Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

External library scanning (Scan New Library Files) aborts upon Access Denied #12713

Open
3 tasks
psla opened this issue Sep 15, 2024 · 1 comment
Open
3 tasks

External library scanning (Scan New Library Files) aborts upon Access Denied #12713

psla opened this issue Sep 15, 2024 · 1 comment
Assignees
@etnoy

Comments

@psla
Copy link

psla commented Sep 15, 2024
edited
Loading

The bug

  1. Restrict access to some folders in the external library
  2. Go to "external libraries"
  3. Call "Scan New Library Files"
  4. Observe error
[Nest] 7  - 09/15/2024, 10:27:38 PM   ERROR [Microservices:JobService] Unable to run job handler (library/library-refresh): Error: EACCES: permission denied, scandir '/mnt/media/Fotografie/102SSCAM'
[Nest] 7  - 09/15/2024, 10:27:38 PM   ERROR [Microservices:JobService] Error: EACCES: permission denied, scandir '/mnt/media/Fotografie/102SSCAM'
[Nest] 7  - 09/15/2024, 10:27:38 PM   ERROR [Microservices:JobService] Object:
{
  "id": "27af95c1-57fc-4885-9b55-f78a9bc36276",
  "refreshModifiedFiles": false,
  "refreshAllFiles": false
}

Expected behavior: scanning of the library should continue

I understand that generally you probably want to fail upon errors, but this seems a valid use case (to me). Some photographs/content may be more sensitive, and may not be shared with others (including immich). It would be nice if Immich gracesfully fell back access denied errors.

The OS that Immich Server is running on

Debian Linux #redacted# 6.1.0-23-amd64 #1 SMP PREEMPT_DYNAMIC Debian 6.1.99-1 (2024-07-15) x86_64 GNU/Linux

Version of Immich Server

1.115.0

Version of Immich Mobile App

n/a

Platform with the issue

  • Server
  • Web
  • Mobile

Your docker-compose.yml content

version: "3.3"

services:
  immich-server:
    container_name: immich_server
    image: ghcr.io/immich-app/immich-server:${IMMICH_VERSION:-release}
    volumes:
      - ${UPLOAD_LOCATION}:/usr/src/app/upload
      - /mnt/nas/public/wspolne/Fotografie:/mnt/media/Fotografie:ro
    env_file:
      - .env
    ports:
      - 2283:3001
    depends_on:
      - redis
      - database
    restart: always

  immich-machine-learning:
    container_name: immich_machine_learning
    image: ghcr.io/immich-app/immich-machine-learning:${IMMICH_VERSION:-release}
    volumes:
      - model-cache:/cache
    env_file:
      - .env
    restart: always

  redis:
    container_name: immich_redis
    image: redis:6.2-alpine@sha256:70a7a5b641117670beae0d80658430853896b5ef269ccf00d1827427e3263fa3
    restart: always

  database:
    container_name: immich_postgres
    image: tensorchord/pgvecto-rs:pg14-v0.2.0@sha256:90724186f0a3517cf6914295b5ab410db9ce23190a2d9d0b9dd6463e3fa298f0
    env_file:
      - .env
    environment:
      POSTGRES_PASSWORD: ${DB_PASSWORD}
      POSTGRES_USER: ${DB_USERNAME}
      POSTGRES_DB: ${DB_DATABASE_NAME}
      PG_DATA: /var/lib/postgresql/data
    volumes:
      - pgdata:/var/lib/postgresql/data
    restart: always
  backup:
    container_name: immich_db_dumper
    image: prodrigestivill/postgres-backup-local
    env_file:
      - .env
    environment:
      POSTGRES_HOST: database
      POSTGRES_DB: ${DB_DATABASE_NAME}
      POSTGRES_USER: ${DB_USERNAME}
      POSTGRES_PASSWORD: ${DB_PASSWORD}
      SCHEDULE: "@daily"
      BACKUP_NUM_KEEP: 2
      BACKUP_DIR: /db_dumps
    volumes:
      - /mnt/newhome/unprivileged-docker/immich/db_dumps:/db_dumps
    depends_on:
      - database

volumes:
  pgdata:
  model-cache:

Your .env content

DB_HOSTNAME=#redacted#
DB_USERNAME=#redacted#
DB_PASSWORD=#redacted#
DB_DATABASE_NAME=immich



REDIS_HOSTNAME=immich_redis






UPLOAD_LOCATION=/mnt/nas/srv/immich/pictures


TYPESENSE_API_KEY=#




PUBLIC_LOGIN_PAGE_MESSAGE=


IMMICH_WEB_URL=http://immich-web:3000
IMMICH_SERVER_URL=http://immich-server:3001
IMMICH_MACHINE_LEARNING_URL=http://immich-machine-learning:3003




IMMICH_API_URL_EXTERNAL=#redacted#

Reproduction steps

  1. Restrict access to some folders in the external library
  2. Go to "external libraries"
  3. Call "Scan New Library Files"
  4. Observe error

Relevant log output

[Nest] 7  - 09/15/2024, 10:27:38 PM   ERROR [Microservices:JobService] Unable to run job handler (library/library-refresh): Error: EACCES: permission denied, scandir '/mnt/media/Fotografie/102SSCAM'
[Nest] 7  - 09/15/2024, 10:27:38 PM   ERROR [Microservices:JobService] Error: EACCES: permission denied, scandir '/mnt/media/Fotografie/102SSCAM'
[Nest] 7  - 09/15/2024, 10:27:38 PM   ERROR [Microservices:JobService] Object:
{
  "id": "27af95c1-57fc-4885-9b55-f78a9bc36276",
  "refreshModifiedFiles": false,
  "refreshAllFiles": false
}


### Additional information

_No response_
@etnoy etnoy self-assigned this Oct 8, 2024
@lumpiluk lumpiluk mentioned this issue Oct 8, 2024
Closed
3 tasks
@etnoy etnoy mentioned this issue Oct 9, 2024
Closed
@alexantao
Copy link

I don't know if I have the same issue.
I've just installed immich (v1.122.3) on a small box I have and mounted a NAS to a local directory as RO, since I want to make shure nothing will me modified on this disk.

Configured my external library, but no photos are found.
Saw on the logs the same access denied errors. But it's odd, because it does has acess, just that it's RO.

[Nest] 7 - 12/16/2024, 11:39:10 AM LOG [Microservices:LibraryService] Refreshing library ed72481e-f76d-437e-acb2-bb535f199c72 for new assets [Nest] 7 - 12/16/2024, 11:39:10 AM LOG [Microservices:LibraryService] Scanning library ed72481e-f76d-437e-acb2-bb535f199c72 for removed assets [Nest] 7 - 12/16/2024, 11:39:10 AM ERROR [Microservices:JobService] Unable to run job handler (library/library-queue-sync-files): Error: EACCES: permission denied, scandir '/FOTOS/2004/01 - Jan' [Nest] 7 - 12/16/2024, 11:39:10 AM ERROR [Microservices:JobService] Error: EACCES: permission denied, scandir '/FOTOS/2004/01 - Jan' [Nest] 7 - 12/16/2024, 11:39:10 AM ERROR [Microservices:JobService] Object:
And I tested entering bash from docker, accessed the library can also cat a JPG file inside it. Access was OK.
Can it be the same issue ?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@etnoy etnoy

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

fix(server): Skip errors when scanning library files immich-app/immich
3 participants
@etnoy @psla @alexantao