Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[BUG] Permission denied #339

Open
1 task done
Dofamin opened this issue Oct 28, 2024 · 24 comments
Open
1 task done

[BUG] Permission denied #339

Dofamin opened this issue Oct 28, 2024 · 24 comments

Comments

@Dofamin
Copy link

Dofamin commented Oct 28, 2024

Is there an existing issue for this?

  • I have searched the existing issues

Current Behavior

On a clean system, deployed the latest version of the qbittorrent image, the launch is performed through the systemd service, the network share is attached, there are full rights to the share itself in the system and inside the container.
Checked by creating a file through touch.
But every time I try to download data, it says I don’t have rights.

Expected Behavior

Downloading files

Steps To Reproduce

deploy service and use cifs share
//172.16.0.1/multimedia /mnt/multimedia cifs rw,vers=3,user=...,password=...,file_mode=0777,dir_mode=0777 0 0

Environment

- OS:"Ubuntu 24.04.1 LTS"
- How docker service was installed: distro's packagemanager

CPU architecture

x86-64

Docker creation

#
# Ansible managed
#

[Unit]
Description=qbittorrent container
Requires=docker.service
After=docker.service

[Service]
Restart=always
ExecStartPre=-/usr/bin/docker rm qbittorrent
ExecStart=/usr/bin/docker run --rm \
  --name qbittorrent \
  -p 192.168.20.10:8080:8080 \
  -p 192.168.20.10:8999:8999 \
  -p 192.168.20.10:8999:8999/udp \
  -v '/srv/qbittorrent/config:/config' \
  -v '/mnt/multimedia/:/data' \
  -e 'PUID=0' \
  -e 'PGID=0' \
  -e 'UMASK=002' \
  -e 'WEBUI_PORT=8080' \
  -e 'TORRENTING_PORT=8999' \
  lscr.io/linuxserver/qbittorrent:latest

ExecStop=/usr/bin/docker stop -t 10 qbittorrent
ExecReload=/usr/bin/docker kill -s HUP qbittorrent

[Install]
WantedBy=multi-user.target

#
# Ansible managed
#

Container logs

[migrations] started
[migrations] no migrations found
───────────────────────────────────────

      ██╗     ███████╗██╗ ██████╗
      ██║     ██╔════╝██║██╔═══██╗
      ██║     ███████╗██║██║   ██║
      ██║     ╚════██║██║██║   ██║
      ███████╗███████║██║╚██████╔╝
      ╚══════╝╚══════╝╚═╝ ╚═════╝

   Brought to you by linuxserver.io
───────────────────────────────────────

To support LSIO projects visit:
https://www.linuxserver.io/donate/

───────────────────────────────────────
GID/UID
───────────────────────────────────────

User UID:    0
User GID:    0
───────────────────────────────────────
Linuxserver.io version: 5.0.0-r2-ls360
Build-date: 2024-10-20T06:52:37+00:00
───────────────────────────────────────
    
[custom-init] No custom files found, skipping...
WebUI will be started shortly after internal preparations. Please wait...

******** Information ********
To control qBittorrent, access the WebUI at: http://localhost:8080
Connection to localhost (::1) 8080 port [tcp/http-alt] succeeded!
[ls.io-init] done.
Copy link

Thanks for opening your first issue here! Be sure to follow the relevant issue templates, or risk having this issue marked as invalid.

@j0nnymoe
Copy link
Member

The issue isn't with the containers but the permissions you've used on the remote mount.

@Dofamin
Copy link
Author

Dofamin commented Oct 28, 2024

no, permissions are correct
i can create files from inside of container with no absolute trouble

@Dofamin
Copy link
Author

Dofamin commented Oct 28, 2024

(W) 2024-10-28T23:03:53 - File error alert. Torrent: "some_torrent". File: "/data/torrent/movies/some_folder/some_media_file.mkv".
Reason: "some_media_file.mkv file_open (/data/torrent/movies/some_folder/some_media_file.mkv) error: Permission denied"

@Dofamin
Copy link
Author

Dofamin commented Oct 28, 2024

if i couldn't create files while inside the container, then yes 99% that it's a permissions issue, but at the moment i can easily create files manually from inside the container

@j0nnymoe
Copy link
Member

Try it as abc user within the container

@Dofamin
Copy link
Author

Dofamin commented Oct 28, 2024

how can this be done?
if the puid and guid are specified as 1000, the problem remains
if docker run --user abc he dosen't have rights to config, but it's different mount with root rights

@j0nnymoe
Copy link
Member

j0nnymoe commented Oct 28, 2024

docker exec -it -user abc bash

Then try and access the same location.

@Dofamin
Copy link
Author

Dofamin commented Oct 28, 2024

root@docker:~# docker exec -it --user abc qbittorrent bash
root@f3e25a0ae32a:/# whoami
root
root@f3e25a0ae32a:/# touch /data/torrent/
.incomplete/ animation/   anime/       games/       hmmmmm/      it/          movies/      os & soft/   tv/          
root@f3e25a0ae32a:/# touch /data/torrent/1.txt
root@f3e25a0ae32a:/# ls -lah /data/torrent/1.txt 
-rwxrwxrwx 1 root root 0 Oct 28 23:52 /data/torrent/1.txt

unfortunately it does not allow to log in under the abc account, I can try to run the container without mounting the config

@j0nnymoe
Copy link
Member

If you're running as root (0) for your puid/pgid, then that's likely why (and not something we support/recommend)

@Dofamin
Copy link
Author

Dofamin commented Oct 28, 2024

if i specify PUID & PGID value 1000, the error still remains

@j0nnymoe
Copy link
Member

Did you try entering the container as abc?

@Dofamin
Copy link
Author

Dofamin commented Oct 28, 2024

yep

root@docker:~# docker exec -it --user abc qbittorrent bash
abc@f39ece891ec3:/$ whoami
abc
abc@f39ece891ec3:/$ touch /data/torrent/
.incomplete/ 1.txt        animation/   anime/       games/       hmmmmm/      it/          movies/      os & soft/   tv/          
abc@f39ece891ec3:/$ touch /data/torrent/abc.txt
abc@f39ece891ec3:/$ ls -lah /data/torrent/abc.txt 
-rwxrwxrwx 1 root root 0 Oct 29 00:01 /data/torrent/abc.txt
#
# Ansible managed
#

[Unit]
Description=qbittorrent container
Requires=docker.service
After=docker.service

[Service]
Restart=always
ExecStartPre=-/usr/bin/docker rm qbittorrent
ExecStart=/usr/bin/docker run --rm \
  --name qbittorrent \
  -p 192.168.20.10:8080:8080 \
  -p 192.168.20.10:8999:8999 \
  -p 192.168.20.10:8999:8999/udp \
  -v '/srv/qbittorrent/config:/config' \
  -v '/mnt/multimedia/:/data' \
  -e 'PUID=1000' \
  -e 'PGID=1000' \
  -e 'UMASK=002' \
  -e 'WEBUI_PORT=8080' \
  -e 'TORRENTING_PORT=8999' \
  lscr.io/linuxserver/qbittorrent:latest

ExecStop=/usr/bin/docker stop -t 10 qbittorrent
ExecReload=/usr/bin/docker kill -s HUP qbittorrent

[Install]
WantedBy=multi-user.target

#
# Ansible managed
#

@j0nnymoe
Copy link
Member

If that file is getting written as root, that looks to me that your puid isn't applying. Could you take this to our discord please? as this really ain't a container issue and it will be easier to figure out

@Dofamin
Copy link
Author

Dofamin commented Oct 28, 2024

abc has same uid and gid as root inside the container

root@docker:~# docker exec -it --user abc qbittorrent bash
root@b49db2d51e9e:/# cat /etc/passwd
root:x:0:0:root:/root:/bin/sh
bin:x:1:1:bin:/bin:/sbin/nologin
daemon:x:2:2:daemon:/sbin:/sbin/nologin
lp:x:4:7:lp:/var/spool/lpd:/sbin/nologin
sync:x:5:0:sync:/sbin:/bin/sync
shutdown:x:6:0:shutdown:/sbin:/sbin/shutdown
halt:x:7:0:halt:/sbin:/sbin/halt
mail:x:8:12:mail:/var/mail:/sbin/nologin
news:x:9:13:news:/usr/lib/news:/sbin/nologin
uucp:x:10:14:uucp:/var/spool/uucppublic:/sbin/nologin
cron:x:16:16:cron:/var/spool/cron:/sbin/nologin
ftp:x:21:21::/var/lib/ftp:/sbin/nologin
sshd:x:22:22:sshd:/dev/null:/sbin/nologin
games:x:35:35:games:/usr/games:/sbin/nologin
ntp:x:123:123:NTP:/var/empty:/sbin/nologin
guest:x:405:1000:guest:/dev/null:/sbin/nologin
nobody:x:65534:65534:nobody:/:/sbin/nologin
klogd:x:100:101:klogd:/dev/null:/sbin/nologin
abc:x:0:0::/config:/bin/false
qbittorrent:x:101:100:qbittorrent:/var/lib/qbittorrent:/sbin/nologin

If it's not too much trouble, please give me a link to your discord server

@j0nnymoe
Copy link
Member

@Dofamin
Copy link
Author

Dofamin commented Oct 28, 2024

thanks,
restarted one more time the container with pgid/pod 1000, it does not allow to create a file from inside the container

@j0nnymoe
Copy link
Member

So that shows it's a permissions issue, qbittorrent runs as abc user within the container, when you were originally checking the file, it was as root.

@Dofamin
Copy link
Author

Dofamin commented Oct 28, 2024

but log of qb show that's it's running under 0:0

@j0nnymoe
Copy link
Member

Then how you're deploying the container isn't correctly managing them if you really had changed the puid/pgid. Every issue that's got opened on here related to remote mounts is always due to how the user has setup the permissions.

@Dofamin
Copy link
Author

Dofamin commented Oct 28, 2024

deploy using ansible, and mount folder rights 0777
thanks anyway, I'll go see what's wrong

@LinuxServer-CI LinuxServer-CI moved this from Issues to Insufficient Info in Issue & PR Tracker Oct 28, 2024
Copy link

A human has marked this issue as invalid, this likely happened because the issue template was not used in the creation of the issue.

@drizuid
Copy link
Member

drizuid commented Oct 28, 2024

marked invalid, but leaving open for now. Reason for invalid is supporting remote mounts is out of scope per our support policy. our deployment methods are outlined in our readme and ansible, while it should work fine, is not one of them. Running applications as root is not supported. As nothing leading to this error is supported, the issue is considered unsupported. OP was recommended to seek best-effort help on discord.

@LinuxServer-CI
Copy link
Contributor

This issue has been automatically marked as stale because it has not had recent activity. This might be due to missing feedback from OP. It will be closed if no further activity occurs. Thank you for your contributions.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
Status: Insufficient Info
Development

No branches or pull requests

4 participants