filebot / filebot-docker

Docker build files for FileBot
https://hub.docker.com/r/rednoah/filebot/
Apache License 2.0
55 stars 18 forks source link

Permission problem #1

Closed johnappletree closed 5 years ago

johnappletree commented 5 years ago

Hi there,

Running the docker container with the well known PUID & PGID environment parameters does not seem to have the desired effect. The output files are still written by root. Which settings should I change to get the desired output permissions? (non root user)

Thanks!

rednoah commented 5 years ago

Are PUID and PGID a docker thing, or something that every docker container should add support for and respect one by one?

My code is completely oblivious of these environment variables, and setting them has likely no effect (unless it's a docker thing).

rednoah commented 5 years ago

Have you tried --user yet? https://medium.com/redbubble/running-a-docker-container-as-a-non-root-user-7d2e00f8ee15

johnappletree commented 5 years ago

Hi, Thanks for the quick reply! yeah the PUID, PGID are docker specific settings that, to my understanding, the container owner should implement. I will investigate how other docker container solve this and send a pull request once I figured out how this works.

--user did not work:

Error during startup
java.lang.ExceptionInInitializerError
    at net.filebot.Main.main(Main.java:115)
Caused by: net.sf.ehcache.CacheException: java.nio.file.AccessDeniedException: /data/.filebot/cache/0/.lock
    at net.filebot.CacheManager.<init>(CacheManager.java:36)
    at net.filebot.CacheManager.<clinit>(CacheManager.java:22)
    ... 1 more
Caused by: java.nio.file.AccessDeniedException: /data/.filebot/cache/0/.lock
    at net.filebot.CacheManager.acquireDiskStore(CacheManager.java:91)
    at net.filebot.CacheManager.<init>(CacheManager.java:33)
    ... 2 more
rednoah commented 5 years ago

The persistent application data folder /data/.filebot is already owned by root, so it fails when you suddenly run as a less privileged user.

Just change -v data:/data to -v data2:/data and run things with a clean slate.

johnappletree commented 5 years ago

Cool, you are right. This error message was caused by a permission mismatch. Just tested and -u 1000:10001 is working as expected. Thanks!

mcarleio commented 4 years ago

Hi @rednoah, could you nevertheless implement the UID and GID handling? Not every system lets you configure the --user parameter (e.g. QNAP). The result is, that in docker everything is run as root (with UID = 0) and so the written folders and files may not be writeable by "normal" users. Best regards Marcel

rednoah commented 4 years ago

@mcarleio I'm happy to accept pull requests that implement whatever standard or common practice there may be.

** Though it seems to me that QNAP ought to implement support for the --user option in the docker abstraction.

If it's just about permissions, then you can probably use --def exec to call chmod to manually set the permissions you want after processing. Though I'm not quite sure to what degree a container can change permissions on the host file system.