Synology Docker Setup- Unable to mount /photo share as ps_originals_dir? Error: access denied mkdir

Hi all and thx in advance!

I’m running into a permission issue moving my ps_originals_dir to the synology photo monitored folder = “/volume1/photo”.

Screenshot of setting change:

This is the error i get when starting the service: “EACCES: permission denied, mkdir ‘/volume1’”}]}"

Begs the questions:

  1. Who does the photostructure container run as in docker?
  2. Can i use that information to setup explicit permissions on the /volume1/photo share?

***Follow Up:
I’ve attempted to set originalsDir = “/photo” as well. Giving “everyone” access level permissions to it. Restarted docker and it still errors out with permission error:

“{“ts”:1651596463678,“l”:“error”,“ctx”:“Error”,“msg”:“onError(): Error: code EACCES: EACCES: permission denied, mkdir ‘/photo’\nError: EACCES: permission denied, mkdir ‘/photo’”,“meta”:{“event”:“fatal”,“message”:“Library setup failed: see https://photostructure.com/server/photostructure-for-docker/#docker-volume-setup¹”}}”

Assuming this has more to do with ps wanting to mkdir for a directory that already exists? I’m attempting to apply this suggestion. It’s not working due to error and I’m not sure how to fix =(.

Docker, by default, runs containers as root.

This is a fine default for development, but for general use, you really want to run applications with a “role user,” so if that application is either malware, barware, or has security flaws, the application doesn’t have full access to your entire computer.

PhotoStructure adopted the “PUID/PGID” standard for running as a role user. The documentation for this is here:

https://photostructure.com/server/photostructure-for-docker/#library-ownership

Thank you @mrm , any ideas on this error?

***Follow Up:
I’ve attempted to set originalsDir = “/photo” as well. Giving “everyone” access level permissions to it. Restarted docker and it still errors out with permission error:

“{“ts”:1651596463678,“l”:“error”,“ctx”:“Error”,“msg”:“onError(): Error: code EACCES: EACCES: permission denied, mkdir ‘/photo’\nError: EACCES: permission denied, mkdir ‘/photo’”,“meta”:{“event”:“fatal”,“message”:“Library setup failed: see PhotoStructure | PhotoStructure for Docker}}”

Assuming this has more to do with ps wanting to mkdir for a directory that already exists? I’m attempting to apply this suggestion. It’s not working due to error and I’m not sure how to fix =(.

I suspect you’re getting paths from your host machine and paths within your docker container a bit muddled.

Remember that when PhotoStructure is running within a docker container, it can only see what you “bind-mount” into that container, and the bind-mount paths need to match your docker configuration.

The docker run -v option is $HOST_PATH:$CONTAINER_PATH. PhotoStructure will only see the $CONTAINER_PATH bit: not the $HOST_PATH.

For example, if your docker run command has -v /volume1/photo:/photo, PhotoStructure will only see the /photo path.

(This can be confusing: if you paste your current docker command as well as what you would like to have things configured, I might be able to give better assistance).

@mrm , Thank you for the quick response! you are very prompt and it’s appreciated.

For clarity…I’m unable to get provided docker script to run successfully on my synology. Lot’s of awkward errors that are not really worth diving into. =)

As such I’m using the docker GUI and provided config files for editing originalsDir parameter. Hopefully this is acceptable?

Assuming it’s acceptable to deploy ps via docker GUI AND use settings.toml file to set the originalsDir parameter…Here is a screenshot of my setup:

Screenshot of toml file controlling libraryDir
image

Screenshot of toml file controlling originalsDir

Screenshot of docker GUI volumes:
image

The goal being that my photos stay in their original location /photo while supporting PS’s library capabilities. This same questions was asked and solution’d here

is this helpful?

I think i figured it out =) I needed to add /photo to the volume in docker GUI. This appears to work:

image

Just jumping in here, it may be simpler for you to set PS_ORIGINALS_DIR as an environment flag on the docker GUI instead of having to maintain the .toml file. Personally, I set everything from environment as per the docs here - PhotoStructure | Using environment variables with PhotoStructure

Here is my compose file which may be helpful. Additionally, you can run an ‘id’ command on the command line of your Synology to get the ID number of your user (probably 1026 or similar) and then ensure that is the proper value being mapped to PUID on the container.


  photostructure:
    image: photostructure/server
    container_name: photostructure
    restart: unless-stopped
    networks:
      - $TRAEFIK_NETWORK
    security_opt:
      - no-new-privileges:true
    #runtime: nvidia
    stop_grace_period: 2m
    volumes:
      - $MEDIADIR/photos:/photos
      - $DOCKERDIR/photostructure/library:/ps/library
      - $DOCKERDIR/photostructure/tmp:/ps/tmp
      - $DOCKERDIR/photostructure/config:/ps/config
      - $DOCKERDIR/photostructure/logs:/ps/logs
    environment:
      - TZ
      - PUID
      - PGID
      - UMASK=002
      #- NVIDIA_VISIBLE_DEVICES=all
      #- PS_START_PAUSED=true
      - PS_ORIGINALS_DIR=/photos
      #- PS_STRICT_DEDUPING=true
      - PS_USE_IMAGE_HASHES=false
      #- PS_FFMPEG_TRANSCODE_ARGS=
      - PS_MAX_ASSET_FILE_SIZE_BYTES=5000000000
      - PS_TRANSCODE_VIDEOS=false

Edit: It is implied, but not obvious if you aren’t familiar, that when I say simply - TZ that that stands for - TZ=$TZ but since the name of the declared variable matches my environment file for docker-compose, it works the same way.

1 Like

@adamf , what do you use to execute your compose file? Sorry for newbie question. I was attempting to use ssh + bash. Do I take your compose file and save it as *.sh and execute via bash?

So if you want to use compose, you can, but if you are new to docker or at least docker on synology, I’d avoid it for now and just use the GUI.

What I would recommend you do is take out the pieces of my file and put it into the GUI. Go to the environment tab for example and ensure you’re setting the timezone, user ID, and group ID. Go ahead and screenshot what it already shows then we can help you update it.

The volumes section correlates to your volumes tab.

You can ignore security_opt, networks, and such at this point.

Thank you @adamf !