Running into user permission errors within Docker container #29
Comments
|
By default bandcampsync in a container creates a non-root user inside the container to run the service as. This user is called "app". You don't need to create this on the host, this is just the non-root user the process drops to inside the container. To make it easy for most people to set the UID and GID of the bandcampsync process (the "old" way of doing container permissions before rootless was a thing) the container dynamically changes the UID and GID of the "app" user in the container, then uses You can change the UID and GID by setting the Your error is because you're trying to run the container rootless as the user 1000 locally. This means that the container doesn't have permission to modify the UID and GID of the "app" user inside the container. The "fix" in your case is just to remove the I'll look at making the container work better in rootless environments in the future so this isn't annoying. If you're concerned with the security of not using a rootless container you can see exactly what the container is doing here: https://github.com/meeb/bandcampsync/blob/main/entrypoint.sh Basically, I was dropping permissions from root before rootless was cool. |
|
Thanks for your excellent response! I removed the So the command in total was docker run -d --name bandcampsync -e PUID=$(id -u) -e PGID=$(id -g) -e TZ="Europe/London" -e RUN_DAILY_AT=3 -v /home/james/bandcampsync/config:/config -v /mnt/1tb_ssd/Media/Music/Bandcamp:/downloads ghcr.io/meeb/bandcampsync:latest
usermod: no changes
Set service UID:GID to 1000:1000
2025-02-13 20:58:13,910 service [INFO] BandcampSync v0.4.2 starting
2025-02-13 20:58:13,911 service [INFO] Loaded cookies from "/config/cookies.txt"
2025-02-13 20:58:13,911 service [INFO] Time now in Europe/London: 2025-02-13 20:58:13+00:00
2025-02-13 20:58:13,911 service [INFO] Running an initial one-off synchronisation immediately
2025-02-13 20:58:13,911 service [INFO] Starting synchronisationI won't post the next bit because it looks sensitive. But when it comes to downloading and creating directories, similar permission errors are occurring. Here's two examples: If this is too much effort for you to assist me on, just let me know. I was hoping to use the Docker version, but I could just run the Python-only version. Thanks for your time! |
|
That new error just means whatever UID and GID you're running the container as doesn't have permission to create directories or write files to You can also test permissions by dropping a shell into the container while it's running with something like: $ docker exec -ti bandcampsync bashThen poking about in The rest of the container seems to be working now, other than permissions on your downloads volume. |
|
Did you fix this? |
|
Hey. Not yet. I've been completely wiped out with illness in between and
also completely disabled my computer by messing with the fstab, and the dog
chewed my rescue USB. But I will return to this and let you know how I get
on. I appreciate your help.
…On Sun, 16 Feb 2025, 05:35 meeb, ***@***.***> wrote:
Did you fix this?
—
Reply to this email directly, view it on GitHub
<#29 (comment)>,
or unsubscribe
<https://github.com/notifications/unsubscribe-auth/AL2GHBTY32ZQJ7I3ROSACRT2QAPQ5AVCNFSM6AAAAABXCOQMJSVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMZDMNRRGI2TMMZWGM>
.
You are receiving this because you authored the thread.Message ID:
***@***.***>
[image: meeb]*meeb* left a comment (meeb/bandcampsync#29)
<#29 (comment)>
Did you fix this?
—
Reply to this email directly, view it on GitHub
<#29 (comment)>,
or unsubscribe
<https://github.com/notifications/unsubscribe-auth/AL2GHBTY32ZQJ7I3ROSACRT2QAPQ5AVCNFSM6AAAAABXCOQMJSVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMZDMNRRGI2TMMZWGM>
.
You are receiving this because you authored the thread.Message ID:
***@***.***>
|
|
Well that sounds like an eventful weekend! No rush, let me know when you get a chance to test it. |
Hi, I would prefer to run bandcampsync within a docker container if possible but I am having some trouble.
After running the container with
docker run -d --name bandcampsync -u 1000:1000 -e TZ="Europe/London" -e RUN_DAILY_AT=3 -v /home/james/bandcampsync/config:/config -v /mnt/1tb_ssd/Media/Music/Bandcamp:/downloads ghcr.io/meeb/bandcampsync:latestI am unfortunately getting some permission denied errors. Where is "app" coming from? Is this a user? If so do I need to create that? I didn't see that in the instructions.
Thanks for any help you can give.
The text was updated successfully, but these errors were encountered: