zadam / trilium

Build your personal knowledge base with Trilium Notes
GNU Affero General Public License v3.0
27.19k stars 1.9k forks source link

Docker Error: EACCES: permission denied, mkdir '/home/node/trilium-data/log' #1971

Open beeyev opened 3 years ago

beeyev commented 3 years ago

Hello, I am trying to run trilium under docker, i use this command from the official documentation: docker run -d -p 0.0.0.0:8080:8080 -v ~/trilium-data:/home/node/trilium-data zadam/trilium:0.47-latest

And after this i got this error, how can i fix that?


trilium_1  | internal/fs/utils.js:269
trilium_1  |     throw err;
trilium_1  |     ^
trilium_1  |
trilium_1  | Error: EACCES: permission denied, mkdir '/home/node/trilium-data/log'
trilium_1  |     at Object.mkdirSync (fs.js:921:3)
trilium_1  |     at Object.<anonymous> (/usr/src/app/src/services/log.js:7:8)
trilium_1  |     at Module._compile (internal/modules/cjs/loader.js:1015:30)
trilium_1  |     at Object.Module._extensions..js (internal/modules/cjs/loader.js:1035:10)
trilium_1  |     at Module.load (internal/modules/cjs/loader.js:879:32)
trilium_1  |     at Function.Module._load (internal/modules/cjs/loader.js:724:14)
trilium_1  |     at Module.require (internal/modules/cjs/loader.js:903:19)
trilium_1  |     at require (internal/modules/cjs/helpers.js:74:18)
trilium_1  |     at Object.<anonymous> (/usr/src/app/src/app.js:1:13)
trilium_1  |     at Module._compile (internal/modules/cjs/loader.js:1015:30) {
trilium_1  |   errno: -13,
trilium_1  |   syscall: 'mkdir',
trilium_1  |   code: 'EACCES',
trilium_1  |   path: '/home/node/trilium-data/log'
trilium_1  | }```
zadam commented 3 years ago

Hi, same issue as in https://github.com/zadam/trilium/issues/1960

ivosm commented 3 years ago

I've have same/similar issue. The problem is the user "node" /usr/src/app $ getent passwd node node:x:1000:1000:Linux User,,,:/home/node:/bin/sh Which means, that dir ~/trilium-data needs permission for user with uid=1000 but it has permission of the user the daemon runs. In my case root. drwxr-xr-x 2 root root 4096 kvě 24 19:42 trilium-data Quick workaround is setting permission for uid=1000 user but we are then in situation, when user x with uid=1001 has his data accessible by user y with uid=1000. I think we can either use some unused uid and standard volumes managed by docker or better uid of current user. The reason is, that there has to be more running containers, one for each user and in that case could have every user access to his own data.

thw26 commented 3 years ago

A possible solution might be found in Docker's userns functionality.

https://docs.docker.com/engine/security/userns-remap/

dvjn commented 3 years ago

I am facing the same issue. I am mounting a volume instead of binding a folder so I cannot chmod 777 as mentioned in #1960

Any fixes?

zadam commented 3 years ago

Check also solutions described in https://github.com/zadam/trilium/issues/1747

gyKa commented 3 years ago

@divykj

If you use docker-compose, then:

  1. run docker-compose up -d
  2. your container will fail and that is expected. Check your name of volume by typing docker volume ls
  3. remove failing container: docker stop trilium && docker rm trilium
  4. run chown command: docker run --rm -v <your_volume_name>:/home/node/trilium-data --name trilium-chown -u root -it zadam/trilium:0.47.7 chown -R node:node /home/node
  5. run againdocker-compose up -d

If you do not use docker-compose, then replace first and 5th step by your docker run command.

popey456963 commented 3 years ago

Could someone update https://github.com/zadam/trilium/wiki/Docker-server-installation with instructions that work? I'm struggling to get it working without entering the docker container and running chown within it.

I'm trying to automate the process with Ansible, so would ideally like to run things from the host.

JoelKle commented 3 years ago

@zadam I think it would help to create the data directory at image build time and give user node the needed permissions. This would avoid, that the dir /home/node/trilium-data will be created with root:root permissions if someone would use Docker volumes (`-v trilium:/home/node/trilium-data'). Instead the directory is already there with the correct permissions.

Test:

Dockerfile

...
# Bundle app source
COPY . .

ENV TRILIUM_DATA_DIR /home/node/trilium-data
RUN mkdir -p "$TRILIUM_DATA_DIR" && chown -R node:node "$TRILIUM_DATA_DIR" && chmod 750 "$TRILIUM_DATA_DIR"

USER node

EXPOSE 8080
CMD [ "node", "./src/www" ]

Idea is based on: http://www.inanzzz.com/index.php/post/q1rj/running-docker-container-with-a-non-root-user-and-fixing-shared-volume-permissions-with-dockerfile and the postgres Dockerfile

But I'm not a Container expert. Sorry :)

Waldorf3 commented 2 years ago

I'm not a container expert either, but creating a functioning data volume is practically done by every single docker app in existence, why is this different?

Actually

    environment:
      - TRILIUM_DATA_DIR=/data

seems to refer to the internal folder. I fail to understand why that even need to have an environment variable, but hey. Just set it to /data as in the example regardless of where you mount that on the host, then it works.

sigaloid commented 2 years ago

Volumes can make it harder to allow upgrades, as well as make it more difficult to back up the data directory directly (as opposed to just copying the folder bind).

yllekz commented 2 years ago

Most of the linuxserver.io containers have environment variables for user (PUID) and group (PGID). Can this container get those as options? Tonight I attempted to spin up a brand new trilium container with no prior data and it errors out trying to set up its own volume folders which is a poor first time user experience.

Simchof commented 2 years ago

Using the command : sudo docker exec -t -i -u root Trilium chown -R node:node /data worked for me !

Stitch10925 commented 1 year ago

So basically people running docker swarm now need to create their own stack or image in order to get the permissions set correctly and run Trillium?

The documentation does mention something about using USER_UID and USER_GID, but I'm not quite clear on what they do. Either way, setting them to root (0) does not work.

I am running docker swarm with a Samba volume, so if anyone knows how I can fix this issue without manual intervention I would be very grateful!

TheQwenton commented 2 months ago

@divykj

If you use docker-compose, then:

  1. run docker-compose up -d
  2. your container will fail and that is expected. Check your name of volume by typing docker volume ls
  3. remove failing container: docker stop trilium && docker rm trilium
  4. run chown command: docker run --rm -v <your_volume_name>:/home/node/trilium-data --name trilium-chown -u root -it zadam/trilium:0.47.7 chown -R node:node /home/node
  5. run againdocker-compose up -d

If you do not use docker-compose, then replace first and 5th step by your docker run command.

sorry to revive dead issue. Running trilium server on unraid and this comment just saved my life. thanks