What Permissions Do mergefs, Docker and SMB Need?

    Hi, I will like to know how to set the permissions correctly for mergefs, Docker and SMB. This is because I have just reinstalled omv8 as a fresh install and set up the docker containers following instructions here https://wiki.omv-extras.org/do…e_tab_updates_and_backups


    My data is in a mergefs pool to be shared over my network via SMB and the docker containers are also interacting with the data in that pool as well


    I am just not sure how to ensure that the permissions will be correct as it seems to me that mergefs sets all of the data to be 2777, root:users while the docker containers are 2777, appuser:users; whenever the docker containers do something to the data, the perms get overwritten and I am not sure if this is intended


    Thanks

    I think that your OS is creating files / folders with root user and the containers are creating files / folders with appuser.

    there is one simple solution: change ownership of the files from root to appuser

    sudo chown -R appuser <path_to_your_folder>

    Quote from darkarn

    I am just not sure how to ensure that the permissions will be correct as it seems to me that mergefs sets all of the data to be 2777, root:users while the docker containers are 2777, appuser:users; whenever the docker containers do something to the data, the perms get overwritten and I am not sure if this is intended

    The permissions 2777 numbers mean the following:

    The 777 are the permissions for owner, group and others with each digit apply individually (first 7 is owner, second is group, third is others)


    7 means that all permissions (read/write/execute) are allowed for that entity.


    The 2 is the setgid bit that assists in sharing functions between groups and for the most part can be ignored for the purpose of this thread.


    If you have 777, There are no restrictions imposed on any user/group so there should be not negative issues with files and directories being manipulated by docker/samba/mergerfs and so on, and you should not have to concern yourself with this in the context you asked.


    If, however, you are trying to be security consious and restrict access, then the 777 might be too "open"


    This lik will let you see what those numbers mean.

    Chmod 2777

    Asrock B450M, AMD 5600G, 64GB RAM, 6 x 4TB RAID 5 array, 2 x 10TB RAID 1 array, 100GB SSD for OS, 1TB SSD for docker and VMs, 1TB external SSD for fsarchiver OS and docker data daily backups

Participate now!

Don’t have an account yet? Register yourself now and be a part of our community!

Register Yourself Login