • - Docker is the name of the software that runs containers. (ie. VirtualBox)

    - Containers are what the docker software runs. (ie. sandboxes)


    Are you using Docker to run a container named "docker" in recursion? If not, that "docker" directory isn't of consequence to you at this time.


    -v "/home/$USER/apps/specific_dir:/config"


    The above will (or will attempt) to mount/shadow the /config directory inside of *ANY* container to your local filesystem at /home/$USER/apps/specific_dir.


    As far as the excessive deleting and reinstalling goes...


    When docker pulls down an image from docker hub or wherever, it pulls down an image, *NOT* a container. Think of it as a mold waiting for you to fill in and bake, you'll keep the mold as is but you might keep or throw away what is baked in it.


    Actually, let me try an hit that part home again... You use a torrent client right? Well you don't download your files into your torrent program's directory right? You don't delete you're torrent client every time you want to delete your "movies" right?


    Unless you're editing or creating your own image, *NOT* container, then the most you'll ever need to delete is the "specific_dir" in the above example.


    Ultimately, you shouldn't have to use rm or at least you don't want to, but if you do you'll be using:


    rm -rf "/home/$USER/apps/specific_dir"


    or


    rm -rf "/home/$USER/apps/*/"


    Again though, you don't want to do that unless you have to.


    P.S. Years ago, years... every Linux install you came across had a "Chapter 1" with how to setup lilo, how to partition, where to put mounts, where to store modules, etc... Ultimately, people became tired of it and just skipped Chapter 1 and looked for specifics. However, in your case, you need to read "Chapter 1".

  • I think my problem is more fundamentally wrong? This docker file is the actual install of dockers when you press install on OMV gui in the OMV extra -> Docker page. The problem i am having is the files denies permissions causing problem like if I don't manually change it's permission, after restarting, even portainer web gui cannot be accessed. When new dockers are installed, various files in their config behave similarly like letsencrypt which you need to change config files to make it work and again require chmod -R 755 or just to make it work. I'm not sure what is wrong there. I give PUID 1000 and PGID 100 to the container deploy but doesnt seem to help the situation.

  • You may have fundamental misunderstandings of various key concepts, including but not limited to users, groups, filesystem permissions and ownerships, and docker basic principles. This can be aggravated by viewing online videos and howtos, and parroting what you find there into your system without really understanding what it is you are actually doing. Most if not all of those videos and howtos are making silent assumptions that these basic concepts are already part of your experience base. Are they?


    We're here to help, but to get the best start we need how much of what you are going to need to know you already know.

    --
    Google is your friend and Bob's your uncle!


    OMV AMD64 5.x on ASRock Rack C2550D4I C0 Stepping - 16GB ECC - Silverstone DS380 + Silverstone DS380 DAS Box.

  • You may have fundamental misunderstandings of various key concepts, including but not limited to users, groups, filesystem permissions and ownerships, and docker basic principles. This can be aggravated by viewing online videos and howtos, and parroting what you find there into your system without really understanding what it is you are actually doing. Most if not all of those videos and howtos are making silent assumptions that these basic concepts are already part of your experience base. Are they?


    We're here to help, but to get the best start we need how much of what you are going to need to know you already know.

    I do know my knowledge is limited and I'm learning as I go and the fact that I follow the videos but it's not going as smooth as their videos complicates me...


    My docker related items are installed on my external direct of my RPi4 with the directory of -> /srv/dev-disk-by-label-Data/appdata which is the share folder specific for my docker. This share folder on OMV gui is set to the permission of everyone have read/write access


    Going through the folder on my mac shows portainer_data folder under volumes and also docker containers / images under the folder. (not changing anything just looking around. But to look around it it required me to change the folder permission to 777 (i know 777 is not secure at all so I changed to 755), which makes my first problem because it seems to also cause the web gui access of portainer to not work and I assume that OMV should provide enough permission at an automatic level that allows basic stuff such as portainer to work?


    This leads to the problem of when I install other dockers such as Letsencrypt, it seems to not be able to read it's own files or internally communicated with itself without modifying the folder permission to 755. I gave a pgid=100, which is the user group access for the docker, which I assume is enough and should not require root level access?


    My question is why when portainer pulls a new image and creating the docker's own files (/config) would change the permission. I know that some "software" would lock or hide files hoping users to not be able to alter and corrupt the "software". But my case is causing my docker to not be able to work even at fresh install like my Mariadb that I'm still working on..

  • Going through the folder on my mac shows portainer_data folder under volumes and also docker containers / images under the folder. (not changing anything just looking around. But to look around it it required me to change the folder permission to 777 (i know 777 is not secure at all so I changed to 755), which makes my first problem because it seems to also cause the web gui access of portainer to not work and I assume that OMV should provide enough permission at an automatic level that allows basic stuff such as portainer to work?

    I think here lies some of the confusion, there should be 0 need to look into the Docker folder, and it shouldn't be a shared drive your mac can access (can but no real need).

    Each Docker Container has its own config, and during the setup of the container you should be pointing it to an empty folder which the docker container can write too.

    Do this for each Container.

    This config then means whenever you restart the container, say to update it, the configuration is not lost.

    You can then add volumes to be able to access other files, such as videos.

  • Going through the folder on my mac shows portainer_data folder under volumes and also docker containers / images under the folder. (not changing anything just looking around. But to look around it it required me to change the folder permission to 777 (i know 777 is not secure at all so I changed to 755), which makes my first problem because it seems to also cause the web gui access of portainer to not work and I assume that OMV should provide enough permission at an automatic level that allows basic stuff such as portainer to work?

    As seanmccabe pointed out: There is absolutely no need for you to poke around in the actual docker "program" folder. What you will find there are templates and the actual files of your set up containers.


    Or to reiterate it once again: When you set up a docker container - be it with portainer, the old omv gui, docker run or docker-compose, what you do is (actually) two steps: You first download the template. From that template a actually container is run. This container runs your selected software in its own isolated environment, encapsulated from your NAS.


    This leads to the problem of when I install other dockers such as Letsencrypt, it seems to not be able to read it's own files or internally communicated with itself without modifying the folder permission to 755. I gave a pgid=100, which is the user group access for the docker, which I assume is enough and should not require root level access?

    Don't mess with anything in the system docker folder itself. Only mess with stuff in your working directories/shared folders.


    My question is why when portainer pulls a new image and creating the docker's own files (/config) would change the permission. I know that some "software" would lock or hide files hoping users to not be able to alter and corrupt the "software". But my case is causing my docker to not be able to work even at fresh install like my Mariadb that I'm still working on..

    I suggest to start from scratch and then looking for help to get mariadb to work, with the guide you might be following. Don't mess with the docker folder, only with stuff you should mess around.


    Greetings

    David

    "Well... lately this forum has become support for everything except omv" [...] "And is like someone is banning Google from their browsers"


    Only two things are infinite, the universe and human stupidity, and I'm not sure about the former.

    Upload Logfile via WebGUI/CLI
    #openmediavault on freenode IRC | German & English | GMT+1
    Absolutely no Support via PM!

Participate now!

Don’t have an account yet? Register yourself now and be a part of our community!