Running as non-root: Can I just chown `library` & `postgres`?
In the documentation , it says: "You may need to add mount points or docker volumes for the following internal container paths:"
Instead of manually adding mount points, can I simply proceed as follows?
1. Add:
user: felix:felix to all containers: immich-server, immich-machine-learning, redis, and database
2. (Add the recommended snippet for futher hardening to each container. See documentation This snippet sets security_opt and cap_drop.)
3. Change owner: chown -R felix:felix library/ postgres/
4. Restart Immich: docker compose up -d --force-recreate
I already have a running setup, currently as root and tens of thousands of raw image files indexed.9 Replies
:wave: Hey @feklee,
Thanks for reaching out to us. Please carefully read this message and follow the recommended actions. This will help us be more effective in our support effort and leave more time for building Immich :immich:.
References
- Container Logs:
docker compose logs docs
- Container Status: docker ps -a docs
- Reverse Proxy: https://immich.app/docs/administration/reverse-proxy
- Code Formatting https://support.discord.com/hc/en-us/articles/210298617-Markdown-Text-101-Chat-Formatting-Bold-Italic-Underline#h_01GY0DAKGXDEHE263BCAYEGFJAChecklist
I have...
1. :ballot_box_with_check: verified I'm on the latest release(note that mobile app releases may take some time).
2. :ballot_box_with_check: read applicable release notes.
3. :ballot_box_with_check: reviewed the FAQs for known issues.
4. :ballot_box_with_check: reviewed Github for known issues.
5. :blue_square: tried accessing Immich via local ip (without a custom reverse proxy).
6. :ballot_box_with_check: uploaded the relevant information (see below).
7. :blue_square: tried an incognito window, disabled extensions, cleared mobile app cache, logged out and back in, different browsers, etc. as applicable
(an item can be marked as "complete" by reacting with the appropriate number)
Information
In order to be able to effectively help you, we need you to provide clear information to show what the problem is. The exact details needed vary per case, but here is a list of things to consider:
- Your docker-compose.yml and .env files.
- Logs from all the containers and their status (see above).
- All the troubleshooting steps you've tried so far.
- Any recent changes you've made to Immich or your system.
- Details about your system (both software/OS and hardware).
- Details about your storage (filesystems, type of disks, output of commands like
fdisk -l and df -h).
- The version of the Immich server, mobile app, and other relevant pieces.
- Any other information that you think might be relevant.
Please paste files and logs with proper code formatting, and especially avoid blurry screenshots.
Without the right information we can't work out what the problem is. Help us help you ;)
If this ticket can be closed you can use the /close command, and re-open it later if needed.GitHub
immich-app immich · Discussions
Explore the GitHub Discussions forum for immich-app immich. Discuss code, ask questions & collaborate with the developer community.
FAQ | Immich
User
GitHub
Issues · immich-app/immich
High performance self-hosted photo and video management solution. - Issues · immich-app/immich
That should work. Take good backups and make sure you add all the extra paths from the docs
Should probably stop immich first
Not all those mounts are present by default
Why add the extra paths? (this is what I want to avoid)
It’s required for non root. You’re welcome to try without and let us know if it works though
Non root is mostly trial and error to see what works
But aren't those paths pointing to sub directories of
library and postgres? Then it should be sufficient to chown these. The person who wrote that FAQ entry should know.I wrote that entry. I don’t know what you mean by “sub directories”
Again, feel free to try and let us know if we can reduce the mount points
Library is mapped to /usr/src/app/upload in the immich server. Postgres is mapped to the Postgres data. The other mounts are in totally separate containers (Redis and ML)
OK, if the author of the FAQ entry says it's trial and error, then I better trust that. 😄 Well, thanks! I also should learn a bit about what Docker is actually doing. I'm a n00b where it comes to Docker.
I mean I did that some time ago and all of them are non-immich dependencies. So it’s not impossible that they would have changed