File permissions issue with i2psnark and i2p in docker with file shares on Linux
Posted: 18 Feb 2024 18:14
I am stumped by a file permission issue with i2p when running in docker (Kubernetes) and writing to a CIFS file share. I am also seeing permissinos issues when writing the i2p config directory (.i2p) to the file share, but one thing at a time...). I have set all files and directories in the i2psnark directory to be owned by the i2p user and group (and forced the user and group within the docker container). I am trying to write to a files hare with a default mask of 770.
When I manually exec into the docker container and try to create files and directories it works fine, but when i2psnark tries to create files I get the following error in the i2psnark UI: "Error on torrent Magnet <magnet id> (<directory name>): Could not create file for Magnet <magnet id> (<magnet name>): java.io.IOException: Permission denied". I have not found a good place to pull the full error from the logs, but I can do that if someone can point me in the right direction.
Is i2p doing something weird with file permissions or groups?
The torrent directory permissions are (as viewed on the host system):
where 1040 is the i2p user and 65536 is the i2p group (se ebelow)
Inside the container, my uid and gid look right (although granted the container doesn't know the names of the user/group, but that shouldn't be a problem):
i2p is running as this user in the container as well:
inside the container I can create files just fine:
I was running into a similar issue with the .i2p directory and I resolved that by moving it off the file share in the short term, but I want to move it back and I don't have space to put the i2psnark directory on local disk.
When I manually exec into the docker container and try to create files and directories it works fine, but when i2psnark tries to create files I get the following error in the i2psnark UI: "Error on torrent Magnet <magnet id> (<directory name>): Could not create file for Magnet <magnet id> (<magnet name>): java.io.IOException: Permission denied". I have not found a good place to pull the full error from the logs, but I can do that if someone can point me in the right direction.
Is i2p doing something weird with file permissions or groups?
The torrent directory permissions are (as viewed on the host system):
Code: Select all
drwxrwx--- 2 1040 65536 0 Feb 15 15:34 i2ptorrents
Inside the container, my uid and gid look right (although granted the container doesn't know the names of the user/group, but that shouldn't be a problem):
Code: Select all
/i2p $ whoami
whoami: unknown uid 1040
/i2p $ groups
65536groups: unknown ID 65536
Code: Select all
/i2psnark $ ps -fe
PID USER TIME COMMAND
1 1040 0:00 {startapp.sh} /bin/sh /startapp.sh
7 1040 0:59 java -cp .:lib/addressbook.jar:lib/commons-el.jar:lib/desktopgui.jar:lib/i2p.jar:lib/i2psnark.jar:lib/i2ptunnel.jar:lib/jasper-runtime.jar:lib/javax.servlet.jar:lib/jbigi.jar:lib/
279 1040 0:00 /bin/sh
297 1040 0:00 ps -fe
Code: Select all
/i2psnark $ touch test
/i2psnark $ ls -lah test
-rwxrwx--- 1 1040 65536 0 Feb 15 23:45 test