I’m running into a frustrating problem. I’ve got a fresh Ubuntu 22.04 setup with Docker, docker-rootless and docker-compose. I’m trying to get sabnzbd and the *arrs working, but I’m a bit confused. I have PUID/PGID set to 1000 in the environment blocks of each of the containers. When I enter into bash of the abc user, I notice the UID is 1000 and GID is 1001. When I touch /shareVolume/testFromContainer.txt, that file shows as ownership/UID-GID of 100999. Thusly, other containers can’t read the files it writes. Also, Radarr can’t read my movies folder because of the permissions issues.
I should note that the folders in question are (movies) NFS shares and an SSD added via KVM, mounted via fstab. I feel like I’ve tried everything, but I don’t know what I’m looking for at this point. Any help would be appreciated.
What the OP described is not a bug or limitation but it’s fundamentally how rootless docker works; it remaps the userns to segregate it from the host users.
Sorry, I may have mis-communicated. I am trying to run the sabnzbd container in rootless docker, and when I set the --user=1001:1001 variable, the web UI becomes inaccessible.
My main problem is the mount binding, the media folder on the host is a SMB mount, the nonroot user (1001) has all the correct permissions, sabnzbd sees the folder, reads it just fine, but is unable to write to it.
Because, as I said, rootless docker performs userns remapping. 1001:1001 in a rootless container is not 1001:1001 on the host (or indeed anywhere else).
That aside, if you’re already running in rootless docker, why are you also running the container as a different uid? There’s no point as your container is already running as an unprivileged user.
There are a few options, including disabling userns remapping for your rootless docker environment. Usually the simplest is to use root as your running user, which maps to whichever uid is running the rootless docker environment (typically 1000 or 100 depending on distro but it could be anything). This is all outside the scope of our support, however, if you’re using rootless docker it’s expected that you understand how it operates and the limitations it imposes by design.