Persistence folder permission denied

[CosminC82]

Hello,

First of all, I am really a beginer with Docker, however, I do have some containers running via docker-compose, behind Traefik reverse proxy with Google OAuth. I am trying to run OmniDB instead an already functioning PHPMyAdmin container, but I get a permission denied when running the command with volume mount for config persistance. Without the volume mount, the container starts succesfully.

`cosmin@server:~$ docker run -it --rm -v /home/cosmin/docker/omnidb:/etc/omnidb -p 127.0.0.1:8080:8080 -p 127.0.0.1:25482:25482 taivokasper/omnidb
Unable to find image 'taivokasper/omnidb:latest' locally
latest: Pulling from taivokasper/omnidb
e6b0cf9c0882: Already exists
72d79304a186: Pull complete
Digest: sha256:2589bd9925fe30f1368c5269e87082cad122a74255242d298e5077b61144d33f
Status: Downloaded newer image for taivokasper/omnidb:latest
Traceback (most recent call last):
File "omnidb-server.py", line 70, in
import OmniDB.runtime_settings
File "/opt/OmniDB-2.17.0/OmniDB/OmniDB/runtime_settings.py", line 20, in
shutil.copyfile(os.path.join(BASE_DIR, 'omnidb.conf'), CONFFILE)
File "/usr/lib/python3.8/shutil.py", line 259, in copyfile
with open(src, 'rb') as fsrc, open(dst, 'wb') as fdst:
PermissionError: [Errno 13] Permission denied: '/etc/omnidb/omnidb.conf'

Same issue also in docker compose. I have the relevant section like this:

omnidb:
image: taivokasper/omnidb
container_name: omnidb
hostname: omnidb
ports:
- 9090:8080
- 25482:25482
volumes:
- ${USERDIR}/docker/omnidb:/etc/omnidb
networks:
- traefik_proxy
- default
labels:
traefik.enable: "true"
traefik.backend: omnidb
traefik.protocol: http
traefik.port: 8080
traefik.frontend.rule: Host:test.${DOMAINNAME}
traefik.frontend.headers.SSLHost: test.${DOMAINNAME}
traefik.docker.network: traefik_proxy
traefik.frontend.passHostHeader: "true"
traefik.frontend.headers.SSLForceHost: "true"
traefik.frontend.headers.SSLRedirect: "true"
traefik.frontend.headers.browserXSSFilter: "true"
traefik.frontend.headers.contentTypeNosniff: "true"
traefik.frontend.headers.forceSTSHeader: "true"
traefik.frontend.headers.STSSeconds: 315360000
traefik.frontend.headers.STSIncludeSubdomains: "true"
traefik.frontend.headers.STSPreload: "true"
traefik.frontend.headers.customResponseHeaders: X-Robots-Tag:noindex,nofollow,nosnippet,noarchive,notranslate,noimageindex
traefik.frontend.headers.customFrameOptionsValue: 'allow-from https:${DOMAINNAME}'
traefik.frontend.auth.forward.address: "http://oauth:4181"
traefik.frontend.auth.forward.authResponseHeaders: X-Forwarded-User
traefik.frontend.auth.forward.trustForwardHeader: "true"

I tried in compose file with PUID=${PUID} and PGID=${PGID} also, as environment entries, but no go.
`

[thomasboussekey]

Hello @dayworldap ,

I'm wondering if the omnidb account in the container can read your configuration file that is located on your machine.

Can you tell me what is the content of your local folder /home/cosmin/docker/omnidb, thanks to the command:

ls -al  /home/cosmin/docker/omnidb/

There must be a omnidb.conf file.

@taivokasper , maybe we should copy a template version of this configuration file omnidb.conf if it doesn't exist into the exposed volume?

Hope this helps,
Thomas

[CosminC82]

The conf file doesn't get created at all, ls -al output:

total 8
drwxr-xr-x+ 2 root root 4096 iun 13 21:40 .
drwxrwxr-x+ 16 cosmin cosmin 4096 iun 13 21:46 ..

When I run docker exec id command on the container, it shows me the ids as per dockerfile, user omnidb, group omnidb. Maybe this is the issue? I would try to rebuild the image locally, replacing those with my host user and docker group - would this be one way to go?

Thank you!

[CosminC82]

Ok, this can be somwhat considered solved... Building a local image works - use the dockerfile from this repo, and remove the line

USER omnidb

Maybe it is not the correct way to resolve the problem, but now I am running an OmniDB container.
Thanks!