Synology permissions issues

[quadcom]

I have been fighting with this for a few hours and all my searches have returned nothing.

I have permission denied for the volumes mapped to the container. I've added every permutation of variable I could think of and nothing works.

I have tried with the variable names and values with the '<' & '>' and without. I could not be certain of the user var from the instructions. Is that var simply 'user' or is it '-user' or '--user'. I've added all three and it still makes no difference.

Any help would be appreciated.

[quadcom]

OK, I think I messed up but I caught it.

The volume mapping was wrong. I have connected '/downloads' and '/config' to paths on the host NAS. It still comes up with permission denied. I can't figure out how to tell Docker on Synology what user account on the host to use. The 'user' var doesn't seem to do it. I've tried <1026>:<100> and 1026:100. Neither work. I've also entered it twice, once lower case 'user' and one upper case 'USER'

[ben-ba]

https://github.com/darkbushido/seedsync/tree/fix-user-creation

[quadcom]

Hi ben-ba,

Sorry for my newbness, how would I get your version of this into my Synology NAS? The only version up on Dockerhub is this one from ipsingh06?

I would appreciate any guidance you can give.

[quadcom]

@darkbushido can you push a container build to Docker hub?

https://docs.docker.com/docker-hub/builds/

https://docs.docker.com/docker-hub/builds/link-source/

[darkbushido]

I've had issues with my version, hence the reason I haven't pushed it up to docker-hub or created a pull request.

[TheFeelTrain]

I am having permissions issues as well (although on unRAID). Episodes in a season directory are downloaded with 644 permissions, which is perfect. But after lftp finishes mirroring that directory, it converts all of them into 600 making them unreadable. This ends up making the final episode of seasons fail to import. Not sure if this is the problem you guys are having but it is irritating. I have the PGID and PUID set to the same as other containers along with the UMASK set to 000

[ipsingh06]

Please try the newest version (v0.7.1). I've added support for running docker images with any host uid.

[quadcom]

Awesome news!!

I've been trying to get updated but I'm hitting some road blocks. I grabbed the updated image from DH and set it up. I still get the new version warning at the top so that tells me I did something wrong. I also tried grabbing the deb file and running that on the container using the terminal. So far nothing but errors. Either no permission "are you logged in as root?" or dpkg is not installed.

UPDATE Ok, weird. I changed the config and pulled 'user' from the env. Restarted and the update warning went away. I checked the about and it did show v0.7.1 so I am running the latest.

[quadcom]

Well, here I am again —a similar issue as this one but now pertaining to UMASK variable support. I opened this almost three years ago, and only now am I getting to understand the challenges better.

While we are able to set the UID and GID for the container to run under, that corrects the ownership. All files are written with a UMASK of 022, which makes them fully accessible to the owner but read-only to the group and to the public.

As such, running this in a Docker container on an Unraid server means that while we can write files under the 'nobody' account, no one on the rest of the network can do anything but read the files.

Here's a use case:

SS DL's files from the seedbox and writes to the mapped volume on the Unraid server using the 'nobody' account. On my Windows machine, navigate to this secured network share authenticated by my WIN uname and psswd. Because it's not 'nobody' accessing the DIR, I can play the file, but I can't move or delete any file there. For that, I have to go into the Unraid UI and use the file manager there.

If UMASK was supported as a variable, we could ensure that all new files created from inside the container have the group permissions added so that those in the group have full access to the files created as well as the owner. Taking things a step further, we could set UMASK to 000, and then everyone has full access to the files across the network (depending on the share permissions, obviously). After all, we aren't talking about financial documents here.

Now, for all the people that this is working just fine. This is most likely because you just happened to have your user account on your NAS or PC have the same UID and GID as the default UID in the SS container. That was me for years, UID 1000. I think with Synology, the first user account you create will have a UID of 1000.

Over the years, I've moved from a container on Synology to a VM on ESXi (which simplifies everything, really) and now, to a container on Unraid (on which Docker containers are way easier to manage than on Synology). But, when you get into the container world, these little gotchas creep up. While the UID and GID variables were added to SS. I've discovered on the Dockerhub template that Unraid uses, the only way those actually get implemented is if you add those to the extra parameters field in the advanced view for the SS template. Adding them as variables DOES NOT WORK. All files will still be written with UID 1000 when variables are defined.

This works for PUID and PGID in Unraid

This doesn't work for either PUID, PGID or UMASK

[quadcom]

Just as a path to go down. All the research I have done on this leads me to understand that this UMASK command needs to be done from within the container itself. Running a UMASK 000 in the Seedsync CLI does not change the actual UMASK operations for the Seedsync service from within the container. That command only changes the UMASK for the session the CLI is running.

The proposed solution is running an entrypoint script in the container at launch that sets the UMASK across the container.

https://widerin.net/blog/change-umask-in-docker-containers/#dockerfile

Exposing a UMASK variable is used to populate that startup script with the preferred UMASK value.

Please, anyone, correct me if I am wrong here. I'm not a programmer or a competent Linux guru by any means.

[quadcom]

On a sidenote: @ipsingh06 I do hope you (and your family) are well and that life is just crazy busy -busy is a good problem to have.

We haven't seen you around for a very long time.