Immich app permissions to copy to path inside SMB share

Mar 16, 2024
Hello All,

My system: TrueNAS-SCALE-23.10.1. I can provide hardware details, but this problem is all software.

I installed immich a while ago and all worked well. I believe the update to cobia is when my issue started, but I'm not sure, could be the a peculiarity of the app itself.

Anyways, the "library" volume for the app is a path inside a dataset that is a SMB share. Immich uses an "upload" volume as well, so photos upload there first and then get moved to the library. That is a separate volume that isn't shared. The problem is new uploads are stuck in the upload volume. When immich tries to copy a file to the library, it gets errors like "EPerm operation not permitted: copyfile". Immich can still see all the existing files in the library, and when I trigger it to move files again, I can see it create some subfolders that it later deletes likely because they are empty.

If I go into the console for the containers and run "id", they're all running as root/group id=0/0, and also part of the "apps" group 568. The dataset in question is owned by root and has full control permissions. I've also added the apps group with full control to the ACL. From the console inside the app container, I can use touch to create files in the library volume, so it can write too apparently.

So why the error? I've tried changing the app to set the ACL and no luck. Id hate to move this all to a VM and run the containers there.