Ubuntu 22.04 - Rootless docker-compose sabnzbd writes as incorrect UID

I’m running into a frustrating problem. I’ve got a fresh Ubuntu 22.04 setup with Docker, docker-rootless and docker-compose. I’m trying to get sabnzbd and the *arrs working, but I’m a bit confused. I have PUID/PGID set to 1000 in the environment blocks of each of the containers. When I enter into bash of the abc user, I notice the UID is 1000 and GID is 1001. When I touch /shareVolume/testFromContainer.txt, that file shows as ownership/UID-GID of 100999. Thusly, other containers can’t read the files it writes. Also, Radarr can’t read my movies folder because of the permissions issues.

I should note that the folders in question are (movies) NFS shares and an SSD added via KVM, mounted via fstab. I feel like I’ve tried everything, but I don’t know what I’m looking for at this point. Any help would be appreciated.

We don’t support rootless docker. PUID/PGID is our version of dropping privileges for the app. The container needs to run as root.

Hello, has this changed since 2023 or does the container still need to run as root?

some of our containers work rootless, check the container readme’s. if they support rootless or read-only, it’ll say

What the OP described is not a bug or limitation but it’s fundamentally how rootless docker works; it remaps the userns to segregate it from the host users.

Most of our containers can run rootless. Some of our containers can run as a non-root user, see Running Containers As A Non-Root User - LinuxServer.io for more details on that.

Sorry, I may have mis-communicated. I am trying to run the sabnzbd container in rootless docker, and when I set the --user=1001:1001 variable, the web UI becomes inaccessible.
My main problem is the mount binding, the media folder on the host is a SMB mount, the nonroot user (1001) has all the correct permissions, sabnzbd sees the folder, reads it just fine, but is unable to write to it.

Any help on that is great appreciated.

Because, as I said, rootless docker performs userns remapping. 1001:1001 in a rootless container is not 1001:1001 on the host (or indeed anywhere else).

That aside, if you’re already running in rootless docker, why are you also running the container as a different uid? There’s no point as your container is already running as an unprivileged user.

I just want to clarify I am talking about running the container in rootless docker, not running the container as a non root user.

So from what I am understanding, you do not want me to set the PGID=1001 and PUID=1001 because these values inside container <> on host.

Then how do I ensure sabnzbd is able to write to /home/plexuser/data/usenet folder which is owned by and has permissions from user 1001 on the host.

I am mounting it as follows:
/home/plexuser/data/usenet:/data/usenet:rw

sabnzbd sees the folder, but cannot write to it.

There are a few options, including disabling userns remapping for your rootless docker environment. Usually the simplest is to use root as your running user, which maps to whichever uid is running the rootless docker environment (typically 1000 or 100 depending on distro but it could be anything). This is all outside the scope of our support, however, if you’re using rootless docker it’s expected that you understand how it operates and the limitations it imposes by design.

ok thanks. I will see what I can do.