Failed creating folder (permission denied) and pictures aren't imported when running as non root user in Docker

[maxime1992]

1. What is not working as documented?

Following the docker compose file and setting the following env variables:

      - PHOTOPRISM_UID=1000
      - PHOTOPRISM_GID=1000
      - PHOTOPRISM_UMASK=0002 # whether this is set or left as default doesn't change the issue

it's not possible to upload pictures successfully.

Here are the logs I can see:

time="2022-10-02T09:19:15Z" level=error msg="import: failed creating folder for 20210818_124345.jpg (mkdir /photoprism/originals/2021: permission denied)"
time="2022-10-02T09:19:15Z" level=info msg="import: moving main jpg file 20210818_124345.jpg to 2021/08/20210818_104345_F3AD16EF.jpg"
time="2022-10-02T09:19:15Z" level=warning msg="import: failed moving file to 2021/08/20210818_104345_F3AD16EF.jpg, is another import running at the same time?"
time="2022-10-02T09:19:15Z" level=error msg="import: 2021/08/20210818_104345_F3AD16EF.jpg not found in 2021/08/20210818_104345_F3AD16EF.jpg"
time="2022-10-02T09:19:15Z" level=info msg="media: 20210818_124754.jpg was taken at 2021-08-18 10:47:54 +0000 UTC (meta)"
time="2022-10-02T09:19:15Z" level=error msg="import: failed creating folder for 20210818_124754.jpg (mkdir /photoprism/originals/2021: permission denied)"
time="2022-10-02T09:19:15Z" level=info msg="import: moving main jpg file 20210818_124754.jpg to 2021/08/20210818_104754_123034B6.jpg"
time="2022-10-02T09:19:15Z" level=warning msg="import: failed moving file to 2021/08/20210818_104754_123034B6.jpg, is another import running at the same time?"
time="2022-10-02T09:19:15Z" level=error msg="import: 2021/08/20210818_104754_123034B6.jpg not found in 2021/08/20210818_104754_123034B6.jpg"
time="2022-10-02T09:19:16Z" level=info msg="media: 20210818_124757.jpg was taken at 2021-08-18 10:47:57 +0000 UTC (meta)"
time="2022-10-02T09:19:16Z" level=error msg="import: failed creating folder for 20210818_124757.jpg (mkdir /photoprism/originals/2021: permission denied)"
time="2022-10-02T09:19:16Z" level=info msg="import: moving main jpg file 20210818_124757.jpg to 2021/08/20210818_104757_FAC65E0A.jpg"
time="2022-10-02T09:19:16Z" level=warning msg="import: failed moving file to 2021/08/20210818_104757_FAC65E0A.jpg, is another import running at the same time?"
time="2022-10-02T09:19:16Z" level=error msg="import: 2021/08/20210818_104757_FAC65E0A.jpg not found in 2021/08/20210818_104757_FAC65E0A.jpg"
time="2022-10-02T09:19:16Z" level=info msg="metadata: scan-data is unbounded; EOI not encountered before EOF while parsing jpeg file 20210818_125311.jpg"
time="2022-10-02T09:19:16Z" level=info msg="media: 20210818_125311.jpg was taken at 2021-08-18 10:53:11 +0000 UTC (meta)"
time="2022-10-02T09:19:16Z" level=error msg="import: failed creating folder for 20210818_125311.jpg (mkdir /photoprism/originals/2021: permission denied)"
time="2022-10-02T09:19:16Z" level=info msg="import: moving main jpg file 20210818_125311.jpg to 2021/08/20210818_105311_85FB2BD9.jpg"
time="2022-10-02T09:19:16Z" level=warning msg="import: failed moving file to 2021/08/20210818_105311_85FB2BD9.jpg, is another import running at the same time?"
time="2022-10-02T09:19:16Z" level=error msg="import: 2021/08/20210818_105311_85FB2BD9.jpg not found in 2021/08/20210818_105311_85FB2BD9.jpg"
time="2022-10-02T09:19:16Z" level=info msg="import completed in 13 s"

2. How can we reproduce it?

Steps to reproduce the behavior:

spin up the following docker compose:

version: '3.0'

services:
  test-photoprism:
    container_name: test-photoprism
    image: photoprism/photoprism:latest
    depends_on:
      - test-mariadb-photoprism
    security_opt:
      - seccomp:unconfined
      - apparmor:unconfined
    ports:
      - "2487:2342"
    environment:
      - PHOTOPRISM_ADMIN_PASSWORD="photoprism-dummy-password"       # INITIAL PASSWORD FOR "admin" USER, MINIMUM 8 CHARACTERS
      - PHOTOPRISM_AUTH_MODE="password"                             # authentication mode (public, password)
      - PHOTOPRISM_SITE_URL="http://localhost:2487/"                # public server URL incl http:// or https:// and /path, :port is optional
      - PHOTOPRISM_ORIGINALS_LIMIT=5000                             # file size limit for originals in MB (increase for high-res video)
      - PHOTOPRISM_HTTP_COMPRESSION="gzip"                          # improves transfer speed and bandwidth utilization (none or gzip)
      - PHOTOPRISM_LOG_LEVEL="info"                                 # log level: trace, debug, info, warning, error, fatal, or panic
      - PHOTOPRISM_READONLY=false                                  # do not modify originals directory (reduced functionality)
      - PHOTOPRISM_EXPERIMENTAL=false                              # enables experimental features
      - PHOTOPRISM_DISABLE_CHOWN=false                             # disables updating storage permissions via chmod and chown on startup
      - PHOTOPRISM_DISABLE_WEBDAV=false                            # disables built-in WebDAV server
      - PHOTOPRISM_DISABLE_SETTINGS=false                          # disables settings UI and API
      - PHOTOPRISM_DISABLE_TENSORFLOW=false                        # disables all features depending on TensorFlow
      - PHOTOPRISM_DISABLE_FACES=false                             # disables face detection and recognition (requires TensorFlow)
      - PHOTOPRISM_DISABLE_CLASSIFICATION=false                    # disables image classification (requires TensorFlow)
      - PHOTOPRISM_DISABLE_RAW=false                               # disables indexing and conversion of RAW files
      - PHOTOPRISM_RAW_PRESETS=false                               # enables applying user presets when converting RAW files (reduces performance)
      - PHOTOPRISM_JPEG_QUALITY=85                                  # a higher value increases the quality and file size of JPEG images and thumbnails (25-100)
      - PHOTOPRISM_DETECT_NSFW=false                               # automatically flags photos as private that MAY be offensive (requires TensorFlow)
      - PHOTOPRISM_UPLOAD_NSFW=true                                # allows uploads that MAY be offensive (no effect without TensorFlow)
      # PHOTOPRISM_DATABASE_DRIVER: "sqlite"                       # SQLite is an embedded database that doesn't require a server
      - PHOTOPRISM_DATABASE_DRIVER="mysql"                          # use MariaDB 10.5+ or MySQL 8+ instead of SQLite for improved performance
      - PHOTOPRISM_DATABASE_SERVER="test-mariadb-photoprism:3306"        # MariaDB or MySQL database server (hostname:port)
      - PHOTOPRISM_DATABASE_NAME="photoprism"                       # MariaDB or MySQL database schema name
      - PHOTOPRISM_DATABASE_USER="photoprism"                       # MariaDB or MySQL database user name
      - PHOTOPRISM_DATABASE_PASSWORD="mariadb-dummy-password" # MariaDB or MySQL database user password
      - PHOTOPRISM_SITE_CAPTION="AI-Powered Photos App"
      - PHOTOPRISM_SITE_DESCRIPTION=""                              # meta site description
      - PHOTOPRISM_SITE_AUTHOR=""                                   # meta site author
      ## Run/install on first startup (options: update gpu tensorflow davfs clitools clean):
      - PHOTOPRISM_INIT="gpu tensorflow"
      ## Hardware Video Transcoding (for sponsors only due to high maintenance and support costs):
      # PHOTOPRISM_FFMPEG_ENCODER: "software"        # FFmpeg encoder ("software", "intel", "nvidia", "apple", "raspberry")
      # PHOTOPRISM_FFMPEG_BITRATE: "32"              # FFmpeg encoding bitrate limit in Mbit/s (default: 50)
      ## Run as a non-root user after initialization (supported: 0, 33, 50-99, 500-600, and 900-1200):
      # For some reason, if we try to use the following the upload of pictures doesn't work anymore
      - PHOTOPRISM_UID=1000
      - PHOTOPRISM_GID=1000
      - PHOTOPRISM_UMASK=0002
    ## Start as non-root user before initialization (supported: 0, 33, 50-99, 500-600, and 900-1200):
    user: "1000:1000"
    ## Share hardware devices with FFmpeg and TensorFlow (optional):
    devices:
     - /dev/dri:/dev/dri                                   # Intel QSV
    working_dir: "/photoprism" # do not change or remove
    volumes:
      - ./opt/photoprism/originals:/photoprism/originals # Original media files (DO NOT REMOVE)
      - ./opt/photoprism/storage:/photoprism/storage     # *Writable* storage folder for cache, database, and sidecar files (DO NOT REMOVE)

  test-mariadb-photoprism:
    image: linuxserver/mariadb
    container_name: test-mariadb-photoprism
    restart: unless-stopped
    environment:
      - MYSQL_ROOT_PASSWORD="mariadb-dummy-password"
      - MYSQL_DATABASE=photoprism
      - MYSQL_USER=photoprism
      - MYSQL_PASSWORD="mariadb-dummy-password"
      - PUID=1000
      - PGID=1000 
      - TZ=Europe/Paris
    volumes:
      - ./opt/mariadb-photoprism:/var/lib/mysql

Open the app, upload a few pictures. Once the upload is done, no picture will be displayed on the main page.

Looking at the logs will reveal the errors docker logs test-photoprism.

3. What behavior do you expect?

I'd expect to be able to upload pictures as a non root user.

Looking at the freshly created volumes:

ls -l ./opt/photoprism

total 8
drwxr-xr-x 2 root   root   4096 Oct  2 11:16 originals
drwxr-xr-x 7 maxime maxime 4096 Oct  2 11:19 storage

I'm guessing that the originals folder should not belong to root but maxime?

If I (as a test) run sudo chmod -R a+rwx ./opt/ and start the container again it's all good though but it's not working initially which is confusing.

4. What could be the cause of your problem?

Unsure

5. Can you provide us with example files for testing, error logs, or screenshots?

Already done

6. Which software versions do you use?

All latest from Docker images but I don't think it matters as it just look like a permission issue.

As for the OS it's running on it's Ubuntu so Linux based, not windows.

7. On what kind of device is PhotoPrism installed?

Doesn't apply here I believe

8. Do you use a Reverse Proxy, Firewall, VPN, or CDN?

Doesn't apply here I believe

[lastzero]

If you are unsure what could be the cause, please do not open a bug issue. Thank you! 🙏

[maxime1992]

What does this mean ? Isn't it the idea of an issue ? You don't know where it comes from but you make a detailed report hoping someone can either fix it or give some guidance ?

I find it a bit rude to close the issue that quick while I took the time to explain and provide a repo.

If I have missed a step, tell me and I'll try to add details but could we reopen that issue please ?

[heikomat]

What does this mean ? Isn't it the idea of an issue ? You don't know where it comes from but you make a detailed report hoping someone can either fix it or give some guidance ?

I find it a bit rude to close the issue that quick while I took the time to explain and provide a repo.

If I have missed a step, tell me and I'll try to add details but could we reopen that issue please ?

You're not wrong, and in a lot of projects this is exactly how it works. Photoprism is a little different, as there are at least two places to go with problems.

For Bugs that are definitely caused by photoprism misbehaving or feature requests, a github issue is the way to go. But: if you're not sure if photoprism is misbehaving or your particular setup has an issue, then what you're looking for is some kind of technical support. For these things, you can open a github discussion. If it turns out to actually be a photoprism bug, a real issue can be opened.

I've seen @lastzero converting issues to discussions before. I'm not entirely sure why this wasn't the case here