File permissions error on app boot

[somethingGoneWrong]

Hi, i just try to run this software via docker but i get error with some db table i think.
The docker image i launch is this:

docker create --name CTX_pinchflat --restart unless-stopped -e PUID=1000 -e PGID=1000 -e TZ=Europe/Rome --network net -h pinchflat -p 8945:8945 -v /share_docker/pf_config:/config --mount type=bind,source=/mnt/misc/TEMP_YT/,target=/downloads --log-driver syslog --log-opt tag=DOCKER_pinchflat --log-opt syslog-address=udp://IP_LOCAL:514 keglin/pinchflat:latest

these below are the error i get:

!! - Edited by admin - !!

This was a database error that was actually a file permissions error. 
The error was improved in #114 and the original error here is no longer relevant

i need to fix something? thx

[gelof2022]

I'm getting the same error when trying to start the container:

!! - Edited by admin - !!

This was a database error that was actually a file permissions error. 
The error was improved in #114 and the original error here is no longer relevant

[joshuapeterson]

I'm seeing the same error on startup

!! - Edited by admin - !!

This was a database error that was actually a file permissions error. 
The error was improved in #114 and the original error here is no longer relevant

[tiritibambix]

Same same

[kieraneglin]

This reads to me like the app doesn't have permission to write the database file to the config location. I'll see if I can replicate this later today, but what happens if you use --user=99:100 and remove the current PUID/PGID options?

This will help me confirm the issue

[kieraneglin]

Also, can you tell me a little bit about your environment? Is it x86 or arm? Are you using WSL? Stuff like that

[tiritibambix]

I'm running docker on an amd64 machine. Nothing less, nothing more.
I set permission to 777 and tried with no puid/pgid specified, with 99:100 and with 0:0.
Still get the same error.

[kieraneglin]

@tiritibambix that helps, thanks! Would you mind posting your full Docker command? And if you look at your specified config location, is there a sqlite database file written to disk?

[kieraneglin]

Just checked and I was able to repro this issue by making the config folder not writable by the Docker user. Here's the output of the config dir from ls -la when everything is working: drwxr-xr-x 1 nobody users 28 Mar 1 16:55 pinchflat-dev/ and I'm running the user as 99:100.

What's the output of ls -la in regards to the config directory for you?

[tiritibambix]

For the record, I don't know much about all this, so please bare with me.
I converted the docker command to docker-compose because I use portainer:

version: "3.3"
services:
  pinchflat:
    environment:
      - BASIC_AUTH_USERNAME=username
      - BASIC_AUTH_PASSWORD=password
      - PUID=998
      - PGID=100
    ports:
      - 8945:8945
    volumes:
      - /path/Pinchflat/config:/config
      - /path/Pinchflat/downloads:/downloads
    image: keglin/pinchflat:latest

998:100 is my docker user:group. As mentioned above, I also tried none, 99:100 and 0:0
path/Pinchflat/config remains empty after each attempt no matter the config.

ls -la in path/Pinchflat/config outputs this:

drwxr-sr-x 2 root users 4096 Mar 23 16:08 .
drwxrwsrwx 4 root users 4096 Mar 23 16:08 ..

edit: I also tried chown -R 99:100 and chown -R 998:100 with their respective config with no luck.

[tiritibambix]

Ok, I got it to work.
I previously set permissions to /config and /downloads to 777, but I had do do it to the parent directory /Pinchflat and set it recursively. I then chown -R 998:100 /Pinchflat and use 998:100 in my config.

Thanks for your assistance, it help me figure it out.

Now I can try Pinchflat :D

[kieraneglin]

Glad to hear you got it sorted! You may want to see if 755 works instead of 777 - it's not much, but it's a little safer.

Thanks for the help! I'll keep this issue open for a bit longer while I add a preflight check for permissions that's easier to read + improve the docs 🤙

[tiritibambix]

It won't work with 755 or 775 :(

[kieraneglin]

Hmm. One last thing to try - does it work if you first run chown -R nobody /path/Pinchflat then chmod -R 755 /path/Pinchflat?

I'll be the first to say that I'm not a docker/linux admin expert so thanks for bearing with me!

[somethingGoneWrong]

Also, can you tell me a little bit about your environment? Is it x86 or arm? Are you using WSL? Stuff like that

x86 on LXC container

[tiritibambix]

Hmm. One last thing to try - does it work if you first run chown -R nobody /path/Pinchflat then chmod -R 755 /path/Pinchflat?

If chown -R nobody /path/Pinchflat that means you want me to try with 99:100 ?

Edit: yes, tried that and it works

[kieraneglin]

that means you want me to try with 99:100?

If you could try with both 998:100 and 99:100 I'd really appreciate it! This is helping me streamline install for people in the future so I appreciate your help 🙌

[somethingGoneWrong]

This reads to me like the app doesn't have permission to write the database file to the config location. I'll see if I can replicate this later today, but what happens if you use --user=99:100 and remove the current PUID/PGID options?

This will help me confirm the issue

yeah this work, but why i can not use a specific PUID/PGUID?

[tiritibambix]

If you could try with both 998:100 and 99:100 I'd really appreciate it! This is helping me streamline install for people in the future so I appreciate your help 🙌

It works with both :)

[kieraneglin]

yeah this work, but why i can not use a specific PUID/PGUID?

The Docker container isn't set to do anything with PUID/PGUID env vars like you might find in a Linuxserver container. This is based on personal preference because, to my understanding, the PUID/PGUID approach starts the container as root and eventually downgrades based on the PUID/PGUID. I'll be the first to say this understanding may be incorrect!

In contrast, --user runs all the commands as the specified user, never running as root (unless you user --user root, of course). This is my preference since I figure there's no need to run as root if nothing in my container actually needs root access. You can still specify the UID and GID that you want with --user <UID>:<GID> or any other valid --user option outlined here.

Again, I'm not a Docker master but this system seems to work well. I'll update the docs later today to clarify this point

[gelof2022]

I'm still confused with what I need to do:

1. Do I add UID/GID to 'environment' variable and set it to a) my UID/GID b) 99:100 c) 998:100

version: "3.3"
services:
  pinchflat:
    ports:
      - 8945:8945
    environment:
      - TZ = Australia/Sydney
      - UID = 998
      - GID = 100
    volumes:
      - /volume1/docker/pinchflat/config:/config
      - /volume1/docker/pinchflat/downloads:/downloads
    image: keglin/pinchflat:latest
networks: {}

2. Something else?

[kieraneglin]

So just to be ultimately clear, the PUID and PGID environment variables actually have nothing to do with Docker or Linux by default. It's a convention put into place by Linuxserver (and others), but the presence of those environment variables doesn't actually do anything automatically. So you can remove those guys entirely.

Instead, add a line of user: '99:100' to that service (you can see an example in one of the recent messages of #105 - I'm on my phone right now or I would paste it myself). You may also have to change the ownership of those directories with the commands mentioned earlier 🤙🏻

[gelof2022]

Got it!

Works now!

Below is my compose:

version: "3.3"
services:
  pinchflat:
    ports:
      - 8945:8945
    environment:
      - TZ = Australia/Sydney
    volumes:
      - /volume1/docker/pinchflat/config:/config
      - /volume1/docker/pinchflat/downloads:/downloads
    image: keglin/pinchflat:latest
    user: '1030:100'
networks: {}

I also made my user (id 1030) the owner of all the relevant directories (these previously were own by a different user).

[kieraneglin]

I'm closing this issue now that #114 is merged in. It's still relevant of course, but I'm hoping that the improved error messaging will help.

Discussion is still open so please post here if you're having issues! I'm closing it because I don't feel it's an issue of the app, rather it's one of the host machine. But that doesn't mean you can't post if you need support!

[C8opmBM]

You don't feel this is an issue of the app. Well, it is an issue of the app.

[kieraneglin]

@C8opmBM please keep it civil. This is objectively not an issue of the app, it's an issue of the host filesystem that impacts the app. Indeed I could just crank all permissions and have it run as root (like many other containers do), but that'd have negative implications for any other app that tries to interact with your downloaded content. That's not to say I'm not going to continue to try to fix it, but the root of the problem is external to the application.

I'm sure there's some way to resolve this, but I'm not a DevOps guy and I've exhausted my ideas. I'm open to pull requests!

[Brancliff]

It's me, I'm the person still having the problem
From the startup error message:

"Or adding user: '99:100' to the Pinchflat service of your Docker Compose"

I did that and I'm still having problems. Here's my Docker-compose:

version: "3.3"
services:
pinchflat:
image: keglin/pinchflat:latest
user: '99:100'
ports:
- '4009:8945' # Yeah I changed this part just for convenience, it shouldn't be a factor
volumes:
- /path/to/config:/config
- /path/to/downloads:/downloads

[tiritibambix]

It's me, I'm the person still having the problem From the startup error message:

"Or adding user: '99:100' to the Pinchflat service of your Docker Compose"

I did that and I'm still having problems. Here's my Docker-compose:

version: "3.3" services: pinchflat: image: keglin/pinchflat:latest user: '99:100' ports: - '4009:8945' # Yeah I changed this part just for convenience, it shouldn't be a factor volumes: - /path/to/config:/config - /path/to/downloads:/downloads

Be sure to read all answers in the topic.
There is a folder permission issue that should be handled this way before deploying:

mkdir -vp .../Pinchflat/{config,downloads} \
&& chown -R nobody /Pinchflat \
&& chmod -R 755 /Pinchflat

Then, you don't have to use 99:100.
As a reference, here is my docker-compose:

version: "3.3"
services:
  pinchflat:
    environment:
      - BASIC_AUTH_USERNAME=user
      - BASIC_AUTH_PASSWORD=password
      - PUID=998
      - PGID=100
    ports:
      - 8945:8945
    volumes:
      - .../Pinchflat/config:/config
      - .../Pinchflat/downloads:/downloads
    image: keglin/pinchflat:latest

[kieraneglin]

I'm hoping the changes in #157 will improve the permissions issue in some cases 🤙. Those will be deployed as part of v0.1.7

[hozza]

I'm hoping the changes in #157 will improve the permissions issue in some cases 🤙. Those will be deployed as part of v0.1.7

I'm having issues with starting due to perms also. I understand that you're going for a better approach than the env var PUID/PGIU convention, but it's not clear how to actually make it work IMO. I'd rather not change my directory perms as my user can read/write as needed.

Does #157 change the steps mentioned above to make perms work?

I have directories owned by user, docker is run as deamon by root, I'm using docker-compose (via sudo) and usually set PUID/PGIU to 1000. I've tried "user: 1000:1000" and "user: 1000:100" without any luck.

EDIT: I gave up trying to keep my usual user perms and used chmod 775/chown nobody, and this now starts. Although not sure how my other containers will react, as they use files in these directories as user/1000. Edit 2: you need to chown/chmod the parent folder also.

[kieraneglin]

@hozza #157 should clear it up so that if the host's docker user can write to the directories, so can the container. That should be out later today!

edit: v0.1.7 (which includes #157) is pushed!

[akzov]

It creates files as root now, I want to create them as 1000:100 so I can modify them from an SMB share.

[akzov]

I believe this is because it's using 0o755 when it needs to be 0o760 to allow group members to write