-
The bugWhen I download a single photo, no issue. When selecting multiple photos and downloading, Immich will make a zip file out of it and download it. When unpacking/extracting the zip files, all files in the zip have no read or write permissions somehow. I tested this with Firefox 124.0.2 and Chrome 123 on macOS 14.4.1, as well as Firefox 124 on Ubuntu 22.04. The OS that Immich Server is running onmacOS 14.4.1, Ubuntu 22.04 Version of Immich Serverv1.101.0 Version of Immich Mobile Appv1.101 Platform with the issue
Your docker-compose.yml contentversion: '3.8'
#
# WARNING: Make sure to use the docker-compose.yml of the current release:
#
# https://github.com/immich-app/immich/releases/latest/download/docker-compose.yml
#
# The compose file on main may not be compatible with the latest release.
#
name: immich
services:
immich-server:
container_name: immich_server
image: ghcr.io/immich-app/immich-server:${IMMICH_VERSION:-release}
command: ['start.sh', 'immich']
volumes:
- ${UPLOAD_LOCATION}:/usr/src/app/upload
- /etc/localtime:/etc/localtime:ro
env_file:
- stack.env
ports:
- 2283:3001
depends_on:
- redis
- database
restart: always
immich-microservices:
container_name: immich_microservices
image: ghcr.io/immich-app/immich-server:${IMMICH_VERSION:-release}
# extends: # uncomment this section for hardware acceleration - see https://immich.app/docs/features/hardware-transcoding
# file: hwaccel.transcoding.yml
# service: cpu # set to one of [nvenc, quicksync, rkmpp, vaapi, vaapi-wsl] for accelerated transcoding
command: ['start.sh', 'microservices']
volumes:
- ${UPLOAD_LOCATION}:/usr/src/app/upload
- /etc/localtime:/etc/localtime:ro
env_file:
- stack.env
depends_on:
- redis
- database
restart: always
immich-machine-learning:
container_name: immich_machine_learning
# For hardware acceleration, add one of -[armnn, cuda, openvino] to the image tag.
# Example tag: ${IMMICH_VERSION:-release}-cuda
image: ghcr.io/immich-app/immich-machine-learning:${IMMICH_VERSION:-release}
# extends: # uncomment this section for hardware acceleration - see https://immich.app/docs/features/ml-hardware-acceleration
# file: hwaccel.ml.yml
# service: cpu # set to one of [armnn, cuda, openvino, openvino-wsl] for accelerated inference - use the `-wsl` version for WSL2 where applicable
volumes:
- model-cache:/cache
env_file:
- stack.env
restart: always
redis:
container_name: immich_redis
image: registry.hub.docker.com/library/redis:6.2-alpine@sha256:51d6c56749a4243096327e3fb964a48ed92254357108449cb6e23999c37773c5
restart: always
database:
container_name: immich_postgres
image: registry.hub.docker.com/tensorchord/pgvecto-rs:pg14-v0.2.0@sha256:90724186f0a3517cf6914295b5ab410db9ce23190a2d9d0b9dd6463e3fa298f0
environment:
POSTGRES_PASSWORD: ${DB_PASSWORD}
POSTGRES_USER: ${DB_USERNAME}
POSTGRES_DB: ${DB_DATABASE_NAME}
volumes:
- pgdata:/var/lib/postgresql/data
restart: always
volumes:
pgdata:
model-cache: Your .env contentUPLOAD_LOCATION=/volume1/Photos/
IMMICH_VERSION=release
DB_PASSWORD=postgres
DB_HOSTNAME=immich_postgres
DB_USERNAME=postgres
DB_DATABASE_NAME=immich
REDIS_HOSTNAME=immich_redis Reproduction steps1. Select multiple photos in web interface
2. Click the three dots and click "download"
3. Extract the downloaded zip file
4. permissions of extracted files are "----------" / 000 (no permissions) Relevant log outputNo response Additional informationNo response |
Beta Was this translation helpful? Give feedback.
Replies: 7 comments 15 replies
-
I am unable to replicate this on Debian. Can you please post the exact commands you used and the permissions of the user as well as the directory you are extracting into? I was under the impression that ZIP files did not store permissions. Can you also try with a different ZIP file that didn't come from Immich? |
Beta Was this translation helpful? Give feedback.
-
I will recheck on Ubuntu, I might have mixed up something there, the issue might only exist on macOS. On macOS, I simply double click the .zip file and it creates a folder with the same name (minus the extension). The folder itself has correct permissions (read and write for my user) but the files inside the folder do not. I also tried unziping from the cli using Finally, I installed another decompression utility, Keka. And low and behold, the issue does not happen. Hence, it seems it specific to the macOS uncompression utility (or I do not have this issue with other zip files as far as I know. |
Beta Was this translation helpful? Give feedback.
-
This seems like a Mac OS problem then? I just opened an Immich ZIP using 7-zip and I see this: |
Beta Was this translation helpful? Give feedback.
-
I retested on Ubuntu 22.04, I confirm it's exactly the same issue. After extracting the files, they have zero permissions. No read permissions, no write permissions. I also tested using |
Beta Was this translation helpful? Give feedback.
-
Beta Was this translation helpful? Give feedback.
-
I am getting to the conclusion that on Synology, because Docker runs as root, one should configure PUID & GUID to avoid the aforementioned issue. I'm thinking about following this guide (I'm using portainer):
environment:
- PUID=1000
- PGID=1000
Can someone spot any error in my thinking? Are their any containers where I should rather not change the PUID/GUID? |
Beta Was this translation helpful? Give feedback.
-
In general, it appears it's good practice not to run an internet facing container as root, hence I wanted to configure PUID and GUID, but it doesn't work it seems, immich-server can't connect to redis anymore, while the DB container itself doesn't show any error. I followed these instructions.
Current docker compose:version: '3.8'
#
# WARNING: Make sure to use the docker-compose.yml of the current release:
#
# https://github.com/immich-app/immich/releases/latest/download/docker-compose.yml
#
# The compose file on main may not be compatible with the latest release.
#
name: immich
services:
immich-server:
container_name: immich_server
image: ghcr.io/immich-app/immich-server:${IMMICH_VERSION:-release}
command: ['start.sh', 'immich']
volumes:
- ${UPLOAD_LOCATION}:/usr/src/app/upload
- /etc/localtime:/etc/localtime:ro
env_file:
- stack.env
ports:
- 2283:3001
depends_on:
- redis
- database
restart: always
environment:
- PUID=1037
- PGID=100
immich-microservices:
container_name: immich_microservices
image: ghcr.io/immich-app/immich-server:${IMMICH_VERSION:-release}
# extends: # uncomment this section for hardware acceleration - see https://immich.app/docs/features/hardware-transcoding
# file: hwaccel.transcoding.yml
# service: cpu # set to one of [nvenc, quicksync, rkmpp, vaapi, vaapi-wsl] for accelerated transcoding
command: ['start.sh', 'microservices']
volumes:
- ${UPLOAD_LOCATION}:/usr/src/app/upload
- /etc/localtime:/etc/localtime:ro
env_file:
- stack.env
depends_on:
- redis
- database
restart: always
environment:
- PUID=1037
- PGID=100
immich-machine-learning:
container_name: immich_machine_learning
# For hardware acceleration, add one of -[armnn, cuda, openvino] to the image tag.
# Example tag: ${IMMICH_VERSION:-release}-cuda
image: ghcr.io/immich-app/immich-machine-learning:${IMMICH_VERSION:-release}
# extends: # uncomment this section for hardware acceleration - see https://immich.app/docs/features/ml-hardware-acceleration
# file: hwaccel.ml.yml
# service: cpu # set to one of [armnn, cuda, openvino, openvino-wsl] for accelerated inference - use the `-wsl` version for WSL2 where applicable
volumes:
- model-cache:/cache
env_file:
- stack.env
restart: always
environment:
- PUID=1037
- PGID=100
redis:
container_name: immich_redis
image: registry.hub.docker.com/library/redis:6.2-alpine@sha256:84882e87b54734154586e5f8abd4dce69fe7311315e2fc6d67c29614c8de2672
restart: always
environment:
- PUID=1037
- PGID=100
database:
container_name: immich_postgres
image: registry.hub.docker.com/tensorchord/pgvecto-rs:pg14-v0.2.0@sha256:90724186f0a3517cf6914295b5ab410db9ce23190a2d9d0b9dd6463e3fa298f0
environment:
POSTGRES_PASSWORD: ${DB_PASSWORD}
POSTGRES_USER: ${DB_USERNAME}
POSTGRES_DB: ${DB_DATABASE_NAME}
PUID: 1037
PGID: 100
volumes:
#- pgdata:/var/lib/postgresql/data
- ${DB_DATA_LOCATION}:/var/lib/postgresql/data
restart: always
volumes:
# pgdata:
model-cache: Environment variables:UPLOAD_LOCATION=/volume1/Photos/
IMMICH_VERSION=release
DB_PASSWORD=postgres
DB_HOSTNAME=immich_postgres
DB_USERNAME=postgres
DB_DATABASE_NAME=immich
REDIS_HOSTNAME=immich_redis
DB_DATA_LOCATION=/volume1/Photos/postgres/ errors in immich-server and immich:
but the redis container itself seems happy:
so is the postgresql container:
I reverted docker compose, but it does not solve the issue, hence I think the owner/permission changes broke something. I thought that reversing to previous situation and having the container run as root again would be a safe fallback, since root should be able to read/access anything, but it does not seems like it. If anyone has an idea how to properly do this with PUID and GUID, I'm all ears. |
Beta Was this translation helpful? Give feedback.
To run rootless, you need /cache AND /.cache AND /.config mounted in the container, at least when I tested 2-3 months ago. The user running the container needs to be able to write to those folders, and by default only root can. That is the volumes I have mounted in my install. I think /config is old and no longer used.