Container doesn't work (due to permission issue ?)

[Zciwobukaj]

Hello,

I just install the container on my synology.
When i start it, the logs are as below :

[s6-init] making user provided files available at /var/run/s6/etc...exited 0.
s6-chown: fatal: unable to chown /var/run/s6/etc/services.d/nginx/run: Operation not permitted
s6-chown: fatal: unable to chown /var/run/s6/etc/services.d/php-fpm7/run: Operation not permitted
[s6-init] ensuring user provided files have correct perms...exited 0. 
[fix-attrs.d] applying ownership & permissions fixes... 
[fix-attrs.d] done. 
[cont-init.d] executing container initialization scripts... 
[cont-init.d] done. 
[services.d] starting services 
[services.d] done.
2020/03/11 09:35:27 [warn] 185#185: the "user" directive makes sense only if the master process runs with super-user privileges, ignored in /etc/nginx/nginx.conf:2 
nginx: [warn] the "user" directive makes sense only if the master process runs with super-user privileges, ignored in /etc/nginx/nginx.conf:2 
[11-Mar-2020 09:35:27] NOTICE: [pool www] 'user' directive is ignored when FPM is not running as root 
[11-Mar-2020 09:35:27] NOTICE: [pool www] 'user' directive is ignored when FPM is not running as root 
[11-Mar-2020 09:35:27] NOTICE: [pool www] 'group' directive is ignored when FPM is not running as root 
[11-Mar-2020 09:35:27] NOTICE: [pool www] 'group' directive is ignored when FPM is not running as root 
[11-Mar-2020 09:35:27] NOTICE: fpm is running, pid 183 
[11-Mar-2020 09:35:27] NOTICE: ready to handle connections

Later, I try run container with super privilege but still I get the first error lines.
When I connect to my privatebin url, the website is displayed correctly but as soon as i try send content to server I have this error : Impossible de créer le paste : Le serveur ne répond pas ou a rencontré une erreur (in english : Impossible to create the paste : the server doesn't answer or encountered an error)

Looking to the logs, I have this :

2020-03-11 09:51:52	stdout	172.17.0.1 - - [11/Mar/2020:09:51:52 +0000] "POST / HTTP/1.1" 500 5 "-" "Mozilla/5.0 (Windows NT 6.1; rv:73.0) Gecko/20100101 Firefox/73.0" "81.56.29.188"
2020-03-11 09:51:52	stderr	  thrown in /srv/lib/Persistence/AbstractPersistence.php on line 99" while reading response header from upstream, client: 172.17.0.1, server: , request: "POST / HTTP/1.1", upstream: "fastcgi://unix:/run/php-fpm.sock:", host: "paste.jakubowicz.me"
2020-03-11 09:51:52	stderr	#5 {main}
2020-03-11 09:51:52	stderr	#4 /var/www/index.php(18): PrivateBin\Controller->__construct()
2020-03-11 09:51:52	stderr	#3 /srv/lib/Controller.php(125): PrivateBin\Controller->_create()
2020-03-11 09:51:52	stderr	#2 /srv/lib/Controller.php(201): PrivateBin\Persistence\TrafficLimiter::canPass()
2020-03-11 09:51:52	stderr	#1 /srv/lib/Persistence/TrafficLimiter.php(104): PrivateBin\Persistence\AbstractPersistence::_exists('traffic_limiter...')
2020-03-11 09:51:52	stderr	#0 /srv/lib/Persistence/AbstractPersistence.php(72): PrivateBin\Persistence\AbstractPersistence::_initialize()
2020-03-11 09:51:52	stderr	Stack trace:
2020-03-11 09:51:52	stderr	2020/03/11 09:51:52 [error] 202#202: *23 FastCGI sent in stderr: "PHP message: PHP Fatal error:  Uncaught Exception: unable to write to file /srv/data/.htaccess in /srv/lib/Persistence/AbstractPersistence.php:99

I saw in documentation that uid and gid must be set to specific values but I don't have idea how to do this...

Thanks in advance for your help.
Julien

[elrido]

Hi Julien,

The first part of the logs (till 09:35:27) are expected. As you correctly deduced from the second part of the logs, the permissions of your persistent volume aren't correct. I don't know if your synology lets you access the underlying Linux via shell, so here are two ways you can change those permissions:

1. If you do get some kind of shell access, for example via ssh or a web terminal, you just need to execute a chown command: chown 65534:82 /[path on the synology that you use as a volume].
2. If you can't directly execute commands, but can run containers, just run that command in a container with its root user. For example start the busybox container with the same path as the privatebin volume, but attached to the busybox /mnt path and let it run the command chown 65534:82 /mnt for you. Once this has run for the first time, the privatebin container will have the permissions to write into that path.

Finally, if you don't intend to preserve any of the content stored in privatebin when upgrading it, you can run the container without a persistent volume. Every time you upgrade privatebin you would start from a clean state and all previous pastes would be lost, but you wouldn't have to deal with permissions.

[Zciwobukaj]

Hi @elrido ,
I'm so sorry to not answer you, I could solve my issue thanks to your help.

Have a nice day.
Julien