squeezeboxserver user in docker image is not added to group $PGID

[doctorjames]

The squeezeboxserver user is set up as part of the Dockerfile build process.

The line usermod -g $PGID squeezeboxserver has therefore already been executed when building the image, not with the user specified PGID at runtime.

If the user overrides the group using the PGID environment variable, this is used to chown various files in start-container.sh but the squeezeboxserver user is not added to this group. This prevents using the PGID to allow access to music files mounted from the host.

I would expect changing:

usermod -o -u "$PUID" squeezeboxserver
groupmod -o -g "$PGID" nogroup

to:

groupmod -o -g "$PGID" nogroup
usermod -o -u "$PUID" -g nogroup squeezeboxserver

in start-container.sh would make it work, however using a differently named group to "nogroup" would be semantically better since it is a group, and in my use case, one that serves an access role.

It might be cleanest to specify an (optional) group for the read/write files (i.e. what is affected at present) and a separate group that the squeezeboxserver user is put in by start-container.sh intended for access to the read only music.

[edgar-vincent]

I am sorry to bump this, but could anyone implement the fixes that @doctorjames suggests? They seem to be insightful.

[ppbdrinker]

I wish I read this bugreport prior to wasting 90 minutes on debugging the FS access denial. %)

[michaelherger]

Yes, would be great if somebody could come up with a pull request. Thanks!

[github-actions]

⚠️ This issue is stale because it has been open for 360 days with no activity. Please chime in if you want to keep it alive.

[Floriszz]

I think I run into the same error. LMS starts, but looking under settings and click on 'Media Folders' - browse. Only the folders inside the container itself are seen.
If I look in Portainer for the log, I see the following, while the user with PUID(1026) is Admin and PGID(101) is administrators group.
[24-10-18 23:41:31.7698] Slim::Utils::Scanner::Local::rescan (179) Discovering audio files in /music
[24-10-18 23:41:31.7754] Slim::Utils::Scanner::Local::Async::ANON (70) Error scanning file or folder: /music: Permission denied

I use the following docker run parameters in the Task Scheduler:
docker run -d
--name=LogitechMusicServer
--restart=always
--privileged
-p 9003:9003/tcp
-p 9091:9091/tcp
-p 3484:3483/tcp
-p 3484:3483/udp
-v /volume2/docker/LogitechMediaServer:/config:rw
-v /volume1/music:/music:ro
-v /volume1/music/playlists:/playlist:rw
-v /etc/localtime:/etc/localtime:ro
-v /etc/TZ:/etc/timezone:ro
-e PUID=1026
-e PGID=101
-e TZ=Europe/Amsterdam
-e EXTRA_ARGS="--advertiseaddr=192.168.1.22"
-e HTTP_PORT=9003
lmscommunity/logitechmediaserver:stable

[Floriszz]

The very simple solution was to create a new user account(1034) on the nas and give this user Read rights on the Music folder on the Nas and read/write rights on the docker config folder on the nas. Then use the UID(PUID) of that user. And use the GID(PGID) of the normal user group=100.
I tried it before with an existing account, but that didn't work. I don't know why..
Correct docker run commands are:

docker run -d
--name=LogitechMusicServer
--restart=always
--privileged
-p 9003:9003/tcp
-p 9091:9091/tcp
-p 3484:3483/tcp
-p 3484:3483/udp
-v /volume2/docker/LogitechMediaServer:/config:rw
-v /volume1/music:/music:ro
-v /volume1/music/playlists:/playlist:rw
-v /etc/localtime:/etc/localtime:ro
-v /etc/TZ:/etc/timezone:ro
-e PUID=1034
-e PGID=100
-e TZ=Europe/Amsterdam
-e EXTRA_ARGS="--advertiseaddr=192.168.1.22"
-e HTTP_PORT=9003
lmscommunity/logitechmediaserver:stable