Pihole docker portainer permissions issue

Hello,

I followed the main guide from the YouTube video and Forum post here about setting up TrueNas Scale and Portainer and all those things. I am having some issues with pihole specifically permissions on the nfs share. I noticed this with the prometheus and grafana containers I setup but was able to fix it by changing the ownership of the directory to specific guid’s. However that doesn’t seem to be working for pihole.

This is the error I am getting:

s6-rc: info: service s6rc-oneshot-runner: starting
s6-rc: info: service s6rc-oneshot-runner successfully started
s6-rc: info: service fix-attrs: starting
s6-rc: info: service fix-attrs successfully started
s6-rc: info: service legacy-cont-init: starting
s6-rc: info: service legacy-cont-init successfully started
s6-rc: info: service cron: starting
s6-rc: info: service cron successfully started
s6-rc: info: service _uid-gid-changer: starting
s6-rc: info: service _uid-gid-changer successfully started
s6-rc: info: service _startup: starting
[i] Starting docker specific checks & setup for docker pihole/pihole
[i] Setting capabilities on pihole-FTL where possible
[i] Applying the following caps to pihole-FTL:
* CAP_CHOWN
* CAP_NET_BIND_SERVICE
* CAP_NET_RAW
[i] Ensuring basic configuration by re-running select functions from basic-install.sh
[i] Installing configs from /etc/.pihole…
[i] Existing dnsmasq.conf found… it is not a Pi-hole file, leaving alone!
[i] Installing /etc/dnsmasq.d/01-pihole.conf…
[✓] Installed /etc/dnsmasq.d/01-pihole.conf
[i] Installing /etc/.pihole/advanced/06-rfc6761.conf…
[✓] Installed /etc/dnsmasq.d/06-rfc6761.conf
/etc/.pihole/automated install/basic-install.sh: line 1362: /etc/pihole/dns-servers.conf: Permission denied
s6-rc: info: service _startup successfully started
s6-rc: info: service pihole-FTL: starting
s6-rc: info: service pihole-FTL successfully started
s6-rc: info: service lighttpd: starting
s6-rc: info: service lighttpd successfully started
s6-rc: info: service _postFTL: starting
s6-rc: info: service _postFTL successfully started
s6-rc: info: service legacy-services: starting
Checking if custom gravity.db is set in /etc/pihole/pihole-FTL.conf
s6-rc: info: service legacy-services successfully started
install: cannot create regular file ‘/etc/pihole/dhcp.leases’: Permission denied
Installation Failure: /etc/pihole/setupVars.conf does not exist!
Please run ‘pihole -r’, and choose the ‘reconfigure’ option to fix.
chown: cannot access ‘/etc/pihole/dhcp.leases’: No such file or directory
chown: changing ownership of ‘/etc/pihole’: Operation not permitted
chmod: cannot access ‘/etc/pihole/dhcp.leases’: No such file or directory

This is what my stack looks like:

version: ‘3’

services:
pihole:
container_name: pihole
image: pihole/pihole:latest
ports:
- “7053:53”
- “7080:80/tcp”
environment:
- TZ=america/los_angeles
- WEBPASSWORD=password
- DNSMASQ_USER=root
volumes:
- /nfs/pihole/etcd:/etc/pihole
- /nfs/pihole/dnsmasq:/etc/dnsmasq.d
restart: unless-stopped

This is the user nfsdckr on my TrueNas machine:


Did I set the permissions for the user correctly? To mount the share in the VM I added this to the fstab:
192.168.XXX.XXX:/mnt/mk_tiger/containers_VMs/NFSDocker/nfsdckr /nfs nfs rw,async,noatime,hard 0 0

Any insight as to what’s going on?

Thank you!

Hey!

I have the exact same errors. Also followed the same forum post to setup docker and NFS on TrueNAS. I also got the same permission errors.
Did you already find a solution by any chance? I’m triyng to fix this for two days now and I’m just about to give up.

Thank you in advance!

Your issue seems related to the permissions on the NFS share used by Pi-hole. Here are some steps to troubleshoot and potentially resolve the issue:

Verify NFS Permissions:
Ensure that the NFS share has the appropriate permissions set. You might need to set the no_root_squash option on the NFS server to allow the container to write as root. This is generally done in the NFS export configuration.

For example, in /etc/exports on your NFS server:

/nfs/pihole 192.168.1.0/24(rw,sync,no_subtree_check,no_root_squash) you must change the pihole address to your PI’s IP address. After modifying the exports file, remember to reload the NFS server configuration by typing the following command: exportfs -ra.

Change Ownership and Permissions:
Ensure that the directories on the NFS share have the correct ownership and permissions. The directories should be writable by the user that the Docker container is running as. You mentioned creating a user nfsdckr—make sure this user has the appropriate UID and GID. Change ownership: chown -R nfsdckr:nfsdckr /nfs/pihole. Adjust permissions: chmod -R 775 /nfs/pihole.

Check Docker User and Group:
Ensure the Docker container is running with the correct user and group. You might need to specify the UID and GID in your docker-compose.yml file.
Example:
version: '3' services: pihole: container_name: pihole image: pihole/pihole:latest ports: - "7053:53" - "7080:80/tcp" environment: - TZ=America/Los_Angeles - WEBPASSWORD=password - DNSMASQ_USER=root volumes: - /nfs/pihole/etcd:/etc/pihole - /nfs/pihole/dnsmasq:/etc/dnsmasq.d user: "nfsdckr:nfsdckr" # Specify the user and group here restart: unless-stopped

Make sure the required directories exist on the NFS share. If they don’t, create them. mkdir -p /nfs/pihole/etcd /nfs/pihole/dnsmasq chown -R nfsdckr:nfsdckr /nfs/pihole chmod -R 775 /nfs/pihole

After applying these changes, restart the Pi-hole container and see if the permissions issues are resolved.