UID and GID don't seem to work

[LorneCash]

I'm running this container on a Synology and I'm having trouble viewing folder contents.
I've set the parameters USER_ID and GROUP_ID but I'm still unable to view folder contents. The only way I've been able to view the contents is if I add EVERYONE:ro permission to each folder I want to backup. This is really not an acceptable solution long term and if anyone can help please lmk. I'm really not sure if this is a bug with the container or if I'm missing something.

Using Portainer I've connected to the Exec Console using /bin/sh:

As root I can cd and ls to see all the files and I get this:

/tmp # getent passwd
root::0:0::/root:/sbin/nologin
app::1000:1000::/config:/sbin/nologin

As XXXX I CANNOT cd and ls to see all the files and I get this:

/tmp $ getent passwd
root::0:0::/root:/sbin/nologin
app::XXXX:XXX::/config:/sbin/nologin

I'm not sure if that means anything (I'm not that familiar with Linux, I just searched how to list all users).

/storage $ ls Logs
ls: can't open 'Logs': Permission denied

For reference here's my Portainer Stack (Docker-Compose file):

version: '3'
services:
  crashplan-pro:
    container_name: CrashPlan
    hostname: XXXXXX
    image: jlesage/crashplan-pro
    ports:
      - "5800:5800"
    volumes:
      - "/volume1/docker/crashplan:/config:rw"
      - "/volume1:/storage:ro"
    environment:
    - GROUP_ID=XXX
    - USER_ID=XXXX
    - CRASHPLAN_SRV_MAX_MEM=2048M
    restart: unless-stopped

[jlesage]

First, with Synology you cannot map /volume1 directly to the container. This will create issues where the content may disappear from the container point of view. Instead, you need to map each subfolders. For example:

- "/volume1/FolderA:/storage/FolderA:ro"
- "/volume1/FolderB:/storage/FolderB:ro"

Then, you need to check what is the owner and group of /volume1/FolderA and /volume1/FolderB. This will help determine what values to use in USER_ID and GROUP_ID.

This might also help:
https://github.com/jlesage/docker-crashplan-pro#usergroup-ids

[LorneCash]

I set the folders as you said to be under the storage folder and I created a user (in the Synology Control Panel) specifically for (and called) "CrashPlan". I ran the command 'id' to get the new CrashPlan user's UID and GID and set those in the Portainer Stack, but I still can't browse into folders without the EVERYONE read permission. The folder was created by my admin user's account. I was previously using that admin users UID.

[jlesage]

What are the user, group and permissions associated to the files/folder themselves ? If they are not owned by the "CrashPlan" user you created, you have to make sure that files/folders have a group in which the "CrashPlan" user is part of.

Maybe you can share some real examples. Running ls -l /volume1 will help.

[LorneCash]

Here's the relevant output from the ls -l /volume1:
drwxrwxrwx+ 1 root root 362 Apr 12 14:02 Archives
drwxrwxrwx+ 1 root root 194 Apr 12 13:51 Downloads
drwxrwxrwx+ 1 root root 46 Apr 12 14:02 Drive
drwxrwxrwx+ 1 root root 66 Apr 2 04:21 Logs
drwxrwxrwx+ 1 root root 160 Apr 12 13:51 Media

I had all the permissions for the "CrashPlan" user assigned to the user itself but now I created a new group called "Backup" and set the permissions there and removed them from the user. (Read Only for all the folders listed)

running id before:
uid=1029(CrashPlan) gid=100(users) groups=100(users)
running id now:
uid=1029(CrashPlan) gid=100(users) groups=100(users),65538(Backup)

I was using USER_ID: 1029 and GROUP_ID: 100 now GROUP_ID: 65538

In the Synology File Station UI when I view the permissions on every folder that "CrashPlan" should have RO access to, I can see that that the group permission exists on that folder.

[jlesage]

Here's the relevant output from the ls -l /volume1:
drwxrwxrwx+ 1 root root 362 Apr 12 14:02 Archives
drwxrwxrwx+ 1 root root 194 Apr 12 13:51 Downloads
drwxrwxrwx+ 1 root root 46 Apr 12 14:02 Drive
drwxrwxrwx+ 1 root root 66 Apr 2 04:21 Logs
drwxrwxrwx+ 1 root root 160 Apr 12 13:51 Media

Do you see the same thing inside the container ?

docker exec <container name> ls -ld /storage
docker exec <container name> ls -l /storage

[LorneCash]

I couldn't run those commands logged in as my admin user, I had to be root. I hope that's ok.

root@XXX:~# docker exec CrashPlan ls -ld /storage
drwxr-xr-x 1 root root 76 Apr 13 05:53 /storage

root@XXX:~# docker exec CrashPlan ls -l /storage
total 0
dr-xr-xr-x 1 root root 362 Apr 12 19:02 Archives
drwx------ 1 root root 138 Apr 2 09:21 Cloud Sync
d--------- 1 root root 46 Apr 12 19:02 Drive
d--------- 1 root root 160 Apr 12 18:51 PlexMedia
drwxr-xr-x 1 root root 316 Apr 19 08:41 docker

[LorneCash]

@jlesage Following up, did you have any more thoughts on this or things I can try? Can you tell if I'm doing something wrong here?

[jlesage]

I'm a little bit confused with all this. Can you please share your latest compose file. Also, please share again the output of these commands (run as root):

ls -l /volume1

docker exec CrashPlan ls -l /storage