Docker Community Forums

Share and learn in the Docker community.

A workaround for .NET writing to CIFS volume yielding empty file and "Access to the path '...' is denied"

Just a heads up about using .NET Core to write to CIFS network shares.

If you’re seeing empty files being created, followed by Access to the path '...' is denied when trying to write to the newly created file (possibly not showing until the buffer is flushed upon closing/disposing the writer), then maybe you’re running into the September 2020 issue Write CIFS file 'permission denied' (Linux) · Issue #42790 · dotnet/runtime · GitHub.

The good news, an April 2021 comment may help without changing any code:

I managed to work around it by mounting our cifs shares using the nobrl option. From https://linux.die.net/man/8/mount.cifs:

nobrl
Do not send byte range lock requests to the server. This is necessary for certain applications that break with cifs style mandatory byte range locks (and most cifs servers do not yet support requesting advisory byte range locks).

(This poor commenter ran into the bug after upgrading the OS on their hosts, so with unchanged .NET code that worked just fine until then. When you can change the .NET code, then see also the other comments in the GitHub issue, referring to using FileShare.None.)

This workaround works for me in Docker Compose (with .NET Core in a Linux container, on a Windows/Hyper-V host running Docker Desktop):

# See https://github.com/dotnet/runtime/issues/42790#issuecomment-817758887
# for use of "nobrl"
volumes:
  cifs-data:
    driver: local
    driver_opts:
      type: cifs
      device: "//servername/path/to/data"
      o: "addr=servername,username=johndoe,password=s=cr3t,nobrl"

Aside, indeed the real password also includes an = character. And apparently using a secrets file is not supported for CIFS in Compose.