Container Can Read from Mounted Volume, but Cannot Write

[Rvby1]

Hey, y'all.

I have a number of containers running on an Ubuntu VM. The containers are mostly running fine, but I noticed that while they can read from the NAS dataset, they can't write to it. I'm trying to figure out why.

The NAS dataset is configured with NSFv4 permissions. The user rvby1 has full control of the dataset, and the dataset is shared via an SMB share. I have a directory set up to mount the SMB share via CIFS using the user rvby1, located at /media-vault/.

The containers are being run by the user rvby on the host VM, which has a UID of 1000 and a GID of 1000. The containers have an environment variable that marks the PUID as 1000 and the PGID as 1000. The containers have a volume that points at the mounted directory, /media-vault/.

If I exec into the container's bash, I can access the mounted volume and write to it without any errors. I can also cd into the /media-vault/ directory and write there without issues.

However, the container's apps can't write to the directory.

Here is an example config

calibre:
image: ghcr.io/linuxserver/calibre
container_name: calibre
environment:
- PUID=1000
- PGID=1000
- UMASK=002
- TZ=America/Los_Angeles
volumes:
- /opt/docker/container-data/calibre/config:/config
- /opt/docker/container-data/calibre/plugins:/plugins
- /media-vault/libraries/calibre:/books
- /media-vault/downloads/books:/upload
ports:
- 8082:8080
restart: unless-stopped

Anyone have any idea on what might be happening?

 

[Rvby1]

Just for some added context, here is some further information on the setup. I've attached an image of my dataset's permissions as well as the mount configuration.

The user rvby1 on my server has a UID of 3000. The group media-vault-access has a GID of 3000.

Per a suggestion from elsewhere, I did try to set the UID and GID to 3000 in the docker compose, but this didn't seem to fix the problem. I can still only read from the containers, but not write.

To clarify, shouldn't my NFS permissions be blocking any user who isn't either rvby1 or a member of the media-vault-access group from both reading and writing? That's part of what's confusing me about this issue--that I can read, but not write.

 

[Rvby1]

Okay, I think I figured it out! Seems the SMB mount isn't quite as simple as I thought it was. Basically, it was being mounted as `root:root` with a `file_mode` of 0665 by default. This gave `others` the abilty to read and execute, but not write. Since the share was owned by `root`, not `rvby`, this caused me to be unable to write, even though I could read. I swear that I was able to write before, but maybe I somehow had sudo lingering around on my write.
Anyway, using this as my mount in `etc/fstab` fixed my problem:
//10.0.0.19/media-vault /media-vault cifs rw,credentials=/home/rvby/.credentials,file_mode=0770,dir_mode=0770,uid=1000,gid=1000,nobrl
This sets `root` and the `owner` to be able to read, write, and execute. It also made the user with the uid+gid of 1000, which belong to `rvby` into the owner of the mount. This mostly resolved my issue. nobrl fixes some DB access issues I was having with Calibre.