wandabastyle/twitch_relay
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages 1 Wiki Activity Actions

Fix recordings bind-mount write permissions in Docker Compose #23

New issue
Closed
opened 2026-04-29 20:23:50 +02:00 by wandabastyle · 0 comments
wandabastyle commented 2026-04-29 20:23:50 +02:00 (Migrated from github.com)
Copy link

Problem

The container is configured to run as a non-root user:

user: "1000:1000"

but the recordings bind mount may not be writable by that UID/GID on the host:

volumes:
  - ./recordings:/app/recordings

This can cause write failures when the app tries to create or save files under /app/recordings.

chmod 775 alone is not enough unless the folder owner or group matches the container process UID/GID.

How to verify

On the host:

ls -ldn ./recordings

Expected owner/group should usually be:

1000 1000

Inside the container:

docker compose exec twitch-relay sh -lc 'id; ls -ldn /app/recordings; touch /app/recordings/test'

If touch fails, the bind mount permissions are wrong.

Proposed fix

Ensure the host folder exists and is owned by UID/GID 1000:1000 before starting the container:

mkdir -p ./recordings
sudo chown -R 1000:1000 ./recordings
chmod -R u+rwX,g+rwX ./recordings

Optionally make the bind mount mode explicit for readability:

volumes:
  - ./recordings:/app/recordings:rw

Note: :rw is Docker’s default, so this is not the main fix. The important part is matching the host folder ownership/permissions to the configured container user.

## Problem The container is configured to run as a non-root user: ```yaml user: "1000:1000" ``` but the `recordings` bind mount may not be writable by that UID/GID on the host: ```yaml volumes: - ./recordings:/app/recordings ``` This can cause write failures when the app tries to create or save files under `/app/recordings`. `chmod 775` alone is not enough unless the folder owner or group matches the container process UID/GID. ## How to verify On the host: ```bash ls -ldn ./recordings ``` Expected owner/group should usually be: ```text 1000 1000 ``` Inside the container: ```bash docker compose exec twitch-relay sh -lc 'id; ls -ldn /app/recordings; touch /app/recordings/test' ``` If `touch` fails, the bind mount permissions are wrong. ## Proposed fix Ensure the host folder exists and is owned by UID/GID `1000:1000` before starting the container: ```bash mkdir -p ./recordings sudo chown -R 1000:1000 ./recordings chmod -R u+rwX,g+rwX ./recordings ``` Optionally make the bind mount mode explicit for readability: ```yaml volumes: - ./recordings:/app/recordings:rw ``` Note: `:rw` is Docker’s default, so this is not the main fix. The important part is matching the host folder ownership/permissions to the configured container user.
Sign in to join this conversation.
No Branch/Tag specified
Branches Tags
main
publish
resolver
v0.5.0
Labels
Clear labels   
bug
Something isn't working

  
codex

   
documentation
Improvements or additions to documentation

  
duplicate
This issue or pull request already exists

  
enhancement
New feature or request

  
good first issue
Good for newcomers

  
help wanted
Extra attention is needed

  
invalid
This doesn't seem right

  
question
Further information is requested

  
wontfix
This will not be worked on

No labels
bug
codex
documentation
duplicate
enhancement
good first issue
help wanted
invalid
question
wontfix
Milestone
Clear milestone
No items
No milestone
Projects
Clear projects
No items
No project
Assignees
Clear assignees
No assignees
1 participant
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference
wandabastyle/twitch_relay#23
No description provided.