starting as non root user
hello i want to start immich as a non-root user
this is my docker compose:
services:
immich-server:
container_name: immich_server
image: ghcr.io/immich-app/immich-server:${IMMICH_VERSION:-release}
hostname: immich-server
user: "1000:1000"
security_opt:
- no-new-privileges:true
volumes: - {{immich_upload}}:/usr/src/app/upload - /etc/localtime:/etc/localtime:ro env_file: - .env depends_on: - redis - database restart: always root@lxc-docker:/docker/data/media# ps aux | grep immich-server root 689257 0.0 0.0 3472 1792 pts/1 S+ 19:19 0:00 grep --color=auto immich-server Seems like the user: 1000:1000 is not really doing what its supposed to do This is the error in my logs microservices worker error: Error: Failed to read "<UPLOAD_LOCATION>/library/.immich - Please see https://immich.app/docs/administration/system-integrity#folder-checks for more information." My upload location is a sambafolder, on which i can write without any issues with touch test.txt directly in the shell (root@lxc-docker)
volumes: - {{immich_upload}}:/usr/src/app/upload - /etc/localtime:/etc/localtime:ro env_file: - .env depends_on: - redis - database restart: always root@lxc-docker:/docker/data/media# ps aux | grep immich-server root 689257 0.0 0.0 3472 1792 pts/1 S+ 19:19 0:00 grep --color=auto immich-server Seems like the user: 1000:1000 is not really doing what its supposed to do This is the error in my logs microservices worker error: Error: Failed to read "<UPLOAD_LOCATION>/library/.immich - Please see https://immich.app/docs/administration/system-integrity#folder-checks for more information." My upload location is a sambafolder, on which i can write without any issues with touch test.txt directly in the shell (root@lxc-docker)
8 Replies
:wave: Hey @zuckerpapi.eth,
Thanks for reaching out to us. Please carefully read this message and follow the recommended actions. This will help us be more effective in our support effort and leave more time for building Immich :immich:.
References
- Container Logs:
docker compose logs docs
- Container Status: docker ps -a docs
- Reverse Proxy: https://immich.app/docs/administration/reverse-proxy
- Code Formatting https://support.discord.com/hc/en-us/articles/210298617-Markdown-Text-101-Chat-Formatting-Bold-Italic-Underline#h_01GY0DAKGXDEHE263BCAYEGFJA
Checklist
I have...
1. :blue_square: verified I'm on the latest release(note that mobile app releases may take some time).
2. :blue_square: read applicable release notes.
3. :blue_square: reviewed the FAQs for known issues.
4. :blue_square: reviewed Github for known issues.
5. :blue_square: tried accessing Immich via local ip (without a custom reverse proxy).
6. :blue_square: uploaded the relevant information (see below).
7. :blue_square: tried an incognito window, disabled extensions, cleared mobile app cache, logged out and back in, different browsers, etc. as applicable
(an item can be marked as "complete" by reacting with the appropriate number)
Information
In order to be able to effectively help you, we need you to provide clear information to show what the problem is. The exact details needed vary per case, but here is a list of things to consider:
- Your docker-compose.yml and .env files.
- Logs from all the containers and their status (see above).
- All the troubleshooting steps you've tried so far.
- Any recent changes you've made to Immich or your system.
- Details about your system (both software/OS and hardware).
- Details about your storage (filesystems, type of disks, output of commands like fdisk -l and df -h).
- The version of the Immich server, mobile app, and other relevant pieces.
- Any other information that you think might be relevant.
Please paste files and logs with proper code formatting, and especially avoid blurry screenshots.
Without the right information we can't work out what the problem is. Help us help you ;)
If this ticket can be closed you can use the /close command, and re-open it later if needed.You need to make sure the user you're setting has permissions to access the files
My upload location is a sambafolder, on which i can write without any issues with touch test.txt directly in the shell (root@lxc-docker)
Yeah and your shell is running as root
the samba folder is mounted with 1000.1000 in proxmox if the uid/guid doesnt match you cant write
the same puid/guid worked perfectly fine when migrating my arr-stack so i guess that is not the issue
root@lxc-docker:/docker/data/media# ps aux | grep immich-server
root 706837 0.0 0.0 3472 1792 pts/1 S+ 19:28 0:00 grep --color=auto immich-server
this seems to be the issue since i specify specifically user 1000: 1000 and it uses root
here an example with radarr
root@lxc-docker:/docker/data/media# ps aux | grep radarr
root 24409 0.0 0.0 216 0 ? S 11:24 0:00 s6-supervise svc-radarr
stefan 24891 0.0 2.3 2482008 194924 ? Ssl 11:24 2:49 /app/radarr/bin/Radarr -nobrowser -data=/config
root 709594 0.0 0.0 3604 1920 pts/1 S+ 19:30 0:00 grep --color=auto radarr
stefan is 1000
root@lxc-docker:/docker/data/media# docker exec -it immich_server /bin/bash
node@Immich-server:/usr/src/app$ whoami
node
node@Immich-server:/usr/src/app$ id
uid=1000(node) gid=1000(node) groups=1000(node)
node@Immich-server:/usr/src/app$ cd upload
node@Immich-server:/usr/src/app/upload$ ls
backups encoded-video library profile thumbs upload
node@Immich-server:/usr/src/app/upload$ cd library
node@Immich-server:/usr/src/app/upload/library$ touch test.txt
node@Immich-server:/usr/src/app/upload/library$ ls
admin test.txt
this even worked, so there shouldnt be write/read issues i guess?
We don’t support docker in LXC
So if you need assistance from us you should switch to a VM
Otherwise, this is a deployment issue on your end , user mapping of LXC in docker can be very challenging
Were you using a samba folder from the beginning? It sort of looks like it’s missing a file that it created earlier (failed to read), not a write issue
no my previous setup was on the same host that also hosts the samba share
This thread has been closed. To re-open, use the button below.