search

mbentley / docker-timemachine

Docker image to run Samba (compatible Time Machine for macOS)
Apache License 2.0
527 stars 65 forks source link

[Bug]: Permissions issue with multiple users and shares #179

Closed vjp23 closed 3 months ago

vjp23 commented 3 months ago

Describe the Bug

Hi there! Firstly, thank you for this amazing project!!

I've been trying to setup a simple image on an RPi 4B for use by my partner and myself at home, each with our own user and share. I was consistently encountering the error:

You do not have the necessary read, write and append privileges on the selected network backup volume.

in macOS Sonoma.

Step by step I regressed towards the example code provided in the README until I was literally copying it exactly, yet I still receive the error.

I am able to successfully bash into the container and write files to the user share directory. For debugging, the directories' permissions were set to 777, but this did not fix the issue.

Expected Behavior

Connection without permissions issues.

Steps to Reproduce

  1. Use the exact run command found in the README and the exact external configuration file found in the README.
  2. Attempt to connect from a device on macOS Sonoma on the same network
  3. Enter password, which is accepted
  4. Receive error

How You're Launching the Container

docker stop timemachine && docker rm timemachine && docker run -d --restart=always \
  --name timemachine \
  --net=host \
  --ulimit nofile=65536:65536 \
  -e ADVERTISED_HOSTNAME="" \
  -e CUSTOM_SMB_CONF="false" \
  -e CUSTOM_USER="false" \
  -e DEBUG_LEVEL="1" \
  -e MIMIC_MODEL="TimeCapsule8,119" \
  -e EXTERNAL_CONF="/users" \
  -e HIDE_SHARES="no" \
  -e TM_USERNAME="timemachine" \
  -e TM_GROUPNAME="timemachine" \
  -e TM_UID="1000" \
  -e TM_GID="1000" \
  -e PASSWORD="timemachine" \
  -e SET_PERMISSIONS="false" \
  -e SHARE_NAME="TimeMachine" \
  -e SMB_INHERIT_PERMISSIONS="no" \
  -e SMB_NFS_ACES="no" \
  -e SMB_METADATA="stream" \
  -e SMB_PORT="445" \
  -e SMB_VFS_OBJECTS="fruit streams_xattr" \
  -e VOLUME_SIZE_LIMIT="0" \
  -e WORKGROUP="WORKGROUP" \
  -v /home/pi/timemachine:/opt \
  -v /home/pi/users:/users \
  --tmpfs /run/samba \
  mbentley/timemachine:smb

Container Logs

...

Server startup complete. Host name is raspberrypi-2.local. Local service cookie is 1051153464.
Service "raspberrypi-2" (/etc/avahi/services/smbd.service) successfully established.
*****

Samba name server RASPBERRYPI is now a local master browser for workgroup WORKGROUP on subnet 172.17.0.1

*****
query_name_response: Multiple (2) responses received for a query on subnet 192.168.0.77 for name WORKGROUP<1d>.
This response was from IP 192.168.0.10, reporting an IP address of 192.168.0.10.

Time Machine client Logs

2024-04-01 17:28:25  com.apple.backupd.sandbox.xpc: connection invalid
2024-04-01 17:29:35  com.apple.backupd.sandbox.xpc: connection invalid
2024-04-01 17:30:31  Reporting preparation progress message: 'Mounting “RASPBERRYPI.local”…', fractionDone: nil
2024-04-01 17:30:31  NetAuth session for 'smb://RASPBERRYPI._smb._tcp.local./foo' will use options: {
    AuthType = Time     AuthType = TimeMachine;
2024-04-01 17:30:46  NAOpenSessionAsync reports sessionStatus: 0, sessionInfo: {
2024-04-01 17:30:46  Mounting share 'foo' with options: {
    TimeMachineMoun     TimeMachineMount = 1;
2024-04-01 17:30:47  NetAuth reports mountStatus: 0 mountInfo: {
2024-04-01 17:30:47  Reporting preparation error: Error Domain=com.apple.TimeMachine.SettingsExtension Code=2 "You do not have the necessary read, write and append privileges on the selected network backup volume." UserInfo={NSLocalizedDescription=You do not have the necessary read, write and append privileges on the selected network backup volume., NSLocalizedRecoverySuggestion=Please connect as a different user or contact your network administrator.}
2024-04-01 17:30:47  Failed to read capabilities for '/Volumes/foo', error: Operation not permitted
2024-04-01 17:30:47  Failed to read capabilities for '/Volumes/foo', error: Operation not permitted
2024-04-01 17:30:47  Failed to read capabilities for '/Volumes/foo-1', error: Operation not permitted
2024-04-01 17:30:47  Failed to read capabilities for '/Volumes/foo-1', error: Operation not permitted
2024-04-01 17:30:49  TMPowerState: 2
2024-04-01 17:30:49  Skipping scheduled Time Machine backup: Automatic backups disabled
2024-04-01 17:30:49  fs_snapshot_list failed: Operation not supported
2024-04-01 17:30:49  fs_snapshot_list failed: Operation not supported
2024-04-01 17:30:49  fs_snapshot_list failed: Operation not supported
2024-04-01 17:30:49  fs_snapshot_list failed: Operation not supported
2024-04-01 17:30:49  Starting age based thinning of Time Machine local snapshots on disk '/'
2024-04-01 17:30:49  Snapshot deletion not completed for disk '/', timeout date: 4001-01-01 00:00:00 +0000, error: Error Domain=NSPOSIXErrorDomain Code=30 "Read-only file system"
2024-04-01 17:30:49  com.apple.backupd.xpc: connection invalid
2024-04-01 17:31:12  com.apple.backupd.sandbox.xpc: connection invalid

Additional host information

The timemachine directory is a mounted USB HDD. Its ownership is therefore root:root, distinct from pi:pi which is the UID/GUID corresponding to 1000:1000. Does this matter? It seems like no, since I can shell into the container and write files to the mapped volume?

Additional Context

My directory structure is as follows:

vjp23 commented 3 months ago

Hm, OK it actually looks like setting the mode to the mounted directory did in fact fix this. However, it works for just one user, and not the other, for which I get a different error.

It seems at this point that I'm just messing something up with the user configs. I'll keep digging. Thanks again for everything!

mbentley commented 3 months ago

Let me know if there is something I can help with - happy to take some example user config files you have with any private info modified and try to replicate the issue when I can. The multi-user config has some sharp edges, that's for sure.