Accessing Volume data from a Windows 7 PC - Persmission denied

General Discussions General
#1

Hi, I’ve been struggling for over a day trying to get access from a Windows PC to my Docker Volume folders. Whilst this may be a pure samba issue it may be complicated due to using Docker. I’m new to Docker and it’s a year or so since I was last involved in Linux.

So far:

  1. Raspberry Pi 4 with a base image of Raspbian 10 Buster + Asterisk 16.6.1 & FreePBX 15.0.16.22
  2. Installed Docker version 19.03.5, build 633a0ea
  3. Installed Docker-Compose version 1.25.0, build b42d419
  4. Installed Container Portainer 1.22.2
  5. Installed Container Eclipse Mosquitto arm32v7/eclipse-mosquitto:1.6"
  6. Installed Container openHAB 2.4.0

All done as root and all accessible via browser on a Windows 7 PC.

I was following 2 guides github and openhab community

  1. Defined openhab group and user:
  • sudo useradd -r -s /sbin/nologin openhab
  • sudo usermod -a -G openhab pi << later changed pi to openhab

I now realise that one guide said one should explicitly define user & group IDs but I’ve addressed that below.
_
8. Defined Docker-Compose script. The Volume & Environment lines are:

    -v /var/lib/docker/volumes/openhab_data/openhab_addons:/openhab/addons \
    -v /var/lib/docker/volumes/openhab_data/openhab_conf:/openhab/conf \
    -v /var/lib/docker/volumes/openhab_data/openhab_userdata:/openhab/userdata \

  USER_ID: 999
  GROUP_ID: 994

These IDs were confirmed by:

  1. $ stat /var/lib/docker/volumes/openhab_data/
  2. Access: (0755/drwxr-xr-x) Uid: ( 999/ openhab) Gid: ( 994/ openhab)
  3. $ stat /var/lib/docker/volumes/
  4. Access: (0700/drwx------) Uid: ( 0/ root) Gid: ( 0/ root)

In order to edit the openHAB config files within the var/lib/docker/volumes/openhab_data/ folder using Visual Studio Code on a Windows 7 Professional PC, I defined the following Samba config (here’s just the changes to the default samba conf file):

  1. workgroup = OFFICE
  2. wins support = yes
  3. valid users = openhab <<< was valid users = pi, openhab
  4. [openHAB2]
  5. comment=openHAB2
  6. path=/var/lib/docker/volumes/openhab_data
  7. browseable=Yes
  8. writeable=Yes
  9. only guest=no
  10. public=no
  11. create mask=0777
  12. directory mask=0777
  13. valid users = openhab <<<<< was added later but kept under home section as well
  14. force group = openhab <<<<< was added later

In Windows 7 Network using the IP address of the Pi the openHAB2 Share icon appears but I cannot get access:

  1. “Windows cannot access openHAB2 / You do not have permission to access”

Tried $ testparm shows [openHAB2]

  1. [openHAB2]
  2. comment = openHAB2
  3. create mask = 0777
  4. directory mask = 0777
  5. force group = openhab
  6. path = /var/lib/docker/volumes/openhab_data
  7. read only = No
  8. valid users = openhab

And $ ls -l /var/lib/docker/volumes/openhab_data shows:

  1. drwxr-xr-x 2 openhab openhab 4096 Nov 30 21:38 openhab_addons
  2. -rw-r–r-- 1 openhab openhab 770 Dec 3 12:43 openhab-compose-file.yml
  3. drwxr-xr-x 13 openhab openhab 4096 Dec 17 2018 openhab_conf
  4. drwxr-xr-x 8 openhab openhab 4096 Nov 30 21:39 openhab_userdata

In my experimenting I did at times get a Windows network login dialog box but could not log in. Now I cannot get that, but just the denied message.

=======================
Greatly appreciated if someone could help put a stop to my hurting head :wink:

Sorry it’s a long post and I’ve struggled with the formatting with no apparent “code” markup.

Many thanks,
Alan

PS I would like to avoid solutions that eliminate security and let the whole world have read/write access!!

PS2 Another 2-3 hours today :frowning: Tried Putty but found I could not login as openhab user. Can login as root. I did check/reset the Samba and system passwords for openhab user. Tried another Windows 7 PC and it’s the same issue.

#2

SOLVED

After many more hours I solved the problem myself. I checked the whole path permissions folder by folder until:

  1. ls -l /var/lib/docker
  2. drwx------ 5 root root 4096 Dec 3 12:42 volumes

According to Linux rules (as I understand them) the whole path needs Execute permissions in order to access a sub-folder, including accessing from a Samba share. So I changed volumes to

  1. cd /var/lib/docker
  2. chmod g=x volumes
  3. chmod o=x volumes
  4. drwx–x--x 5 root root 4096 Dec 3 12:42 volumes

In the process I did alter the Samba file so the changes from stock now reads:

  1. workgroup = —my workgroup name–
    wins support = yes
    [openHAB2]
    comment=openHAB2
    path=/var/lib/docker/volumes/openhab_data
    browseable=Yes
    writeable=Yes
    only guest=no
    public=no
    create mask=0777
    directory mask=0777
    force group = openhab
    valid users = pi

Note that pi was defined as a member of the openhab group.

I can now access the share from Windows. In fact I have 3 folders in Windows Network:

  1. openHAB Share - cannot access - who knows why this was created!
  2. openHAB2 Share - can access
  3. pi Share - can access - pi’s Home

I also had to add write permissions to the sub-folders

  1. chmod g=rwx -R openhab_data

PS Can’t see an Edit button on my first post in order to mark it solved.