'Permission denied' when trying to mount a SAMBA share for Docker Pi-hole

mchlschlz · July 17, 2022, 10:32am

I am experiencing a similar issue. Trying to run PiHole on Debian with the following docker-compose.yml file:

version: "3"

services:
  pihole:
    container_name: pihole
    image: pihole/pihole:latest
    # For DHCP it is recommended to remove these ports and instead add: network_mode: "host"
    # ports:
    #   - "53:53/tcp"
    #   - "53:53/udp"
    #   - "67:67/udp" # Only required if you are using Pi-hole as your DHCP server
    #   - "80:80/tcp"
    network_mode: "host"
    environment:
      TZ: 'Europe/Berlin'
      PIHOLE_UID: 1000
      PIHOLE_GID: 1000
      WEBPASSWORD: '1234'
    # Volumes store your data between container upgrades
    volumes:
      - "/home/michael/homelab/docker/pihole:/etc/pihole"
      - "/home/michael/homelab/docker/pihole:/etc/dnsmasq.d"
    #   https://github.com/pi-hole/docker-pi-hole#note-on-capabilities
    cap_add:
      - NET_ADMIN # Required if you are using Pi-hole as your DHCP server, else not needed
    restart: unless-stopped

When doing a docker-compose up the process is being killed automatically and loops in a restart process indefinitely:

sudo docker-compose up   
Pulling pihole (pihole/pihole:latest)...
latest: Pulling from pihole/pihole
42c077c10790: Pull complete
858cbeb930ec: Pull complete
4f4fb700ef54: Pull complete
01cae41a2fda: Pull complete
984b787b496f: Pull complete
c48dab7e362c: Pull complete
3a176fad8719: Pull complete
5dc7355bea16: Pull complete
3734d50778a6: Pull complete
Digest: sha256:f7624f452b7a6320405b6ff00a9ed253d99fd33a22abced1954633ceb5bae24e
Status: Downloaded newer image for pihole/pihole:latest
Creating pihole ... done
Attaching to pihole
pihole    | [s6-init] making user provided files available at /var/run/s6/etc...exited 0.
pihole    | [s6-init] ensuring user provided files have correct perms...exited 0.
pihole    | [fix-attrs.d] applying ownership & permissions fixes...
pihole    | [fix-attrs.d] 01-resolver-resolv: applying... 
pihole    | [fix-attrs.d] 01-resolver-resolv: exited 0.
pihole    | [fix-attrs.d] done.
pihole    | [cont-init.d] executing container initialization scripts...
pihole    | [cont-init.d] 05-changer-uid-gid.sh: executing... 
pihole    | Changing ID for user: pihole (999 => 1000)
pihole    | Changing ID for group: pihole (999 => 1000)
pihole    | [cont-init.d] 05-changer-uid-gid.sh: exited 0.
pihole    | [cont-init.d] 20-start.sh: executing... 
pihole    |  ::: Starting docker specific checks & setup for docker pihole/pihole
pihole    | 
pihole    |   [i] Installing configs from /etc/.pihole...
pihole    |   [i] Existing dnsmasq.conf found... it is not a Pi-hole file, leaving alone!
  [✓] Installed /etc/dnsmasq.d/01-pihole.conf
  [✓] Installed /etc/dnsmasq.d/06-rfc6761.conf
pihole    | Creating empty /etc/pihole/setupVars.conf file.
pihole    | Configuring default DNS servers: 8.8.8.8, 8.8.4.4
pihole    | ::: Assigning password defined by Environment Variable
pihole    |   [✓] New password set
pihole    | DNSMasq binding to default interface: eth0
pihole    | /opt/pihole/utils.sh: line 56: /etc/dnsmasq.d/01-pihole.conf: Permission denied
pihole    | [cont-init.d] 20-start.sh: exited 1.
pihole    | [cont-finish.d] executing container finish scripts...
pihole    | [cont-finish.d] done.
pihole    | [s6-finish] waiting for services.
pihole    | [s6-finish] sending all processes the TERM signal.
pihole    | [s6-finish] sending all processes the KILL signal and exiting.

The service volume path is a CIFS/SMB share which has been configured in /etc/fstab like:

//saturn/homelab /home/michael/homelab cifs username=xxx,password=xxx,uid=1000,gid=1000 0 0

The CIFS/SMB share is managed by TrueNAS with ACLs set up in a way that the group has full control.

When starting the deployment, I have noticed that the 01-pihole.conf file (which spawns a Permission denied above) has writing disabled:

ls -la
total 48
drwxr-xr-x 2 michael michael    0 Jul 17 12:24 .
drwxr-xr-x 2 michael michael    0 Jul 16 21:38 ..
-r-xr-xr-x 1 michael michael 1337 Jul 17 12:24 01-pihole.conf
-rwxr-xr-x 1 michael michael 2190 Jul 17 12:24 06-rfc6761.conf
-rwxr-xr-x 1 michael michael    0 Jul 17 12:09 custom.list
-rwxr-xr-x 1 michael michael  651 Jul 17 12:24 dns-servers.conf
-rwxr-xr-x 1 michael michael 1153 Jul 17 01:09 docker-compose.yml
-rwxr-xr-x 1 michael michael   20 Jul 16 20:36 environmetnvar
drwxr-xr-x 2 michael michael    0 Jul 16 22:03 etc
-rwxr-xr-x 1 michael michael   20 Jul 17 12:24 localbranches
-rwxr-xr-x 1 michael michael   43 Jul 17 12:24 localversions
-r-xr-xr-x 1 michael michael  132 Jul 17 12:24 pihole-FTL.conf
-r-xr-xr-x 1 michael michael  192 Jul 17 12:24 setupVars.conf
-rwxr-xr-x 1 michael michael  192 Jul 17 12:24 setupVars.conf.update.bak

Additionally, I have tried to set up the CIFS/SMB share directly within Docker like:

volumes:
  homelab:
    driver_opts:
      type: cifs
      device: "//saturn/homelab/docker/pihole"
      o: "addr=saturn,username=xxx,password=xxx,uid=1000,gid=1000"

But it spawns the same 'Persmission Denied' error like above.

I am lost at this point and would appreciate any help.

mchlschlz · August 1, 2022, 12:02pm

I have solved this issue by moving away from Samba for sharing/storing the files. I would recommend using NFS instead as it allows the chown / ownership change which seems to be the root cause here.

system · August 22, 2022, 5:06pm

This topic was automatically closed 21 days after the last reply. New replies are no longer allowed.