Wrong permissions on level.dat

[mbaumanndev]

Hello, I have an issue and I noticed it because it cause another issue that ignore the backup interval.

Here is what I get in the logs of my backup service :

2024-05-24T18:44:46+0200 INFO waiting initial delay of 2m...
2024-05-24T18:46:46+0200 INFO waiting for rcon readiness...
2024-05-24T18:46:46+0200 INFO Command executed successfully rcon-cli save-on
2024-05-24T18:46:46+0200 INFO Command executed successfully rcon-cli save-off
2024-05-24T18:46:47+0200 INFO Command executed successfully rcon-cli save-all flush
2024-05-24T18:46:47+0200 INFO Command executed successfully sync
2024-05-24T18:46:47+0200 INFO Backing up content in /data to /backups/world-20240524-184647.tgz
tar: ./world/level.dat_old: Cannot open: Permission denied
tar: ./world/level.dat: Cannot open: Permission denied
tar: Exiting with failure status due to previous errors
2024-05-24T18:47:53+0200 ERROR tar exited with code 2! Aborting
2024-05-24T18:47:53+0200 INFO Command executed successfully rcon-cli save-on
2024-05-24T18:47:54+0200 INFO waiting initial delay of 2m...

And it loops on it like this.

Here is an extract of my compose file :

version: "2.4"

volumes:
  minecraft-data:
    name: minecraft-data

networks:
  minecraft-network:
    name: minecraft-network

services:
  minecraft-server:
    image: itzg/minecraft-server
    container_name: minecraft-server
    depends_on:
      minecraft-restore:
        condition: service_completed_successfully
    networks:
      - minecraft-network
    ports:
      - 25565:25565/tcp
      - 25565:25565/udp
    environment:
      EULA: "TRUE"
      VERSION: ${MINECRAFT_VERSION:-LATEST}
      ENABLE_AUTOPAUSE: "TRUE"
      OVERRIDE_SERVER_PROPERTIES: "TRUE"
      GUI: "FALSE"
      INIT_MEMORY: "1G"
      MAX_MEMORY: "6G"
      TYPE: "FABRIC"
      MODS_FILE: /extras/mods.txt
      MAX_TICK_TIME: "-1" # Disable watchdog
      AUTOPAUSE_TIMEOUT_EST: 600
      AUTOPAUSE_TIMEOUT_KN: 120
      AUTOPAUSE_TIMEOUT_INIT: 360
      GENERATE_STRUCTURES: "true"
      ENABLE_COMMAND_BLOCK: "true"
      OP_PERMISSION_LEVEL: 4
      SNOOPER_ENABLED: "false"
      RESOURCE_PACK: "https://mediafilez.forgecdn.net/files/5232/877/Pixlli%20V29Fix%201.21-1.13%20128x.zip"
      RESOURCE_PACK_ENFORCE: "false"
      ONLINE_MODE: "true"
      TZ: "Europe/Paris"
      JVM_XX_OPTS: "-XX:+UseG1GC -XX:+ParallelRefProcEnabled -XX:MaxGCPauseMillis=200 -XX:+UnlockExperimentalVMOptions -XX:+DisableExplicitGC -XX:+AlwaysPreTouch -XX:G1HeapWastePercent=5 -XX:G1MixedGCCountTarget=4 -XX:G1MixedGCLiveThresholdPercent=90 -XX:G1RSetUpdatingPauseTimePercent=5 -XX:SurvivorRatio=32 -XX:+PerfDisableSharedMem -XX:MaxTenuringThreshold=1 -XX:G1NewSizePercent=30 -XX:G1MaxNewSizePercent=40 -XX:G1HeapRegionSize=8M -XX:G1ReservePercent=20 -XX:InitiatingHeapOccupancyPercent=15"
    tty: true
    mem_reservation: 1g
    mem_limit: 6g
    stdin_open: true
    restart: "always"
    cpuset: "0-3"
    volumes:
      - minecraft-data:/data
      - ./minecraft/extras/mods.txt:/extras/mods.txt:ro
      - /etc/localtime:/etc/localtime:ro

  minecraft-restore:
    image: itzg/mc-backup
    container_name: minecraft-restore
    restart: "no"
    entrypoint: restore-tar-backup
    volumes:
      - minecraft-data:/data
      - ./backups:/backups:ro
      - /etc/localtime:/etc/localtime:ro

  minecraft-backups:
    image: itzg/mc-backup
    container_name: minecraft-backups
    depends_on:
      minecraft-server:
        condition: service_healthy
    restart: "always"
    environment:
      BACKUP_INTERVAL: "2h 30m"
      RCON_RETRIES: 10
      RCON_RETRY_INTERVAL: "10s"
      RCON_HOST: "minecraft-server"
      PRUNE_BACKUPS_DAYS: 30
      DEST_DIR: "/backups"
      PAUSE_IF_NO_PLAYERS: true
      TZ: "Europe/Paris"
    volumes:
      # mount the same volume used by server, but read-only
      - minecraft-data:/data:ro
      # use a host attached directory so that it in turn can be backed up
      # to external/cloud storage
      - ./backups:/backups
      - /etc/localtime:/etc/localtime:ro
    networks:
      - minecraft-network

When I connect on a container to check the volume, I have the following permissions set in the world folder :

c7b9efa89470:/data/world# ls -al
total 28
drwxrwxr-x 1 1000 1000  260 May 24 18:46 .
drwxrwxr-x 1 1000 1000  856 May 24 18:27 ..
drwxrwxr-x 1 1000 1000   62 Oct 29  2023 DIM-1
drwxrwxr-x 1 1000 1000   40 Oct 29  2023 DIM1
drwxrwxr-x 1 1000 1000  246 Oct 16  2023 advancements
-rw-rw-r-- 1 1000 1000   36 Oct 29  2023 bluemap.id
drwxrwxr-x 1 1000 1000 1340 May 16 18:55 data
drwxrwxr-x 1 1000 1000    0 May  8  2023 datapacks
drwxrwxr-x 1 1000 1000 4234 May 16 18:34 entities
-rw-rw-r-- 1 1000 1000 8246 May  8  2023 icon.png
-rw------- 1 1000 1000 1571 May 24 18:46 level.dat
-rw------- 1 1000 1000 1564 May 24 18:44 level.dat_old
drwxrwxr-x 1 1000 1000  336 May 19 00:02 playerdata
drwxrwxr-x 1 1000 1000 4436 May 16 18:49 poi
drwxrwxr-x 1 1000 1000 4962 May 16 19:14 region
drwxrwxr-x 1 1000 1000   78 Jul 12  2023 serverconfig
-rw-rw-r-- 1 1000 1000    3 May 24 18:44 session.lock
drwxrwxr-x 1 1000 1000  246 Oct 16  2023 stats

If I manage to run chmod 664 for level.dat and level.dat_old the backup succeed, so I have two hypothsesis :

• itzg/minecraft-server create the files with the wrong rights
• itzg/mc-backup has insuficient rights to create the backup

I'll continue investigating on what's going on and keep you in touch !

[mbaumanndev]

Some additionnal details : my compose is running on a Synology NAS and is build on a backup I made a few months ago from a custom system (Ubuntu 22 VM inside Freebox OS).

[itzg]

Since Minecraft process creates the files as user ID 1000, running the backup container with the same user ID will probably resolve this. Adding under your minecraft-backups service will configure that:

    user: "1000"

I will update the examples to do the same.

[mbaumanndev]

Hi, thanks for your reply, I now have the following logs :

time="2024-05-25T09:57:05+02:00" level=info msg="Skipping uid/gid change since current user is not root"
2024-05-25T09:57:05+0200 INFO waiting initial delay of 2m...
2024-05-25T09:59:05+0200 INFO waiting for rcon readiness...
2024-05-25T09:59:05+0200 INFO Command executed successfully rcon-cli save-on
2024-05-25T09:59:05+0200 INFO Command executed successfully rcon-cli save-off
2024-05-25T09:59:06+0200 INFO Command executed successfully rcon-cli save-all flush
2024-05-25T09:59:06+0200 INFO Command executed successfully sync
2024-05-25T09:59:06+0200 INFO Backing up content in /data to /backups/world-20240525-095906.tgz
tar (child): /backups/world-20240525-095906.tgz: Cannot open: Permission denied
tar (child): Error is not recoverable: exiting now
tar: /backups/world-20240525-095906.tgz: Cannot write: Broken pipe
tar: Child returned status 2
tar: Error is not recoverable: exiting now
2024-05-25T09:59:06+0200 ERROR tar exited with code 2! Aborting
2024-05-25T09:59:06+0200 INFO Command executed successfully rcon-cli save-on

I'll check later today, but I presume it's an issue with the rights on the folder where my backups are made, I'll keep you in touch

[mbaumanndev]

I tried changing the destination folder, it's owner and group are both 1000 and I have the same error

[itzg]

The remainder has to be some kind of ownership mismatch. How about the ownership of the /backups directory itself?

[mbaumanndev]

On my disk it has 644 permissions and 1000 as uid/gid, but I didn't delete the existing container, they may not be right, I'll check later today

[mbaumanndev]

I did some checks, I found out that my user/group on my Synology were not 1000/1000 but 1026/100, I'll try running the images with thoses uid/gid

[mbaumanndev]

After some tests, setting uid/gid with 1000:1000 worked after deleting all my stack and changing the owner on the folder with my ansible script with some changed parameters. I have no clue on why it didn't worked first time i tried it, but it's alright now. Thanks for your help !