Permission errors with docker bind mounts

[adamu]

I am trying to run the official Docker image.

I am not using docker compose (I'm using the Synology Container Manager).

When I try to run the image, I receive errors because the app running as 1000:1000 does not have permission to write to the mounted /var/lib/radicale directory, which is not owned by 1000:1000.

Radicale/Dockerfile

Lines 20 to 24 in ab71a12

	RUN addgroup -g 1000 radicale \
	&& adduser radicale --home /var/lib/radicale --system --uid 1000 --disabled-password -G radicale \
	&& apk add --no-cache ca-certificates openssl curl git
	COPY --chown=radicale:radicale --from=builder /app/venv /app

I have worked around this by building my own version of the image with the UID and GID set to the same as the host filesystem.

ARG UID
ARG GID
RUN addgroup -g $GID radicale \
    && adduser radicale --home /var/lib/radicale --system --uid $UID --disabled-password -G radicale \
    && apk add --no-cache ca-certificates openssl curl git

If I do not mount a directory to /var/lib/radicale, the container starts. But then I believe the data will be lost when the container is stopped or replaced with a later version. The synology does not provide an option to change the UID/GID of the mounted directory.

Perhaps the official image could be modified to allow for the user to be specified at runtime?

[pbiering]

@kalsi-avneet - can you please investigate and/or provide instructions by extending Wiki?

https://github.com/Kozea/Radicale/wiki/Installing-on-Docker

[kalsi-avneet]

@kalsi-avneet - can you please investigate and/or provide instructions by extending Wiki?

https://github.com/Kozea/Radicale/wiki/Installing-on-Docker

Sure. I will work on it this weekend.

[turtleinarock]

I am also having permissions issues on Unraid with the data directory. Adding environment variables to the docker template for PUID and PGID do not help. I am guessing it is because the image/dockerfile don't know what to do with them.

[kalsi-avneet]

HI @adamu , @turtleinarock ,

I understand that you are having trouble mounting a host directory.

I believe this can be solved by using the --user flag if you are running via docker run, and it's equivalent user if you are using docker compose.

examples:

I have created config and data directories and chowned them with 1234:1234.

With docker run

$ docker run \
  --name radicale \
  -u 1234:1234 \
  -p 5232:5232 \
  -v "$(pwd)/config:/etc/radicale" \
  -v "$(pwd)/data:/var/lib/radicale" \
  kozea/radicale:stable
[2026-06-06 09:50:44 +0000] [1] [INFO] Logging level set to: 'INFO'
[2026-06-06 09:50:44 +0000] [1] [INFO] Logging of backtrace is disabled in this loglevel
[2026-06-06 09:50:44 +0000] [1] [INFO] Logging level set to: 'INFO'
[2026-06-06 09:50:44 +0000] [1] [INFO] Loaded default config
[2026-06-06 09:50:44 +0000] [1] [INFO] Loaded config file '/etc/radicale/config'

(snip)

[2026-06-06 09:50:44 +0000] [1] [INFO] validate path value: 'minimal'
[2026-06-06 09:50:44 +0000] [1] [INFO] profiling: 'none'
[2026-06-06 09:50:44 +0000] [1] [INFO] Listening on '0.0.0.0:5232'
[2026-06-06 09:50:44 +0000] [1] [INFO] Listening on '[::]:5232'
[2026-06-06 09:50:44 +0000] [1] [INFO] Maximum parallel connections: 8
[2026-06-06 09:50:44 +0000] [1] [INFO] Radicale server ready

Using docker compose

contents of compose file

services:
    radicale:
        image: kozea/radicale:3.7.4
        user: "1234:1234"
        ports:
        - "5232:5232"
        volumes:
        - "./config:/etc/radicale"
        - "./data:/var/lib/radicale"

log

$ docker compose up
[+] up 1/1
 ✔ Container workdir-radicale-1 Recreated                                                                                                                                                  0.1s
Attaching to radicale-1
radicale-1  | [2026-06-06 09:54:59 +0000] [1] [INFO] Logging level set to: 'INFO'
radicale-1  | [2026-06-06 09:54:59 +0000] [1] [INFO] Logging of backtrace is disabled in this loglevel
radicale-1  | [2026-06-06 09:54:59 +0000] [1] [INFO] Logging level set to: 'INFO'
radicale-1  | [2026-06-06 09:54:59 +0000] [1] [INFO] Loaded default config

(snip)

radicale-1  | [2026-06-06 09:55:00 +0000] [1] [INFO] Listening on '0.0.0.0:5232'
radicale-1  | [2026-06-06 09:55:00 +0000] [1] [INFO] Listening on '[::]:5232'
radicale-1  | [2026-06-06 09:55:00 +0000] [1] [INFO] Maximum parallel connections: 8
radicale-1  | [2026-06-06 09:55:00 +0000] [1] [INFO] Radicale server ready

@adamu ,

I apologize for the delay in getting back to this issue.

I am not much familiar with Synology Container Manager, but if you share some more information about your setup, I will be happy to help.

@turtleinarock

I am also having permissions issues on Unraid with the data directory. Adding environment variables to the docker template for PUID and PGID do not help. I am guessing it is because the image/dockerfile don't know what to do with them.

PUID and PGID are not recognized by the container. Please try with --user if you are using docker run, or user if you are using docker compose. If you could share some more details, I will gladly help.

---

Could both you you please confirm if this works for each of your cases? If it does, I will update the wiki.

[turtleinarock]

Yes, that worked! All that was needed aside from the Unraid default template was:

Extra parameters: --user 99:100

Container & server started up no problem! Thanks @kalsi-avneet (:

[adamu]

Unfortunately no luck for me, as Synology Container Manager does not seem to support supplying the user.

However, this is a Synology limitation rather than an issue with the Dockerfile, so I guess I'll stick with my workaround.

I haven't got around to it yet, but I also suspect the default behaviour of running as root will also work. I'll post here again once I've had time to try that.

[kalsi-avneet]

Yes, that worked! All that was needed aside from the Unraid default template was:

Extra parameters: --user 99:100

Container & server started up no problem! Thanks @kalsi-avneet (:

Glad to know it worked. I will update the documentation with this information.

I haven't got around to it yet, but I also suspect the default behaviour of running as root will also work. I'll post here again once I've had time to try that.

Sure. Please share once you get a chance to try with root.