Insufficient permissions for auto mounts

  • Hi

    I have an nginx Docker container that needs to access a directory on an auto-mounted external hard disk (/media/mydisk/directory). Here's the mount:

    Bash
    $ mount | grep mydisk
    /dev/sda2 on /var/media/mydisk type exfat (rw,nosuid,nodev,noexec,noatime,fmask=0022,dmask=0022,iocharset=utf8,errors=remount-ro)
    
    $ ls -ld /media/mydisk/directory
    drwxr-xr-x    2 root     root       [...]

    The directory is available to the container with a bind mount (-v /media/mydisk/directory:/directory) and I can access it. I can however only read from it. But my container needs write access.

    Running whoami from PHP returns "nobody", and thus is_writable("/directory") says "false". I think it's basically the same problem reported here: Docker containers and permissions in LE - except that I can't format the drive with extfs.

    What options do I have?

    • Is it possible to have the drive auto-mounted with 777? (dmask=0000, but how?)
    • Should/can I run nginx as root? (tried to set user root; in config/nginx/nginx.conf, but that had no effect)
    • Maybe I could modify the sudoers and run a command from within the container with sudo? (a test was unsuccessful)
    • Any other ideas?

    Thanks, Steffen

  • Go to Best Answer
  • Is it possible to have the drive auto-mounted with 777? (dmask=0000, but how?)

    The config file of udevil shows other defaults for exfat 🤔

    Bash
    $ grep default_options_exfat /etc/udevil/udevil.conf
    default_options_exfat     = nosuid, noexec, nodev, noatime

    The log entries:

    Code
    Mar 25 21:38:13 LibreELEC systemd[1]: Starting [email protected]...
    Mar 25 21:38:14 LibreELEC udevil[509]: Mounted /dev/sda2 at /media/mydisk
    Mar 25 21:38:16 LibreELEC systemd[1]: Finished [email protected].

    Should/can I run nginx as root?

    nginx runs as root, php-fpm doesn't. In order to have php-fpm run as root:

    Code
    # /storage/.kodi/userdata/addon_data/docker.linuxserver.nginx/config/php/www2.conf
    user = root
    group = root

    This will lead to medium frequent log messages

    Code
    [25-Mar-2024 22:59:32] ERROR: [pool www] please specify user and group other than root
    [25-Mar-2024 22:59:32] ERROR: FPM initialization failed
    [25-Mar-2024 22:59:33] ERROR: [pool www] please specify user and group other than root
    [25-Mar-2024 22:59:33] ERROR: FPM initialization failed
    [25-Mar-2024 22:59:34] ERROR: [pool www] please specify user and group other than root
    [25-Mar-2024 22:59:34] ERROR: FPM initialization failed
    [25-Mar-2024 22:59:36] ERROR: [pool www] please specify user and group other than root
    [25-Mar-2024 22:59:36] ERROR: FPM initialization failed

    It's still possible to set root:

    Bash
    sed -i 's~exec /usr/sbin/php-fpm83 -F~& -R~' /etc/s6-overlay/s6-rc.d/svc-php-fpm/run

    While this is an incredibly evil hack, it gives php-fpm write access to the external hard disk. Well, an incredibly evil hack is better than nothing.

    What I don't understand is, that even is this command is executed as a custom setup script (described in https://docs.linuxserver.io/general/contai…#custom-scripts) I need to once:

    Bash
    docker restart nginx

    🤯 ...this doesn't make sense to me.

    Quote

    Maybe I could modify the sudoers and run a command from within the container with sudo

    Tried to add ALL ALL=(ALL) NOPASSWD:ALL to the sudoers file. The first attempt didn't work, so I stopped because I don't think this is a step in the right direction.

    Quote

    Any other ideas?

    Not yet :(

  • FYI: you can adjust udevil mount options in latest LE11 and LE12 images by copying /etc/udevil/udevil.conf to /storage/.config/udevil.conf and then editing the file. After that reboot so the changes take effect.

    Note that you'll also have to adjust allowed_options_exfat in addition to default_options_exfat

    so long,

    Hias

  • Did you try chowning the folder mapped into nginx as nobody?

    Bash
    root@ecec748ccde7:/# chown nobody:nobody downloads/
    chown: changing ownership of 'downloads/': Operation not permitted

    adjust udevil mount options in latest LE11 and LE12 images by copying /etc/udevil/udevil.conf to /storage/.config/udevil.conf and then editing the file.

    Yes, that's it! Thanks!!