One docker container, one samba share and permissions Problems

Question

following docker command:

sudocker run --restart unless-stopped --name lancache -v /mnt/steamcache/CacheServer/cache:/data/cache -v /mnt/steamcache/CacheServer/logs:/data/logs -p My-Server-IP:80:80 lancachenet/monolithic:latest

also my mount command:

sudo mount -t cifs -o username=MYUSERNAME //My-Samba-File-Server-IP/games /mnt/steamcache

Docker is able to create two folders in my samba share but hasnt got permission to create folders into that folder "cache".

2020/09/01 16:41:28 [crit] 1752#1752: *1 mkdir() "/data/cache/cache/7d" failed (13: Permission denied) while reading upstream, client: Client-IP, server: , request: "GET /depot/1/manifest/5928322771446233610/5 HTTP/1.1", upstream: "http://155.133.248.29:80/depot/1/manifest/5928322771446233610/5", host: "cache18-ams1.steamcontent.com" 2020/09/01 16:41:28 [crit] 1752#1752: *2 mkdir() "/data/cache/cache/c2" failed (13: Permission denied) while reading upstream, client: Client-IP, server: , request: "GET /depot/3/manifest/8096513071444961518/5 HTTP/1.1", upstream: "http://155.133.248.29:80/depot/3/manifest/8096513071444961518/5", host: "cache18-ams1.steamcontent.com" 2020/09/01 16:41:28 [crit] 1754#1754: *3 mkdir() "/data/cache/cache/3e" failed (13: Permission denied) while reading upstream, client: Client-IP, server: , request: "GET /depot/2/manifest/2139852524811213490/5 HTTP/1.1", upstream: "http://155.133.248.13:80/depot/2/manifest/2139852524811213490/5", host: "cache2-ams1.steamcontent.com" 2020/09/01 16:41:28 [crit] 1753#1753: *5 mkdir() "/data/cache/cache/78" failed (13: Permission denied) while reading upstream, client: Client-IP, server: , request: "GET /depot/74/manifest/5000716531281502924/5 HTTP/1.1", upstream: "http://155.133.248.13:80/depot/74/manifest/5000716531281502924/5", host: "cache2-ams1.steamcontent.com" 2020/09/01 16:44:27 [crit] 1755#1755: *12 mkdir() "/data/cache/cache/2b" failed (13: Permission denied) while reading upstream, client: Client-IP, server: , request: "GET /appinfo/1042420/sha/c87d5ae3d06609fd093145ed24417160ca271eef.txt.gz HTTP/1.1", upstream: "http://95.101.90.177:80/appinfo/1042420/sha/c87d5ae3d06609fd093145ed24417160ca271eef.txt.gz", host: "clientconfig.akamai.steamstatic.com"

Any suggestions what am i doing wrong?

Thank you.

EDIT: I use Ubuntu on a vm. Samba-Share belongs to Synology NAS.

No one has a clue?

Answer 1

ProMo's answer led me in the right direction, I had to add the www-user's ids to my cifs mount command in my /etc/fstab file.
No other changes are necessary (leave the Docker commands as they are in the official docker-compose.yml).

//my.nas.ip.address/nas-share /mnt/folder/on/Ubuntu/VM cifs uid=33,gid=33,credentials=/home/faiz/.cifs_creds,iocharset=utf8 0 0

Specifically the uid=33,gid=33 part above.
This is because lancache-monolithic uses the www-user to create additional folders under the cache folder. This user's uid and gid are 33.

If you're not familiar with mounting CIFS shares with the /etc/fstab file, you can read more here.
https://wiki.ubuntu.com/MountWindowsSharesPermanently#Mount_password_protected_network_folders

Answer 2

i believe you can solve this problem in 2 steps:

1. Get your host user uid and gid with command:

   id -u && id -g

2. Add -u to you run command [Username or UID (format: <name|uid>[:<group|gid>])]

Ex. Lets say your host user has UID=1000 and GID=1000 your docker run command should be:

docker run \
--restart unless-stopped \
--name lancache \
-v /mnt/steamcache/CacheServer/cache:/data/cache \
-v /mnt/steamcache/CacheServer/logs:/data/logs \
-p My-Server-IP:80:80 \
-u 1000:1000 \
lancachenet/monolithic:latest

Or to put it all together:

docker run \
--restart unless-stopped \
--name lancache \
-v /mnt/steamcache/CacheServer/cache:/data/cache \
-v /mnt/steamcache/CacheServer/logs:/data/logs \
-p My-Server-IP:80:80 \
-u "$(id -u):$(id -g)" \
lancachenet/monolithic:latest

Doing that you are avoiding a lot of permission errors between docker container and host.