File permissions issue with i2psnark and i2p in docker with file shares on Linux

[greensunset]

I am stumped by a file permission issue with i2p when running in docker (Kubernetes) and writing to a CIFS file share. I am also seeing permissinos issues when writing the i2p config directory (.i2p) to the file share, but one thing at a time...). I have set all files and directories in the i2psnark directory to be owned by the i2p user and group (and forced the user and group within the docker container). I am trying to write to a files hare with a default mask of 770.

When I manually exec into the docker container and try to create files and directories it works fine, but when i2psnark tries to create files I get the following error in the i2psnark UI: "Error on torrent Magnet <magnet id> (<directory name>): Could not create file for Magnet <magnet id> (<magnet name>): java.io.IOException: Permission denied". I have not found a good place to pull the full error from the logs, but I can do that if someone can point me in the right direction.

Is i2p doing something weird with file permissions or groups?

The torrent directory permissions are (as viewed on the host system):

Code: Select all

drwxrwx--- 2 1040 65536 0 Feb 15 15:34 i2ptorrents

where 1040 is the i2p user and 65536 is the i2p group (se ebelow)

Inside the container, my uid and gid look right (although granted the container doesn't know the names of the user/group, but that shouldn't be a problem):

Code: Select all

/i2p $ whoami
whoami: unknown uid 1040
/i2p $ groups
65536groups: unknown ID 65536

i2p is running as this user in the container as well:

Code: Select all

/i2psnark $ ps -fe
PID   USER     TIME  COMMAND
    1 1040      0:00 {startapp.sh} /bin/sh /startapp.sh
    7 1040      0:59 java -cp .:lib/addressbook.jar:lib/commons-el.jar:lib/desktopgui.jar:lib/i2p.jar:lib/i2psnark.jar:lib/i2ptunnel.jar:lib/jasper-runtime.jar:lib/javax.servlet.jar:lib/jbigi.jar:lib/
  279 1040      0:00 /bin/sh
  297 1040      0:00 ps -fe

inside the container I can create files just fine:

Code: Select all

/i2psnark $ touch test
/i2psnark $ ls -lah test
-rwxrwx---    1 1040     65536          0 Feb 15 23:45 test

I was running into a similar issue with the .i2p directory and I resolved that by moving it off the file share in the short term, but I want to move it back and I don't have space to put the i2psnark directory on local disk.

[greensunset]

Following up.

I was able to sort of solve this by setting "file_mode=0666,dir_mode=0777" on the network mount in /etc/fstab, enabling "Files readable by all" in i2psnark, and then removing the directories for the torrents that had been created when they I tried to start them previously.

So far this seems to be working, although file permissions are much more open than I would prefer.