search

ShaneIsrael / fireshare

Self host your media and share with unique links
GNU General Public License v3.0
642 stars 39 forks source link

Permissions issues when accessing networked directories (Bind and Volume) #232

Closed Moonpengu closed 6 months ago

Moonpengu commented 6 months ago

I'm having some permissions issues when trying to set my videos directory to a networked drive using CIFS.

This occurs when using a mounted directory on the host using bind and using a networked volume using CIFS. None of the files that are meant to be created there are created as permissions seem to be insufficient. When checking the videos folder doesn't appear to get created as the nginx user, so I attempted to give it ownership, but that doesn't seem to work.

There are no problems when using a local volume or bind directory. I did some digging to see what I was doing wrong, but I can't seem to figure this one out.

Any clues?

To Reproduce Steps to reproduce the behavior:

  1. Create a volume pointing at a share as seen with the configuration listed below or mount on the host and use bind to point at the share directory
  2. using docker compose, and the configuration listed bellow, create the docker container
  3. Then run the docker container
  4. Observe the error as listed

Expected behavior Networked storage should behave the same as local storage

Additional context

The following permissions error is observed on startup and whenever access to videos is attempted:

PermissionError: [Errno 13] Permission denied: '/videos/uploads'
[2023-12-21 21:18:35,492] ERROR in app: Exception on /api/upload [POST]
Traceback (most recent call last):
  File "/usr/local/lib/python3.9/site-packages/flask/app.py", line 2077, in wsgi_app
    response = self.full_dispatch_request()
  File "/usr/local/lib/python3.9/site-packages/flask/app.py", line 1525, in full_dispatch_request
    rv = self.handle_user_exception(e)
  File "/usr/local/lib/python3.9/site-packages/flask_cors/extension.py", line 165, in wrapped_function
    return cors_after_request(app.make_response(f(*args, **kwargs)))
  File "/usr/local/lib/python3.9/site-packages/flask/app.py", line 1523, in full_dispatch_request
    rv = self.dispatch_request()
  File "/usr/local/lib/python3.9/site-packages/flask/app.py", line 1509, in dispatch_request
    return self.ensure_sync(self.view_functions[rule.endpoint])(**req.view_args)
  File "/usr/local/lib/python3.9/site-packages/flask_login/utils.py", line 303, in decorated_view
    return current_app.ensure_sync(func)(*args, **kwargs)
  File "/usr/local/lib/python3.9/site-packages/fireshare/api.py", line 290, in upload_video
    os.makedirs(upload_directory)
  File "/usr/local/lib/python3.9/os.py", line 225, in makedirs
    mkdir(name, mode)
PermissionError: [Errno 13] Permission denied: '/videos/uploads'

I'm using the following docker compose:

version: "3"
services:
  fireshare:
    container_name: fireshare
    image: shaneisrael/fireshare:latest
    ports:
      - "8080:80"
    volumes:
      - fireshare-data:/fireshare/data
      - fireshare-data:/fireshare/processed
      - fireshare-data:/fireshare/videos

    environment:
      - ADMIN_USERNAME=XXXXX
      - ADMIN_PASSWORD=XXXXXX
      - SECRET_KEY=XXXXXX
      - MINUTES_BETWEEN_VIDEO_SCANS=5
      - PUID=1000
      - PGID=1000

volumes:
  fireshare-data:
    external: true

and the volume is configured as seen here:

[
    {
        "CreatedAt": "2023-12-21T19:27:58Z",
        "Driver": "local",
        "Labels": null,
        "Mountpoint": "/var/lib/docker/volumes/fireshare-data/_data",
        "Name": "fireshare-data",
        "Options": {
            "device": "//xxx.xxx.xxx.xxx/share/fireshare",
            "o": "addr=xxx.xxx.xxx.xxx,username=xxxxxx,password=xxxxxx,vers=3.0",
            "type": "cifs"
        },
        "Scope": "local"
    }
]
ShaneIsrael commented 6 months ago

I don't really see how this is a fireshare issue however make sure you are setting the PUID and PGID values to a user that has read/write access to your networked mount point. That is really the best guess I have as to why you are seeing a permission denied.

You can test this by simply creating a temporary network mount point that is read/write to all users and point that at fireshare and see if it works.

One other thing I noticed that could be the problem is an issue in your docker-compose config. You seem to have changed the volume maps that fireshare needs which might be making it so that it can't find the expected folders.

This is how your config should be. do not change the paths on the right side of the color. Those are the maps to the folders within the fireshare container and must not be changed. You will also need to have separate folders within your mount point for each (data, processed, videos).

    volumes:
      - fireshare-data/data/:/data
      - fireshare-data/processed/:/processed
      - fireshare-data/videos/:/videos

Try updating your config to that and then restarting then recreating the fireshare docker container.

Moonpengu commented 6 months ago

I don't really see how this is a fireshare issue

Sorry, you're right. I need to get more sleep, I spent way too long going round in circles overlooking the obvious.

Thanks for the help regardless.