Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

External library scanning (Scan New Library Files) aborts upon Access Denied #12713

Open
3 tasks
psla opened this issue Sep 15, 2024 · 0 comments
Open
3 tasks
Assignees

Comments

@psla
Copy link

psla commented Sep 15, 2024

The bug

  1. Restrict access to some folders in the external library
  2. Go to "external libraries"
  3. Call "Scan New Library Files"
  4. Observe error
[Nest] 7  - 09/15/2024, 10:27:38 PM   ERROR [Microservices:JobService] Unable to run job handler (library/library-refresh): Error: EACCES: permission denied, scandir '/mnt/media/Fotografie/102SSCAM'
[Nest] 7  - 09/15/2024, 10:27:38 PM   ERROR [Microservices:JobService] Error: EACCES: permission denied, scandir '/mnt/media/Fotografie/102SSCAM'
[Nest] 7  - 09/15/2024, 10:27:38 PM   ERROR [Microservices:JobService] Object:
{
  "id": "27af95c1-57fc-4885-9b55-f78a9bc36276",
  "refreshModifiedFiles": false,
  "refreshAllFiles": false
}

Expected behavior: scanning of the library should continue

I understand that generally you probably want to fail upon errors, but this seems a valid use case (to me). Some photographs/content may be more sensitive, and may not be shared with others (including immich). It would be nice if Immich gracesfully fell back access denied errors.

The OS that Immich Server is running on

Debian Linux #redacted# 6.1.0-23-amd64 #1 SMP PREEMPT_DYNAMIC Debian 6.1.99-1 (2024-07-15) x86_64 GNU/Linux

Version of Immich Server

1.115.0

Version of Immich Mobile App

n/a

Platform with the issue

  • Server
  • Web
  • Mobile

Your docker-compose.yml content

version: "3.3"

services:
  immich-server:
    container_name: immich_server
    image: ghcr.io/immich-app/immich-server:${IMMICH_VERSION:-release}
    volumes:
      - ${UPLOAD_LOCATION}:/usr/src/app/upload
      - /mnt/nas/public/wspolne/Fotografie:/mnt/media/Fotografie:ro
    env_file:
      - .env
    ports:
      - 2283:3001
    depends_on:
      - redis
      - database
    restart: always

  immich-machine-learning:
    container_name: immich_machine_learning
    image: ghcr.io/immich-app/immich-machine-learning:${IMMICH_VERSION:-release}
    volumes:
      - model-cache:/cache
    env_file:
      - .env
    restart: always

  redis:
    container_name: immich_redis
    image: redis:6.2-alpine@sha256:70a7a5b641117670beae0d80658430853896b5ef269ccf00d1827427e3263fa3
    restart: always

  database:
    container_name: immich_postgres
    image: tensorchord/pgvecto-rs:pg14-v0.2.0@sha256:90724186f0a3517cf6914295b5ab410db9ce23190a2d9d0b9dd6463e3fa298f0
    env_file:
      - .env
    environment:
      POSTGRES_PASSWORD: ${DB_PASSWORD}
      POSTGRES_USER: ${DB_USERNAME}
      POSTGRES_DB: ${DB_DATABASE_NAME}
      PG_DATA: /var/lib/postgresql/data
    volumes:
      - pgdata:/var/lib/postgresql/data
    restart: always
  backup:
    container_name: immich_db_dumper
    image: prodrigestivill/postgres-backup-local
    env_file:
      - .env
    environment:
      POSTGRES_HOST: database
      POSTGRES_DB: ${DB_DATABASE_NAME}
      POSTGRES_USER: ${DB_USERNAME}
      POSTGRES_PASSWORD: ${DB_PASSWORD}
      SCHEDULE: "@daily"
      BACKUP_NUM_KEEP: 2
      BACKUP_DIR: /db_dumps
    volumes:
      - /mnt/newhome/unprivileged-docker/immich/db_dumps:/db_dumps
    depends_on:
      - database

volumes:
  pgdata:
  model-cache:

Your .env content

DB_HOSTNAME=#redacted#
DB_USERNAME=#redacted#
DB_PASSWORD=#redacted#
DB_DATABASE_NAME=immich



REDIS_HOSTNAME=immich_redis






UPLOAD_LOCATION=/mnt/nas/srv/immich/pictures


TYPESENSE_API_KEY=#




PUBLIC_LOGIN_PAGE_MESSAGE=


IMMICH_WEB_URL=http://immich-web:3000
IMMICH_SERVER_URL=http://immich-server:3001
IMMICH_MACHINE_LEARNING_URL=http://immich-machine-learning:3003




IMMICH_API_URL_EXTERNAL=#redacted#

Reproduction steps

  1. Restrict access to some folders in the external library
  2. Go to "external libraries"
  3. Call "Scan New Library Files"
  4. Observe error

Relevant log output

[Nest] 7  - 09/15/2024, 10:27:38 PM   ERROR [Microservices:JobService] Unable to run job handler (library/library-refresh): Error: EACCES: permission denied, scandir '/mnt/media/Fotografie/102SSCAM'
[Nest] 7  - 09/15/2024, 10:27:38 PM   ERROR [Microservices:JobService] Error: EACCES: permission denied, scandir '/mnt/media/Fotografie/102SSCAM'
[Nest] 7  - 09/15/2024, 10:27:38 PM   ERROR [Microservices:JobService] Object:
{
  "id": "27af95c1-57fc-4885-9b55-f78a9bc36276",
  "refreshModifiedFiles": false,
  "refreshAllFiles": false
}


### Additional information

_No response_
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging a pull request may close this issue.

2 participants