Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Docker container issue: Folder not writable: /private/logs/ #256

Closed
ghost opened this issue Aug 14, 2021 · 15 comments
Closed

Docker container issue: Folder not writable: /private/logs/ #256

ghost opened this issue Aug 14, 2021 · 15 comments

Comments

@ghost
Copy link

ghost commented Aug 14, 2021

Docker container created out of the image from your Docker file is not working properly - after accessing website, it says:

Folder not writable: /private/logs/
@alcalbg
Copy link
Member

alcalbg commented Aug 16, 2021

cc @norweeg

@norweeg
Copy link
Contributor

norweeg commented Aug 16, 2021
edited
Loading

@alcalbg @s-kaczmarek That's very odd. Firstly I will say I built and am currently using the docker image constructed by the Dockerfile as it exists in my recent PR #254 and do not have this issue. In the Dockerfile, the directories /var/www/filegator/repository and /var/www/filegator/private are declared to be volumes (see lines 28-29), meaning that, if you do not mount a named docker volume or bind mount another directory there, an anonymous volume will be created. How did you start your container?? Please note that, if you used a bind mount, the bind-mounted directory on your host must be writable by the user www-data (UID 33), the user ID that the apache process serving filegator runs as. Similarly, any data directories filegator is serving should also be at least readable by www-data, and writable by that user if you intend to upload data via filegator. If you are running the container as your own UID rather than the default user, consider using GID 33 (www-data) so that process has permission to write into those directories, or, even better, use the default UID, but specify your GID and adjust the permissions of your data (mounted in /var/www/filegator/repository) to 0775 (rwxrwxr-x) so that both www-data and you can freely read/write in those directories..

@ghost
Copy link
Author

ghost commented Aug 19, 2021

This is how I run this container, with docker-compose file:

version: '2'
services:
  filegator:
    build: .
    image: filegator:latest
    restart: always
    ports:
      - "8080:80"
    volumes:
      - ~/filegator/repository:/var/www/filegator/repository
      - ~/filegator/private:/var/www/filegator/private

volumes:
  repository:
  private:

Maybe I messed up something with it, I don't know... Should I set GID 33 in docker compose file? Could you please give me an example of docker-compose file?

@norweeg
Copy link
Contributor

norweeg commented Aug 20, 2021
edited
Loading

what are the permissions on ~/filegator/repository and ~/filegator/private? Can you show me the output of ls -l -n ~/filegator. I suspect it will say something like

drwxr-xr-x 1000 1000 private
drwxr-xr-x 1000 1000 repository

I think

drwxrwxr-x 1000 33 private
drwxrwxr-x 1000 33 repository

would probably be preferable so that you, outside the container (1000) and the filegator process inside the container (33) both have rwx on those directories

chmod -R g+w ~/filegator && chown -R 1000:33 ~/filegator should set those permissions for you

chmod -R g+w ~/filegator && chown -R 33:1000 ~/filegator could probably work too. Only difference is that the www-data user inside the container would own the files rather than you user outside the container, though both would have rwx to the files either way

@ghost
Copy link
Author

ghost commented Aug 23, 2021

Thanks for your answer! Unfortunately, that didn't fix the issue. I still see error:

Folder not writable: /private/logs/

Further investigation and I've found, that this folder doesn't exist, so I decided to create it manually:

docker_admin@docker_test3:~/filegator$ cd private/
docker_admin@docker_test3:~/filegator/private$ ls -al
total 8
drwxrwxrwx 2 docker_admin www-data 4096 Aug 14 17:18 .
drwxrwxr-x 4 docker_admin www-data 4096 Aug 14 17:22 ..
docker_admin@docker_test3:~/filegator/private$ mkdir logs
docker_admin@docker_test3:~/filegator/private$ ls -al
total 12
drwxrwxrwx 3 docker_admin www-data     4096 Aug 23 17:46 .
drwxrwxr-x 4 docker_admin www-data     4096 Aug 14 17:22 ..
drwxrwxr-x 2 docker_admin docker_admin 4096 Aug 23 17:46 logs

After a webpage refresh, this error disappeared, but left me with a blank, white page (filegator's favicon is visible). I tried to change permission to /private.logs folder to 777, but that didn't work too.

docker_admin@docker_test3:~/filegator/private$ ls -al
total 16
drwxrwxrwx 4 docker_admin www-data     4096 Aug 23 17:47 .
drwxrwxr-x 4 docker_admin www-data     4096 Aug 14 17:22 ..
drwxrwxrwx 2 docker_admin docker_admin 4096 Aug 23 17:47 logs
drwxr-xr-x 2 www-data     www-data     4096 Aug 23 17:47 tmp

I've changed ownership once again as you recommended in a previous post, but still blank page.

Is my docker-compose file valid? I'm not sure about this part:

volumes:
  repository:
  private:

@ghost
Copy link
Author

ghost commented Aug 23, 2021
edited by ghost
Loading

Ok, I've created a container form an image on dockerhub: https://hub.docker.com/r/kwillia/filegator_docker

My docker-compose looks like this:

version: '2'
services:
  filegator:
    image: kwillia/filegator_docker:latest
    restart: always
    ports:
      - "8080:80"
    volumes:
      - ~/filegator/repository:/var/www/filegator/repository
      - ~/filegator/private:/var/www/filegator/private

Web GUI works just fine, but I wonder if mapping of volumes works at all, because after adding a few files via web interface, I can't see them in the filesystem:

docker_admin@docker_test3:~/filegator$ ls -al
total 28
drwxrwxr-x  4 docker_admin www-data     4096 Aug 23 18:04 .
drwxr-xr-x 17 docker_admin docker_admin 4096 Aug 23 18:03 ..
-rw-rw-r--  1 docker_admin www-data     1076 Aug 14 17:17 Dockerfile
-rw-rw-r--  1 docker_admin www-data      291 Aug 14 17:22 filegator.yml
-rw-rw-r--  1 docker_admin docker_admin  258 Aug 23 18:03 filegator2.yml
drwxr-xr-x  2 root         root         4096 Aug 23 18:04 private
drwxr-xr-x  2 root         root         4096 Aug 23 18:04 repository
docker_admin@docker_test3:~/filegator$ ls -al private/
total 8
drwxr-xr-x 2 root         root     4096 Aug 23 18:04 .
drwxrwxr-x 4 docker_admin www-data 4096 Aug 23 18:04 ..
docker_admin@docker_test3:~/filegator$ ls -al repository/
total 8
drwxr-xr-x 2 root         root     4096 Aug 23 18:04 .
drwxrwxr-x 4 docker_admin www-data 4096 Aug 23 18:04 ..

@norweeg
Copy link
Contributor

norweeg commented Aug 23, 2021
edited
Loading

Ok, I've created a container form an image on dockerhub: https://hub.docker.com/r/kwillia/filegator_docker

My docker-compose looks like this:

version: '2'
services:
  filegator:
    image: kwillia/filegator_docker:latest
    restart: always
    ports:
      - "8080:80"
    volumes:
      - ~/filegator/repository:/var/www/filegator/repository
      - ~/filegator/private:/var/www/filegator/private

Web GUI works just fine, but I wonder if mapping of volumes works at all, because after adding a few files via web interface, I can't see them in the filesystem:

docker_admin@docker_test3:~/filegator$ ls -al
total 28
drwxrwxr-x  4 docker_admin www-data     4096 Aug 23 18:04 .
drwxr-xr-x 17 docker_admin docker_admin 4096 Aug 23 18:03 ..
-rw-rw-r--  1 docker_admin www-data     1076 Aug 14 17:17 Dockerfile
-rw-rw-r--  1 docker_admin www-data      291 Aug 14 17:22 filegator.yml
-rw-rw-r--  1 docker_admin docker_admin  258 Aug 23 18:03 filegator2.yml
drwxr-xr-x  2 root         root         4096 Aug 23 18:04 private
drwxr-xr-x  2 root         root         4096 Aug 23 18:04 repository
docker_admin@docker_test3:~/filegator$ ls -al private/
total 8
drwxr-xr-x 2 root         root     4096 Aug 23 18:04 .
drwxrwxr-x 4 docker_admin www-data 4096 Aug 23 18:04 ..
docker_admin@docker_test3:~/filegator$ ls -al repository/
total 8
drwxr-xr-x 2 root         root     4096 Aug 23 18:04 .
drwxrwxr-x 4 docker_admin www-data 4096 Aug 23 18:04 ..

Pushing the image to dockerhub will not change anything. Have you read up on how docker volumes work?? You appear to have created volumes, but then bind-mounted directories from your host to directories in question in your container despite that.

Here's my docker-compose.yml

version: '3.7'
services:
  filegator:
    ...
    volumes:
      # docker volumes mapped to directories in the running container
      - private:/var/www/filegator/private
      # bind-mounted data directory on docker host mounted into the container
      - /data/I/recovered/on/friends/failed/drive/data:/var/www/filegator/repository/
    ...

volumes:
  private:

the permissions on the data directory as indicated by running ls -l -n are drwxrwxr-x 1 33 33 26 Jul 24 13:30 data. I do not need to write data from the host to this folder, so my user (UID 1000) does not own this directory.

also, please always use the -n flag when showing the permissions. On my system as well as within the container image, the user www-data has UID 33. On other systems e.g. those running a red hat or alpine-derived distro, www-data could have a completely differnent UID. If you give www-data on your host (lets say it's UID 67) but www-data's UID in the container is 33, then www-data (UID 33) doesn't have write permission to the folder because www-data (UID 67 on your host) owns it, not UID 33. Run id www-data on your host and note the numeric UID of the user. if it is not 33, then that is why your bind mounts don't work.

@norweeg
Copy link
Contributor

norweeg commented Oct 19, 2021

@s-kaczmarek so where's this stand? is this resolved now for you?

@riozzi
Copy link

riozzi commented Jul 2, 2022

For me setting the ownership of the mounted directory to 33:33 fixed it. I also had another issue with a 500 error due to mounting an empty private dir, make sure the configured private dir has the initial files.

@alcalbg alcalbg closed this as completed Oct 13, 2022
@AleksOfficial
Copy link

AleksOfficial commented Aug 22, 2023
edited
Loading

Unfortunately, this is still an issue to me. I suspect changing the ownership of /var/www/filegator is not working as intended. It is probably connected to the behaviour of docker itself:

https://stackoverflow.com/questions/26145351/why-doesnt-chown-work-in-dockerfile
https://container42.com/2014/11/03/docker-indepth-volumes/

Here are the commands to reproduce the issue:

git clone https://github.com/filegator/filegator.git
docker-compose up

Screenshot 2023-08-22 at 17 14 42
buildlog.txt
ls -l -n.txt

@AleksOfficial
Copy link

Unfortunately, this is still an issue to me. I suspect changing the ownership of /var/www/filegator is not working as intended. It is probably connected to the behaviour of docker itself:

https://stackoverflow.com/questions/26145351/why-doesnt-chown-work-in-dockerfile https://container42.com/2014/11/03/docker-indepth-volumes/

Here are the commands to reproduce the issue:

git clone https://github.com/filegator/filegator.git docker-compose up

Screenshot 2023-08-22 at 17 14 42 buildlog.txt ls -l -n.txt

I was able to fix it. Following the documentation of docker: https://docs.docker.com/engine/install/ubuntu/#prerequisites the issue lies within Docker as suspected. The packages I used and that are listed in apt are unofficial Docker packages. With the newest version of docker (at the time of writing Docker Version 24.0.5) it is working as expected.

@norweeg
Copy link
Contributor

norweeg commented Aug 24, 2023

Unfortunately, this is still an issue to me. I suspect changing the ownership of /var/www/filegator is not working as intended. It is probably connected to the behaviour of docker itself:
https://stackoverflow.com/questions/26145351/why-doesnt-chown-work-in-dockerfile https://container42.com/2014/11/03/docker-indepth-volumes/
Here are the commands to reproduce the issue:
git clone https://github.com/filegator/filegator.git docker-compose up
Screenshot 2023-08-22 at 17 14 42 buildlog.txt ls -l -n.txt

I was able to fix it. Following the documentation of docker: https://docs.docker.com/engine/install/ubuntu/#prerequisites the issue lies within Docker as suspected. The packages I used and that are listed in apt are unofficial Docker packages. With the newest version of docker (at the time of writing Docker Version 24.0.5) it is working as expected.

oh wow! you were using the really old docker that is in the ubuntu apt repos? ouch! yeah, that'll cause a LOT of issues. I have only ever used docker as setup from docker's own repos, so I guess that explains why I could not reproduce your problem. I also chown'd my log directory external to the docker build process

@Bortus-AI
Copy link

Still having this issue :( Any solution? I have tried everything in this thread

@Bortus-AI
Copy link

found the fix. Had to clone the repo and copy over the private folder and files to my mount. Then ran docker exec -u root filegator chown -R www-data:www-data /var/www/filegator/

Only works if I copy over the private folder with its files.

@norweeg
Copy link
Contributor

norweeg commented Mar 9, 2024

found the fix. Had to clone the repo and copy over the private folder and files to my mount. Then ran docker exec -u root filegator chown -R www-data:www-data /var/www/filegator/

Only works if I copy over the private folder with its files.

the filegator image is based on debian buster and debian uses UID 33 for the www-data user, so you could also just chown -R 33:33 /path/to/your/bind/mount on the host system too. The bottom line is the folder must have read/write permissions one way or another for UID 33 (www-data).

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
5 participants
@alcalbg @norweeg @riozzi @AleksOfficial @Bortus-AI