Permission denied for migrations when running as non-root
I've been running Immich for a bit over a year now using docker compose, and setting all Immich containers as non-root (user: 1000:1000).
I just had some issues with the breaking 1.133 release (probably related to coincidentally running out of disk space at the same time). I spun up a new postgres container, restored from an Immich db backup, and restarted Immich on v1.132 (pre-breaking change).
Now, any time I try to start the Immich server container not as root, I get this error
Error: EACCES: permission denied, mkdir '/usr/src/app/dist/schema/migrations'. The server boots fine as root user, but I'd like it to run as non-root.
That folder is not mapped as a volume, so it's internal only to the container. Any suggestions on how to get around this?5 Replies
:wave: Hey @Josh K,
Thanks for reaching out to us. Please carefully read this message and follow the recommended actions. This will help us be more effective in our support effort and leave more time for building Immich :immich:.
References
- Container Logs:
docker compose logs docs
- Container Status: docker ps -a docs
- Reverse Proxy: https://immich.app/docs/administration/reverse-proxy
- Code Formatting https://support.discord.com/hc/en-us/articles/210298617-Markdown-Text-101-Chat-Formatting-Bold-Italic-Underline#h_01GY0DAKGXDEHE263BCAYEGFJA
Checklist
I have...
1. :ballot_box_with_check: verified I'm on the latest release(note that mobile app releases may take some time).
2. :ballot_box_with_check: read applicable release notes.
3. :ballot_box_with_check: reviewed the FAQs for known issues.
4. :ballot_box_with_check: reviewed Github for known issues.
5. :ballot_box_with_check: tried accessing Immich via local ip (without a custom reverse proxy).
6. :ballot_box_with_check: uploaded the relevant information (see below).
7. :ballot_box_with_check: tried an incognito window, disabled extensions, cleared mobile app cache, logged out and back in, different browsers, etc. as applicable
(an item can be marked as "complete" by reacting with the appropriate number)
Information
In order to be able to effectively help you, we need you to provide clear information to show what the problem is. The exact details needed vary per case, but here is a list of things to consider:
- Your docker-compose.yml and .env files.
- Logs from all the containers and their status (see above).
- All the troubleshooting steps you've tried so far.
- Any recent changes you've made to Immich or your system.
- Details about your system (both software/OS and hardware).
- Details about your storage (filesystems, type of disks, output of commands like fdisk -l and df -h).
- The version of the Immich server, mobile app, and other relevant pieces.
- Any other information that you think might be relevant.
Please paste files and logs with proper code formatting, and especially avoid blurry screenshots.
Without the right information we can't work out what the problem is. Help us help you ;)
If this ticket can be closed you can use the /close command, and re-open it later if needed.
I'm going to check "latest version" in the checklist, but I dn't actually want to update to the 1.133 breaking change until I get this issue figured out
Successfully submitted, a tag has been added to inform contributors. :white_check_mark:
I ended up replacing this line in my
immich_server docker compose config
with this
I'm still curious if there's a better way, and this may break at some point if there's any other files that assume root access.Why is
In your immich-server and redis containers?
You are not using valkey yet
You are still on the old pgvector image for the database