Onedrive Docker - Dataset Permissions

andyjay777 · November 19, 2024, 4:08am

I have been been trying to get the OneDrive (driveone/onedrive) docker running… while I have made some progress I think I have some residual permission issues which is preventing this from working.

Intial run
Using the -interactive switch to generate the authentication link
Then running:

services:
    onedrive:
        image: driveone/onedrive:latest
        restart: unless-stopped
        environment:
            - ONEDRIVE_UID=3005
            - ONEDRIVE_GID=3002
            - ONEDRIVE_AUTHRESPONSE=”(url here)”
            - ONEDRIVE_RESYNC=1
        volumes: 
            - /mnt/FastPool/Docker/OneDrive-AJ:/onedrive/conf
            - /mnt/FastPool/Data/OneDrive/OneDrive-AJ:onedrive/data

For those who have this working, can you share any tips on which permissions to apply to which dataset?

The docker can create the directories, but is not able to write the actual files.
Error: The local file system returned an error with the following message:
Error Message: Operation not permitted

Permissions for “conf”

Permissions for “data”

bacon · November 19, 2024, 10:36am

Permission issues are always fun.

First, try running the container as the user 3005:3002 by augmenting your compose file:

...
image: driveone/onedrive:latest
user: 3005:3002
...

It likely doesn’t solve the issue, but it’s good practice. It also avoids the entryscript trying to chown the directory, which can mess up the permissions.

Can you post the output of the following commands:

sudo nfs4xdr_getfacl -n /mnt/FastPool/Docker/OneDrive-AJ
sudo nfs4xdr_getfacl -n /mnt/FastPool/Data/OneDrive/OneDrive-AJ

Those will show the full ACL. The screenshots only show them partially.

andyjay777 · November 20, 2024, 8:25am

I have tried running at user 3005:3002… but the container does not start. Well it starts running, but RAM usage stays low then it stops after 20 secs. There is nothing in the terminal of the container.

I think this is because the contrainer location (default ix-apps) needs to be run as 586, and there is nothing in the compose file about where the container is located (the mapped paths are for the config database and onedrive data itself).

I suspect the above is the reason this is not working… the app is running as user 586, but needs to be running as 3005:3002.

Outputs of folder permssions below.

root@truenas[~]# sudo nfs4xdr_getfacl -n /mnt/FastPool/Docker/OneDrive-AJ
# File: /mnt/FastPool/Docker/OneDrive-AJ
# owner: 3005
# group: 3002
# mode: 0o40770
# trivial_acl: false
# ACL flags: none
          user:568:rwxpDdaARWc--s:fd-----:allow
         user:3005:rwxpDdaARWc--s:fd-----:allow
            owner@:rwxpDdaARWcCos:fd----I:allow
            group@:rwxpDdaARWc--s:fd----I:allow
         group:545:rwxpDdaARWc--s:fd----I:allow
          user:568:rwxpDdaARWc--s:fd----I:allow

root@truenas[~]# sudo nfs4xdr_getfacl -n /mnt/FastPool/Data/OneDrive/OneDrive-AJ
# File: /mnt/FastPool/Data/OneDrive/OneDrive-AJ
# owner: 3005
# group: 3002
# mode: 0o40000
# trivial_acl: false
# ACL flags: none
         user:3001:rwxpDdaARWc--s:fd----I:allow
         group:545:rwxpDdaARWc--s:fd----I:allow
         group:544:rwxpDdaARWcCos:fd----I:allow
         user:3000:rwxpDdaARWcCos:fd----I:allow
         user:3002:rwxpDdaARWc--s:fd----I:allow
         user:3004:rwxpDdaARWc--s:fd----I:allow

andyjay777 · November 20, 2024, 8:31am

Guidence on the onedrive_data location.

bacon · November 20, 2024, 10:18am

The container location does not matter for permissions. It does not have to be ran as user 586. Though I do not know why it doesn’t start.

In your ACL for /mnt/FastPool/Data/OneDrive/OneDrive-AJ the user 3005 is not given any permissions. Nor is any permission given to group 3002. You either have to give permission to the user 3005 or to the group 3002.

Your ACL for /mnt/FastPool/Docker/OneDrive-AJ looks good, you are giving permission for user 3005 and it will be inherited for both files and directories.

andyjay777 · November 21, 2024, 2:51am

I stripped the ACL from the dataset and allocated 3005:3002 as the owner using unix permissions. It works now!!! Thank you so much.

For completeness, output of permissions for the problem dataset.

# File: /mnt/FastPool/Data/OneDrive/OneDrive-AJ
# owner: 3005
# group: 3002
# mode: 0o40000
# trivial_acl: false
# ACL flags: none
         user:3001:rwxpDdaARWc--s:fd----I:allow
         group:545:rwxpDdaARWc--s:fd----I:allow
         group:544:rwxpDdaARWcCos:fd----I:allow
         user:3000:rwxpDdaARWcCos:fd----I:allow
         user:3002:rwxpDdaARWc--s:fd----I:allow
         user:3004:rwxpDdaARWc--s:fd----I:allow

I still don’t get why 3005:3002 are not shown in the ACL flags list. Hhhmmm…

bacon · November 21, 2024, 7:43am

Just curious, did the webui show user 3005? Also what username is associated with that id? In the screenshot you only had three users that have access, but the console output has four.

andyjay777 · November 21, 2024, 8:38am

This is the user:

And these are the permissions in the GUI:

It’s great it works… but things don’t really add up either (which means it will most likely break in future).