Confused about group permissions

    • Neu

    This is probably a linux 101 permission question but I didn't find a good answer to this. I have a shared folder owned by root:users. with -rw-rw-r-- permissions.


    I've created a separate user which also belongs to users -> test:users.


    However, if I run a docker container with that users PUID/GUID, I can't write to the directory owned by root:users.


    I had to set ACL permission for my test user to make it work but that shouldn't be necessary since my user belongs to the group users which have write permission.


    What am I missing here?

    • Neu

    OK, then your shared folder perms are wrong. For a directory it should look like this: drwxrwxr-x


    To help reset shared folder perms, install the "openmediavault-resetperms" plugin.





    • Neu

    My bad, I copied the permissions from a file within, the directory itself is as you stated: drwxrwsr-x+

    The + being from be adding ACL as it didn't work without.


    I haven't created any group myself, I just used the default users. That should be fine right?


    Appears the group have the letter s instead of x though. According to resetpermissions this is applied to the directory: root:users 2775


    I tried reseting permissions and removing the ACLs and I'm back to square one.

    • Neu

    OMV uses setguid by default on newly created shared folders - hence s not x on the group perms. Should be no need to create a new group unless docker requires special group.


    Time to check your docker compose and the user/group id the container it actually runs as and the perms on any paths it read/writes.

    • Neu
    Zitat von Krisbee

    OMV uses setguid by default on newly created shared folders - hence s not x on the group perms. Should be no need to create a new group unless docker requires special group.


    Time to check your docker compose and the user/group id the container it actually runs as and the perms on any paths it read/writes.

    If I give write access to "others" with chmod 2777 it works. So the issue is that the group permissions don't appear to work. I've double and tripple checked the container. PGID is set to 100. The folder it attempts to read to is the root of the shared folder. It's as if the group "users" is screwed up somehow...

    To add to this, I'm certain I run the correct user with the docker container as it works when giving that user specific write access with ACL but not without.

    • Neu

    Two possibilities , (a) container PUID is not in "users" group and (b) ACLs still exist on shared folder which can change the meaning of the group perms as shown by core utils such as ls -ld ...

    • Neu
    Zitat von Krisbee

    Two possibilities , (a) container PUID is not in "users" group and (b) ACLs still exist on shared folder which can change the meaning of the group perms as shown by core utils such as ls -ld ...

    Regarding scenario (a). I created a user and selected the "users" as a group for that user. Is that not enough, do I have to create "users" as a group from scratch?

    (b) is not possible. I've verified with ld -l already that there is no ACL (+) set on the root folder.

    • Neu
    Zitat von Krisbee

    Resolved?

    I couldn't get it to work when the directory was owned by root:users no. As I didn't want to use ACLs I ended up changing the ownership to my user with chown. So while the issue itself is not resolved to my content I'm not gonna bother anymore with it.

Jetzt mitmachen!

Sie haben noch kein Benutzerkonto auf unserer Seite? Registrieren Sie sich kostenlos und nehmen Sie an unserer Community teil!

Benutzerkonto erstellen Anmelden