[BUG] Permission denied

[Dofamin]

Is there an existing issue for this?

• [X] I have searched the existing issues

Current Behavior

On a clean system, deployed the latest version of the qbittorrent image, the launch is performed through the systemd service, the network share is attached, there are full rights to the share itself in the system and inside the container. Checked by creating a file through touch. But every time I try to download data, it says I don’t have rights.

Expected Behavior

Downloading files

Steps To Reproduce

deploy service and use cifs share //172.16.0.1/multimedia /mnt/multimedia cifs rw,vers=3,user=...,password=...,file_mode=0777,dir_mode=0777 0 0

Environment

- OS:"Ubuntu 24.04.1 LTS"
- How docker service was installed: distro's packagemanager

CPU architecture

x86-64

Docker creation

#
# Ansible managed
#

[Unit]
Description=qbittorrent container
Requires=docker.service
After=docker.service

[Service]
Restart=always
ExecStartPre=-/usr/bin/docker rm qbittorrent
ExecStart=/usr/bin/docker run --rm \
  --name qbittorrent \
  -p 192.168.20.10:8080:8080 \
  -p 192.168.20.10:8999:8999 \
  -p 192.168.20.10:8999:8999/udp \
  -v '/srv/qbittorrent/config:/config' \
  -v '/mnt/multimedia/:/data' \
  -e 'PUID=0' \
  -e 'PGID=0' \
  -e 'UMASK=002' \
  -e 'WEBUI_PORT=8080' \
  -e 'TORRENTING_PORT=8999' \
  lscr.io/linuxserver/qbittorrent:latest

ExecStop=/usr/bin/docker stop -t 10 qbittorrent
ExecReload=/usr/bin/docker kill -s HUP qbittorrent

[Install]
WantedBy=multi-user.target

#
# Ansible managed
#

Container logs

[migrations] started
[migrations] no migrations found
───────────────────────────────────────

      ██╗     ███████╗██╗ ██████╗
      ██║     ██╔════╝██║██╔═══██╗
      ██║     ███████╗██║██║   ██║
      ██║     ╚════██║██║██║   ██║
      ███████╗███████║██║╚██████╔╝
      ╚══════╝╚══════╝╚═╝ ╚═════╝

   Brought to you by linuxserver.io
───────────────────────────────────────

To support LSIO projects visit:
https://www.linuxserver.io/donate/

───────────────────────────────────────
GID/UID
───────────────────────────────────────

User UID:    0
User GID:    0
───────────────────────────────────────
Linuxserver.io version: 5.0.0-r2-ls360
Build-date: 2024-10-20T06:52:37+00:00
───────────────────────────────────────

[custom-init] No custom files found, skipping...
WebUI will be started shortly after internal preparations. Please wait...

******** Information ********
To control qBittorrent, access the WebUI at: http://localhost:8080
Connection to localhost (::1) 8080 port [tcp/http-alt] succeeded!
[ls.io-init] done.

[github-actions[bot]]

Thanks for opening your first issue here! Be sure to follow the relevant issue templates, or risk having this issue marked as invalid.

[j0nnymoe]

The issue isn't with the containers but the permissions you've used on the remote mount.

[Dofamin]

no, permissions are correct i can create files from inside of container with no absolute trouble

[Dofamin]

(W) 2024-10-28T23:03:53 - File error alert. Torrent: "some_torrent". File: "/data/torrent/movies/some_folder/some_media_file.mkv". Reason: "some_media_file.mkv file_open (/data/torrent/movies/some_folder/some_media_file.mkv) error: Permission denied"

[Dofamin]

if i couldn't create files while inside the container, then yes 99% that it's a permissions issue, but at the moment i can easily create files manually from inside the container

[j0nnymoe]

Try it as abc user within the container

[Dofamin]

how can this be done? if the puid and guid are specified as 1000, the problem remains if docker run --user abc he dosen't have rights to config, but it's different mount with root rights

[j0nnymoe]

docker exec -it -user abc bash

Then try and access the same location.

[Dofamin]

root@docker:~# docker exec -it --user abc qbittorrent bash
root@f3e25a0ae32a:/# whoami
root
root@f3e25a0ae32a:/# touch /data/torrent/
.incomplete/ animation/   anime/       games/       hmmmmm/      it/          movies/      os & soft/   tv/          
root@f3e25a0ae32a:/# touch /data/torrent/1.txt
root@f3e25a0ae32a:/# ls -lah /data/torrent/1.txt 
-rwxrwxrwx 1 root root 0 Oct 28 23:52 /data/torrent/1.txt

unfortunately it does not allow to log in under the abc account, I can try to run the container without mounting the config

[j0nnymoe]

If you're running as root (0) for your puid/pgid, then that's likely why (and not something we support/recommend)

[Dofamin]

if i specify PUID & PGID value 1000, the error still remains

[j0nnymoe]

Did you try entering the container as abc?

[Dofamin]

yep

root@docker:~# docker exec -it --user abc qbittorrent bash
abc@f39ece891ec3:/$ whoami
abc
abc@f39ece891ec3:/$ touch /data/torrent/
.incomplete/ 1.txt        animation/   anime/       games/       hmmmmm/      it/          movies/      os & soft/   tv/          
abc@f39ece891ec3:/$ touch /data/torrent/abc.txt
abc@f39ece891ec3:/$ ls -lah /data/torrent/abc.txt 
-rwxrwxrwx 1 root root 0 Oct 29 00:01 /data/torrent/abc.txt

#
# Ansible managed
#

[Unit]
Description=qbittorrent container
Requires=docker.service
After=docker.service

[Service]
Restart=always
ExecStartPre=-/usr/bin/docker rm qbittorrent
ExecStart=/usr/bin/docker run --rm \
  --name qbittorrent \
  -p 192.168.20.10:8080:8080 \
  -p 192.168.20.10:8999:8999 \
  -p 192.168.20.10:8999:8999/udp \
  -v '/srv/qbittorrent/config:/config' \
  -v '/mnt/multimedia/:/data' \
  -e 'PUID=1000' \
  -e 'PGID=1000' \
  -e 'UMASK=002' \
  -e 'WEBUI_PORT=8080' \
  -e 'TORRENTING_PORT=8999' \
  lscr.io/linuxserver/qbittorrent:latest

ExecStop=/usr/bin/docker stop -t 10 qbittorrent
ExecReload=/usr/bin/docker kill -s HUP qbittorrent

[Install]
WantedBy=multi-user.target

#
# Ansible managed
#

[j0nnymoe]

If that file is getting written as root, that looks to me that your puid isn't applying. Could you take this to our discord please? as this really ain't a container issue and it will be easier to figure out

[Dofamin]

abc has same uid and gid as root inside the container

root@docker:~# docker exec -it --user abc qbittorrent bash
root@b49db2d51e9e:/# cat /etc/passwd
root:x:0:0:root:/root:/bin/sh
bin:x:1:1:bin:/bin:/sbin/nologin
daemon:x:2:2:daemon:/sbin:/sbin/nologin
lp:x:4:7:lp:/var/spool/lpd:/sbin/nologin
sync:x:5:0:sync:/sbin:/bin/sync
shutdown:x:6:0:shutdown:/sbin:/sbin/shutdown
halt:x:7:0:halt:/sbin:/sbin/halt
mail:x:8:12:mail:/var/mail:/sbin/nologin
news:x:9:13:news:/usr/lib/news:/sbin/nologin
uucp:x:10:14:uucp:/var/spool/uucppublic:/sbin/nologin
cron:x:16:16:cron:/var/spool/cron:/sbin/nologin
ftp:x:21:21::/var/lib/ftp:/sbin/nologin
sshd:x:22:22:sshd:/dev/null:/sbin/nologin
games:x:35:35:games:/usr/games:/sbin/nologin
ntp:x:123:123:NTP:/var/empty:/sbin/nologin
guest:x:405:1000:guest:/dev/null:/sbin/nologin
nobody:x:65534:65534:nobody:/:/sbin/nologin
klogd:x:100:101:klogd:/dev/null:/sbin/nologin
abc:x:0:0::/config:/bin/false
qbittorrent:x:101:100:qbittorrent:/var/lib/qbittorrent:/sbin/nologin

If it's not too much trouble, please give me a link to your discord server

[j0nnymoe]

https://discord.gg/YWrKVTn

[Dofamin]

thanks, restarted one more time the container with pgid/pod 1000, it does not allow to create a file from inside the container

[j0nnymoe]

So that shows it's a permissions issue, qbittorrent runs as abc user within the container, when you were originally checking the file, it was as root.

[Dofamin]

but log of qb show that's it's running under 0:0

[j0nnymoe]

Then how you're deploying the container isn't correctly managing them if you really had changed the puid/pgid. Every issue that's got opened on here related to remote mounts is always due to how the user has setup the permissions.

[Dofamin]

deploy using ansible, and mount folder rights 0777 thanks anyway, I'll go see what's wrong

[github-actions[bot]]

A human has marked this issue as invalid, this likely happened because the issue template was not used in the creation of the issue.

[drizuid]

marked invalid, but leaving open for now. Reason for invalid is supporting remote mounts is out of scope per our support policy. our deployment methods are outlined in our readme and ansible, while it should work fine, is not one of them. Running applications as root is not supported. As nothing leading to this error is supported, the issue is considered unsupported. OP was recommended to seek best-effort help on discord.