[BUG] OC_CONFIG_DIR variable causes permission denied error inside container

[wearepariah]

Describe the bug

OC_CONFIG_DIR environment variable is used within opencloud code to refer to paths inside the Docker container, but also recommended in examples/instructions to refer to paths on the host. This leads to errors attempting to mkdir paths inside the container if that path is not writeable by 1000:1000.

Steps to reproduce

1. docker compose per the instructions
2. utilise the OC_CONFIG_DIR variable to set your host config directory (owned and fully writeable by user 1000:1000).
3. use a directory that would not be writeable inside the container without root. e.g. /cloud/opencloud/config

Expected behavior

docker compose up, opencloud init would run and create config files on the host per the variables.

Actual behavior

Attempts to mkdir at the OC_CONFIG_PATH directory within the container, causing error Could not create config: mkdir /cloud: permission denied

Setup

Running within the openmediavault-compose extension v7.6.12 for Open Media Vault 7.7.13-1 (Sandworm), on Debian Bookworm 6.12.34+rpt-rpi-2712. Hardware is a Raspberry Pi 5.

Details

compose.yaml

name: opencloud
services:
  opencloud-server:
    container_name: opencloud-server
    image: opencloudeu/opencloud-rolling:${OC_VERSION:-latest}
    networks:
      opencloud-net:
    entrypoint:
      - /bin/sh
    command: ["-c", "opencloud init || true; opencloud server"]
    ports:
    - 8083:9200
    volumes:
      - ${OC_CONFIG_DIR:-opencloud-config}:/etc/opencloud #not working if OC_CONFIG_DIR is used
      #- ${OC_CONF_DIR:-opencloud-config}:/etc/opencloud #working
      - ${OC_DATA_DIR:-opencloud-data}:/var/lib/opencloud
    restart: no
    env_file:
      - opencloud.env
volumes:
  opencloud-config:
  opencloud-data:

networks:
  opencloud-net:

opencloud.env

OC_INSECURE=false
PROXY_TLS=false
OC_URL=https://sub.domain.tld
OC_CONFIG_DIR=/cloud/opencloud/config #not working if OC_CONFIG_DIR is used
#OC_CONF_DIR=/cloud/opencloud/config #working
OC_DATA_DIR=/cloud/opencloud/data
OC_VERSION=3.2
IDM_ADMIN_PASSWORD=admin

Additional context

This example is being used as a test/experiment environment, not intended to go to production in this state.
Instructions within the common issues resource handle permissions on the host, rather than within the container.

If i had to guess (not particularly experienced with GoLang), this might have something to do with it?

[rhafer]

What you describe is not actually a bug. It is pretty much the expected behavior. Our containers do not run as root. So creating the file and changing the ownership for files mounted from the host does not work from inside the container. It is also documented here:
https://docs.opencloud.eu/docs/admin/getting-started/container/docker-compose/docker-compose-base#production-setup-consideration

[wearepariah]

Thanks rhafer, though I think I have not been clear here - OC_CONFIG_DIR is a variable used inside of the Docker Compose .env file to define a directory path on the host. It is also used within the container in Opencloud code to define a path for a different (adjacent?) purpose inside the container. (dual use of a single variable name for different purposes) Having a path on the host that is owned and writeable by 1000:1000 (as those linked documents describe) has zero impact on what I am talking about here. The problem comes up if OC_CONFIG_DIR for the host directory path (writeable and owned by 1000:1000) happens to be a directory path not writeable by 1000:1000 _inside the container_. On the host /cloud/opencloud Owned by 1000:1000, writeable by 1000:1000, happy days. Inside the container /cloud/opencloud Does not exist, and being a root level directory needs root inside the container to create it (which is the problem) This is shown by using different variable names in the Docker compose context. By using OC_CONF_DIR in .env and docker-compose.yml and pointing to the same directory path on the host, everything works and nothing has an issue.

…

----- Original message ----- From: Ralf Haferkamp ***@***.***> To: opencloud-eu/opencloud ***@***.***> Cc: wearepariah ***@***.***>, Author ***@***.***> Subject: Re: [opencloud-eu/opencloud] [BUG] OC_CONFIG_DIR variable causes permission denied error inside container (Issue #1279) Date: Tuesday, August 12, 2025 6:55 PM *rhafer* left a comment (opencloud-eu/opencloud#1279) <#1279 (comment)> What you describe is not actually a bug. It is pretty much the expected behavior. Our containers do not run as root. So creating the file and changing the ownership for files mounted from the host does not work from inside the container. It is also documented here: https://docs.opencloud.eu/docs/admin/getting-started/container/docker-compose/docker-compose-base#production-setup-consideration — Reply to this email directly, view it on GitHub <#1279 (comment)>, or unsubscribe <https://github.com/notifications/unsubscribe-auth/APX3ZLGJDVUBU5XEOOAOET33NGTYLAVCNFSM6AAAAACCOEDYVWVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMZTCNZYGM3TONRQGE>. You are receiving this because you authored the thread.Message ID: ***@***.***>

[micbar]

@wearepariah I think, that i understand the problem now. Re-opening.

[Cleyton1]

Hey @wearepariah . I am still a new user, but I am experiencing exactly the same issue you described. I've have the following, all of them owned and writable by 1000:1000:

OC_CONFIG_DIR=/mnt/OpenCloud/config
OC_DATA_DIR=/mnt/OpenCloud/data
OC_APPS_DIR=/home/gringotts/docker/opencloud/apps

/mnt/OpenCloud is mounted to a TrueNAS NFS Share using the following bellow. Also the dataset in TrueNAS is owned and writable by 1000:1000 user:group. PS: the 1000:1000 user and group pair have different names in the client machine when compared to TrueNAS, but I believe NFS only checks for UID:GID when validating the user. I was also able to test by creating and deleting files inside the share in the client machine when logged as my 1000:1000 user.

<TrueNAS_IP>:/mnt//Application/OpenCloud /mnt/OpenCloud nfs defaults,nfsvers=4,noac 0 0

But I am getting the exact error you described
✔ Image opencloudeu/opencloud-rolling:latest Pulled 2.5s
✔ Network opencloud_opencloud-net Created 0.0s
⠋ Container opencloud-opencloud-1 Creating 0.1s
Error response from daemon: error while creating mount source path '/mnt/OpenCloud/data': mkdir /mnt/OpenCloud/data: permission denied

I see you solved the issue based on your comment of
"By using OC_CONF_DIR in .env and docker-compose.yml and pointing to the same directory path on the host, everything works and nothing has an issue."

Can you explain in more detail, and if possible changes made to the yml files in order to complish what you described above ?

Thank you

[micbar]

This needs to be fixed in the compose project. I am currently off and not working, but would accept a pull request.

[Cleyton1]

This needs to be fixed in the compose project. I am currently off and not working, but would accept a pull request.

Thank you for the reply @micbar . I am not a developer, not sure how to do the pull request you mentioned, sorry. If I understood correctly, it seems this issue needs to be fixed inside the project, and there is nothing I can do on my end in order to keep going. I will keep an eye on this project and try again later. Appreciate it.