linuxserver / docker-qbittorrent

GNU General Public License v3.0
1.05k stars 155 forks source link

[BUG] Permission denied #339

Open Dofamin opened 3 weeks ago

Dofamin commented 3 weeks ago

Is there an existing issue for this?

Current Behavior

On a clean system, deployed the latest version of the qbittorrent image, the launch is performed through the systemd service, the network share is attached, there are full rights to the share itself in the system and inside the container. Checked by creating a file through touch. But every time I try to download data, it says I don’t have rights.

Expected Behavior

Downloading files

Steps To Reproduce

deploy service and use cifs share //172.16.0.1/multimedia /mnt/multimedia cifs rw,vers=3,user=...,password=...,file_mode=0777,dir_mode=0777 0 0

Environment

- OS:"Ubuntu 24.04.1 LTS"
- How docker service was installed: distro's packagemanager

CPU architecture

x86-64

Docker creation

#
# Ansible managed
#

[Unit]
Description=qbittorrent container
Requires=docker.service
After=docker.service

[Service]
Restart=always
ExecStartPre=-/usr/bin/docker rm qbittorrent
ExecStart=/usr/bin/docker run --rm \
  --name qbittorrent \
  -p 192.168.20.10:8080:8080 \
  -p 192.168.20.10:8999:8999 \
  -p 192.168.20.10:8999:8999/udp \
  -v '/srv/qbittorrent/config:/config' \
  -v '/mnt/multimedia/:/data' \
  -e 'PUID=0' \
  -e 'PGID=0' \
  -e 'UMASK=002' \
  -e 'WEBUI_PORT=8080' \
  -e 'TORRENTING_PORT=8999' \
  lscr.io/linuxserver/qbittorrent:latest

ExecStop=/usr/bin/docker stop -t 10 qbittorrent
ExecReload=/usr/bin/docker kill -s HUP qbittorrent

[Install]
WantedBy=multi-user.target

#
# Ansible managed
#

Container logs

[migrations] started
[migrations] no migrations found
───────────────────────────────────────

      ██╗     ███████╗██╗ ██████╗
      ██║     ██╔════╝██║██╔═══██╗
      ██║     ███████╗██║██║   ██║
      ██║     ╚════██║██║██║   ██║
      ███████╗███████║██║╚██████╔╝
      ╚══════╝╚══════╝╚═╝ ╚═════╝

   Brought to you by linuxserver.io
───────────────────────────────────────

To support LSIO projects visit:
https://www.linuxserver.io/donate/

───────────────────────────────────────
GID/UID
───────────────────────────────────────

User UID:    0
User GID:    0
───────────────────────────────────────
Linuxserver.io version: 5.0.0-r2-ls360
Build-date: 2024-10-20T06:52:37+00:00
───────────────────────────────────────

[custom-init] No custom files found, skipping...
WebUI will be started shortly after internal preparations. Please wait...

******** Information ********
To control qBittorrent, access the WebUI at: http://localhost:8080
Connection to localhost (::1) 8080 port [tcp/http-alt] succeeded!
[ls.io-init] done.
github-actions[bot] commented 3 weeks ago

Thanks for opening your first issue here! Be sure to follow the relevant issue templates, or risk having this issue marked as invalid.

j0nnymoe commented 3 weeks ago

The issue isn't with the containers but the permissions you've used on the remote mount.

Dofamin commented 3 weeks ago

no, permissions are correct i can create files from inside of container with no absolute trouble

Dofamin commented 3 weeks ago

(W) 2024-10-28T23:03:53 - File error alert. Torrent: "some_torrent". File: "/data/torrent/movies/some_folder/some_media_file.mkv". Reason: "some_media_file.mkv file_open (/data/torrent/movies/some_folder/some_media_file.mkv) error: Permission denied"

Dofamin commented 3 weeks ago

if i couldn't create files while inside the container, then yes 99% that it's a permissions issue, but at the moment i can easily create files manually from inside the container

j0nnymoe commented 3 weeks ago

Try it as abc user within the container

Dofamin commented 3 weeks ago

how can this be done? if the puid and guid are specified as 1000, the problem remains if docker run --user abc he dosen't have rights to config, but it's different mount with root rights

j0nnymoe commented 3 weeks ago

docker exec -it -user abc bash

Then try and access the same location.

Dofamin commented 3 weeks ago
root@docker:~# docker exec -it --user abc qbittorrent bash
root@f3e25a0ae32a:/# whoami
root
root@f3e25a0ae32a:/# touch /data/torrent/
.incomplete/ animation/   anime/       games/       hmmmmm/      it/          movies/      os & soft/   tv/          
root@f3e25a0ae32a:/# touch /data/torrent/1.txt
root@f3e25a0ae32a:/# ls -lah /data/torrent/1.txt 
-rwxrwxrwx 1 root root 0 Oct 28 23:52 /data/torrent/1.txt

unfortunately it does not allow to log in under the abc account, I can try to run the container without mounting the config

j0nnymoe commented 3 weeks ago

If you're running as root (0) for your puid/pgid, then that's likely why (and not something we support/recommend)

Dofamin commented 3 weeks ago

if i specify PUID & PGID value 1000, the error still remains

j0nnymoe commented 3 weeks ago

Did you try entering the container as abc?

Dofamin commented 3 weeks ago

yep

root@docker:~# docker exec -it --user abc qbittorrent bash
abc@f39ece891ec3:/$ whoami
abc
abc@f39ece891ec3:/$ touch /data/torrent/
.incomplete/ 1.txt        animation/   anime/       games/       hmmmmm/      it/          movies/      os & soft/   tv/          
abc@f39ece891ec3:/$ touch /data/torrent/abc.txt
abc@f39ece891ec3:/$ ls -lah /data/torrent/abc.txt 
-rwxrwxrwx 1 root root 0 Oct 29 00:01 /data/torrent/abc.txt
#
# Ansible managed
#

[Unit]
Description=qbittorrent container
Requires=docker.service
After=docker.service

[Service]
Restart=always
ExecStartPre=-/usr/bin/docker rm qbittorrent
ExecStart=/usr/bin/docker run --rm \
  --name qbittorrent \
  -p 192.168.20.10:8080:8080 \
  -p 192.168.20.10:8999:8999 \
  -p 192.168.20.10:8999:8999/udp \
  -v '/srv/qbittorrent/config:/config' \
  -v '/mnt/multimedia/:/data' \
  -e 'PUID=1000' \
  -e 'PGID=1000' \
  -e 'UMASK=002' \
  -e 'WEBUI_PORT=8080' \
  -e 'TORRENTING_PORT=8999' \
  lscr.io/linuxserver/qbittorrent:latest

ExecStop=/usr/bin/docker stop -t 10 qbittorrent
ExecReload=/usr/bin/docker kill -s HUP qbittorrent

[Install]
WantedBy=multi-user.target

#
# Ansible managed
#
j0nnymoe commented 3 weeks ago

If that file is getting written as root, that looks to me that your puid isn't applying. Could you take this to our discord please? as this really ain't a container issue and it will be easier to figure out

Dofamin commented 3 weeks ago

abc has same uid and gid as root inside the container

root@docker:~# docker exec -it --user abc qbittorrent bash
root@b49db2d51e9e:/# cat /etc/passwd
root:x:0:0:root:/root:/bin/sh
bin:x:1:1:bin:/bin:/sbin/nologin
daemon:x:2:2:daemon:/sbin:/sbin/nologin
lp:x:4:7:lp:/var/spool/lpd:/sbin/nologin
sync:x:5:0:sync:/sbin:/bin/sync
shutdown:x:6:0:shutdown:/sbin:/sbin/shutdown
halt:x:7:0:halt:/sbin:/sbin/halt
mail:x:8:12:mail:/var/mail:/sbin/nologin
news:x:9:13:news:/usr/lib/news:/sbin/nologin
uucp:x:10:14:uucp:/var/spool/uucppublic:/sbin/nologin
cron:x:16:16:cron:/var/spool/cron:/sbin/nologin
ftp:x:21:21::/var/lib/ftp:/sbin/nologin
sshd:x:22:22:sshd:/dev/null:/sbin/nologin
games:x:35:35:games:/usr/games:/sbin/nologin
ntp:x:123:123:NTP:/var/empty:/sbin/nologin
guest:x:405:1000:guest:/dev/null:/sbin/nologin
nobody:x:65534:65534:nobody:/:/sbin/nologin
klogd:x:100:101:klogd:/dev/null:/sbin/nologin
abc:x:0:0::/config:/bin/false
qbittorrent:x:101:100:qbittorrent:/var/lib/qbittorrent:/sbin/nologin

If it's not too much trouble, please give me a link to your discord server

j0nnymoe commented 3 weeks ago

https://discord.gg/YWrKVTn

Dofamin commented 3 weeks ago

thanks, restarted one more time the container with pgid/pod 1000, it does not allow to create a file from inside the container

j0nnymoe commented 3 weeks ago

So that shows it's a permissions issue, qbittorrent runs as abc user within the container, when you were originally checking the file, it was as root.

Dofamin commented 3 weeks ago

but log of qb show that's it's running under 0:0

j0nnymoe commented 3 weeks ago

Then how you're deploying the container isn't correctly managing them if you really had changed the puid/pgid. Every issue that's got opened on here related to remote mounts is always due to how the user has setup the permissions.

Dofamin commented 3 weeks ago

deploy using ansible, and mount folder rights 0777 thanks anyway, I'll go see what's wrong

github-actions[bot] commented 3 weeks ago

A human has marked this issue as invalid, this likely happened because the issue template was not used in the creation of the issue.

drizuid commented 3 weeks ago

marked invalid, but leaving open for now. Reason for invalid is supporting remote mounts is out of scope per our support policy. our deployment methods are outlined in our readme and ansible, while it should work fine, is not one of them. Running applications as root is not supported. As nothing leading to this error is supported, the issue is considered unsupported. OP was recommended to seek best-effort help on discord.