Help Running NextCloud with docker-compose with TrueNAS Scale share mounted as data directory

I’m trying to run NextCloud as a container with docker-compose using TrueNAS share as data directory. I have the TrueNAS share mounted in the fstab on the docker host machine and got the containers running. I get an error trying to get to it to set it up. Can’t write into config directory. I have run ls -l on the host machine in the data folder that has the truenas share mounted. Everything in the directory is owned by root. I’m lost with what permission issues I have.

Here is my docker-compose.yaml

version: ‘3’

volumes:
nextcloud:
db:

services:
db:
image: mariadb:latest
restart: always
command: --transaction-isolation=READ-COMMITTED --log-bin=binlog --binlog-format=ROW
volumes:
- ./datadb:/var/lib/mysql
environment:
- MYSQL_ROOT_PASSWORD=password
- MYSQL_PASSWORD=password
- MYSQL_DATABASE=nextcloud
- MYSQL_USER=nextcloud

app:
image: nextcloud
restart: always
ports:
- 8080:80
links:
- db
volumes:
- ./data:/var/www/html
environment:
- MYSQL_PASSWORD=password
- MYSQL_DATABASE=nextcloud
- MYSQL_USER=nextcloud
- MYSQL_HOST=db

I have a TrueNAS scale share mounted to the data directory that i have added as a volume on the nextcloud app.

I was able to run docker-compose up -d and it wrote directories and files in the data directory which successfully created on the truenas share. But when i go to access the nextcloud instance i get Error Can’t write into config directory.

I added a separate user on truenas to be able to mount the share on the docker host machine and that user has full permissions to the share folder to be able to mount it and create directories.

They need to be www-data:www-data aka: 33:33

so i should just have to chown everything in the directory to www-data?

Okay so i tried running sudo chown www-data data/ and sudo chgrp www-data data/ both seemed to have completed and didnt give an error, however when i run ls -l again, i still see root:root.

I also logged into truenas to change the owner of the share to www-data and group to www-data but still shows root as owner when i look in the docker host

chown -r www-data:www-data data/*

here are you looking? From inside the docker container itself or from the docker host file system?

I am looking from the docker host since i have the volumes mapped in the container to directories on the host machine and i have my truenas share mounted to the directory i created for the data volume in the container.

I have tried the chown -R www-data:www-data data/* and still seemed to run because it took a minute to get me back to where i could do anything but then i checked after the process was done with another ls -l and still everything is showing as root:root. I am running the chown command from the docker host, am i needing to try to run it from within the container?

Edit:
I tried to run the command from within the container itself and still same outcome, everything still owned by root:root

WHen you are in a console inside the container itself, then the output of ls -l should show you the correct owner.
When you do ls -l from the host and looks at the path allocated to the container, it correctly should display root. This is correct, as the docker deamon runs in context of root, and in order to manage the storage for all containers, it needs highest privileges, hence the filesystem is owned by root. Docker applies a virtual filesystem credentials and rights over the storage, which for the apps and for the containers themselves, applies. So you has to exec a cli console into the container itself, on container level and not docker host, and then apply the chown and you will notice afterwards, that the ls -l outputs the correct owner. When you then exists the container console and do ls -l it will again show you root.

On the Docker host filesystem, all files are owned by Root.

I’m trying to do the same thing (docker-compose running nc with a shared smb on a separate host running truenas scale).
If I understand correctly I need to do this:

  1. create a smb share on the truenas server (lets call it nextcloud_data)
  2. create a user password on truenas server (lets call it nc_user and pass: mypassword
  3. put the nc_user as a member into the www-data group. (I can’t seem to use truenas built in user “www-data” as I don’t know the password for it and moreover truenas doesn’t allow you to turn on “Samba Authentication” for the www-data user in the gui)
  4. on the nextcloud docker host modify the fstab to make a connection to the /nextcloud_data share on truenas using the nc_user and password (which is a member of the www-data group
  5. Run the yaml file
  6. open up the cli in the nextcloud container
  7. inside the docker cli change ownership & group of the smb to www-data using the chown -R www-data:www-data data/* command?

If I’m right, will that be persistent on a reboot or if I move the container to another host?

Can that permission be added to the yaml file? if so any examples?
Thank you