Insufficient permissions for auto mounts

Hi

I have an nginx Docker container that needs to access a directory on an auto-mounted external hard disk (/media/mydisk/directory). Here's the mount:

$ mount | grep mydisk
/dev/sda2 on /var/media/mydisk type exfat (rw,nosuid,nodev,noexec,noatime,fmask=0022,dmask=0022,iocharset=utf8,errors=remount-ro)

$ ls -ld /media/mydisk/directory
drwxr-xr-x    2 root     root       [...]

The directory is available to the container with a bind mount (-v /media/mydisk/directory:/directory) and I can access it. I can however only read from it. But my container needs write access.

Running whoami from PHP returns "nobody", and thus is_writable("/directory") says "false". I think it's basically the same problem reported here: Docker containers and permissions in LE - except that I can't format the drive with extfs.

What options do I have?

• Is it possible to have the drive auto-mounted with 777? (dmask=0000, but how?)
• Should/can I run nginx as root? (tried to set user root; in config/nginx/nginx.conf, but that had no effect)
• Maybe I could modify the sudoers and run a command from within the container with sudo? (a test was unsuccessful)
• Any other ideas?

Thanks, Steffen

Quote from fenjen

Is it possible to have the drive auto-mounted with 777? (dmask=0000, but how?)

The config file of udevil shows other defaults for exfat 🤔

$ grep default_options_exfat /etc/udevil/udevil.conf
default_options_exfat     = nosuid, noexec, nodev, noatime

The log entries:

Mar 25 21:38:13 LibreELEC systemd[1]: Starting [email protected]...
Mar 25 21:38:14 LibreELEC udevil[509]: Mounted /dev/sda2 at /media/mydisk
Mar 25 21:38:16 LibreELEC systemd[1]: Finished [email protected].

Quote from fenjen

Should/can I run nginx as root?

nginx runs as root, php-fpm doesn't. In order to have php-fpm run as root:

# /storage/.kodi/userdata/addon_data/docker.linuxserver.nginx/config/php/www2.conf
user = root
group = root

This will lead to medium frequent log messages

[25-Mar-2024 22:59:32] ERROR: [pool www] please specify user and group other than root
[25-Mar-2024 22:59:32] ERROR: FPM initialization failed
[25-Mar-2024 22:59:33] ERROR: [pool www] please specify user and group other than root
[25-Mar-2024 22:59:33] ERROR: FPM initialization failed
[25-Mar-2024 22:59:34] ERROR: [pool www] please specify user and group other than root
[25-Mar-2024 22:59:34] ERROR: FPM initialization failed
[25-Mar-2024 22:59:36] ERROR: [pool www] please specify user and group other than root
[25-Mar-2024 22:59:36] ERROR: FPM initialization failed

It's still possible to set root:

sed -i 's~exec /usr/sbin/php-fpm83 -F~& -R~' /etc/s6-overlay/s6-rc.d/svc-php-fpm/run

While this is an incredibly evil hack, it gives php-fpm write access to the external hard disk. Well, an incredibly evil hack is better than nothing.

What I don't understand is, that even is this command is executed as a custom setup script (described in https://docs.linuxserver.io/general/contai…#custom-scripts) I need to once:

docker restart nginx

🤯 ...this doesn't make sense to me.

Quote

Maybe I could modify the sudoers and run a command from within the container with sudo

Tried to add ALL ALL=(ALL) NOPASSWD:ALL to the sudoers file. The first attempt didn't work, so I stopped because I don't think this is a step in the right direction.

Quote

Any other ideas?

Not yet

Quote from aptalca

Did you try chowning the folder mapped into nginx as nobody?

root@ecec748ccde7:/# chown nobody:nobody downloads/
chown: changing ownership of 'downloads/': Operation not permitted

Quote from HiassofT

adjust udevil mount options in latest LE11 and LE12 images by copying /etc/udevil/udevil.conf to /storage/.config/udevil.conf and then editing the file.

Yes, that's it! Thanks!!