fileshelter | Caught std::exception: filesystem error: cannot create directories: Permission denied [/var/fileshelter/files]

[mk53202]

Every time I run:

docker-compose up

I receive the following error:

fileshelter | Caught std::exception: filesystem error: cannot create directories: Permission denied [/var/fileshelter/files]

Any ideas? Mk...

[paulgalow]

Thanks for pointing this out. Sorry, I didn't adjust that after my recent refactoring.

This is due to the fact, that the fileshelter container now runs as read-only. So when the application starts up, it tries to create an uploads directory at /var/fileshelter which fails. To get around this, you can mount a host folder / volume to this container directory.

Example: Add the following to your volumes: section in your compose file: - ./application/uploads/:/var/fileshelter/

I should probably refactor the default compose file. Hope this is of help.

[renefritze]

I'm using the current master where the docker-compose.production.yml already includes that volume mount. I still see that same error. Plus does caddy need an update maybe?

docker-compose -f docker-compose.yml -f docker-compose.production.yml up 
Starting fileshelter ... 
Starting fileshelter ... done
Starting caddy ... 
Starting caddy ... done
Attaching to fileshelter, caddy
fileshelter    | Caught std::exception: filesystem error: cannot create directories: Permission denied [/var/fileshelter/files]
caddy          | Activating privacy features...2020/04/24 07:49:50 registration error: acme: Error 403 - urn:acme:error:unauthorized - Account creation on ACMEv1 is disabled. Please upgrade your ACME client to a version that supports ACMEv2 / RFC 8555. See https://community.letsencrypt.org/t/end-of-life-plan-for-acmev1/88430 for details.

[paulgalow]

Thanks for reporting this issue. I have just updated the Compose workflow with a new Caddy image. Also moved the volume mount to the regular docker-compose.yml.

I tested this setup running a local testing environment with docker-compose up on macOS 10.15.4 and Docker Desktop for Mac v2.2.0.5.

Hope this fixes your problems.

[renefritze]

Thank you for the update! I still got the error afterwards, so I looked more into it. For me the problem appears to have triggered if the applications/uploads subdir did not exist before starting the services the first time. The container actually creates the dir in the volume mount then, but still errors out. I've proposed a solution to prevent this in #3

Edit: The caddy issue also went away ofc

[paulgalow]

Thanks for your suggestions. Funny enough, I have been looking into the issue more over the weekend and have come to the same realisation. I think this will solve this issue for most situations.

Additionally I have tried to make the workflow more resilient should anyone decide to bind mount a different folder other than the initial uploads folder. I went with a docker-entrypoint.sh script to take care of potential issues with folder permissions before handing over execution of the fileshelter process to an unprivileged user.

[paolobasso99]

Hi, I am too facing a permission problem: Caught std::exception: filesystem error: cannot create directories: Permission denied [files]

I use this simple docker compose:

version: "3"

services:
  fileshelter:
    image: paulgalow/fileshelter
    read_only: true # I have tried omitting this part 
    container_name: fileshelter
    volumes:
      - ./config/fileshelter.conf:/etc/fileshelter.conf:ro # I have tried omitting ":ro"
      - ./data:/var/fileshelter
    restart: unless-stopped
    labels:
    # Labels for Traefik reverse proxy, do not worry about these
      - "traefik.enable=true"
      - "traefik.http.routers.fileshelter.service=fileshelter"
      - "traefik.http.routers.fileshelter.tls=true"
      - "traefik.http.routers.fileshelter.tls.certresolver=dns-cloudflare"
      - "traefik.http.routers.fileshelter.entrypoints=websecure"
      - "traefik.http.services.fileshelter.loadbalancer.server.port=5091"
    networks:
      - web_proxy
    # I have also tried omitting the following cap_drop
    cap_drop:
      - ALL
    cap_add:
      - CHOWN
      - SETUID
      - SETGID

networks:
  web_proxy:
    external:
      name: web_proxy

I have tried creating the ./data folder manually and I have chowned every folder with the user running the container but it still does not work.

[paulgalow]

Hi @paolobasso99,

it seems like you are using the FileShelter image that has been published to Docker Hub previously. I should probably remove that at some point. I have later changed the workflow to build the Docker image locally mainly for maintenance reasons. What happens if you clone this repo and build the Docker image yourself, i.e. replacing …

   image: paulgalow/fileshelter

… with …

    image: fileshelter
    build:
      context: ./application
      dockerfile: Dockerfile

?

[paolobasso99]

I've just tried and the same error persist.

[paulgalow]

Sounds like a permissions issue with your local filesystem. Perhaps it might be worth trying to persist data using a Docker volume instead of a bind mount?