Login/Register
Permission error with mongo when running docker
Asked Answered
Solved mongodbdockerdocker-compose
E

4

6

My docker-compose:

version: "2"
services:
 api:
    build: .
    ports:
      - "3007:3007"
    links:
      - mongo
    volumes:
      - .:/opt/app
  mongo:
    image: mongo
    volumes:
      - /data/db:/data/db
    ports:
      - "27017:27017"

I get permissionerror:

mongo_1          | chown: changing ownership of '/data/db/diagnostic.data/metrics.2017-06-27T13-32-30Z-00000': Operation not permitted
mongo_1          | chown: changing ownership of '/data/db/journal/WiredTigerLog.0000000054': Operation not permitted
mongo_1          | chown: changing ownership of '/data/db/journal/WiredTigerPreplog.0000000001': Operation not permitted
mongo_1          | chown: changing ownership of '/data/db/journal/WiredTigerPreplog.0000000002': Operation not permitted
mongo_1          | chown: changing ownership of '/data/db/WiredTiger.turtle': Operation not permitted
mongo_1          | chown: changing ownership of '/data/db/WiredTigerLAS.wt': Operation not permitted

ls-la on data:

ls -la data
total 0
drwxrwxrwx    3 root  wheel   102 Dec  1  2016 .
drwxr-xr-x   35 root  wheel  1258 Jun 25 04:29 ..
drwxrwxrwx@ 118 root  wheel  4012 Jun 27 15:33 db

If I manually change the permission of /data/db, it will be changed back.

What is the problem here? There's no problem if I run mongo locally.

Eringo answered 27/6, 2017 at 13:43 Comment(1)
What are the permissions for the /data/db folder in the host? The should be owned by root as root user created this folder inside the docker container.Isom
S
5

Only the root or members of the sudo group can change the ownership of a file/directory. When you run mongodb in docker and attach a volume from the host, mongo is trying to run as the mongod user. Since this user doesn't exist on your host and root owns the volume mongod/docker is trying to own the OS looks at this as a permissions problem and you will see that error. You have a few options:

  1. Configure mongo to run as root via editing the mongo config and copying it during the docker build process. This assumes you're using a docker file to build that image. Then it will have no problem accessing the attached volume.

  2. Create a mongod user & group on the host and change the ownership of the data directory to that user that the OS sees no difference in ownership/permissions.

  3. Rearchitect your system so mongo can use the default container data store size for its life and completely forgo the volume mount.

Sudden answered 27/6, 2017 at 13:58 Comment(0)
C
7

I had this issue in CentOS and the solution was to turn on SELinux:

setenforce 0

It's not a mongo problem. It's a docker problem actually. when docker wants to map the volume it tries to change the permission and failed do to the user/group/selinux restrictions.

UPDATE:

There's a chown command in entrypoint.sh that tries to change the permission of directories and files in the mapped volume. read more in here.

Ceremony answered 3/3, 2018 at 10:23 Comment(1)
SELinux, the silent culprit behind thousands of hours wasted worldwide. Thanks for mentioning SELinux man :)Haroun
S
5

Only the root or members of the sudo group can change the ownership of a file/directory. When you run mongodb in docker and attach a volume from the host, mongo is trying to run as the mongod user. Since this user doesn't exist on your host and root owns the volume mongod/docker is trying to own the OS looks at this as a permissions problem and you will see that error. You have a few options:

  1. Configure mongo to run as root via editing the mongo config and copying it during the docker build process. This assumes you're using a docker file to build that image. Then it will have no problem accessing the attached volume.

  2. Create a mongod user & group on the host and change the ownership of the data directory to that user that the OS sees no difference in ownership/permissions.

  3. Rearchitect your system so mongo can use the default container data store size for its life and completely forgo the volume mount.

Sudden answered 27/6, 2017 at 13:58 Comment(0)
J
0

instead of mount with the directory, you can change to mount with the volume.

version: "2"
services:
  api:
    build: .
    ports:
      - "3007:3007"
    links:
      - mongo
    volumes:
      - .:/opt/app
    mongo:
      image: mongo
      volumes:
        - mongodata:/data/db
      ports:
        - "27017:27017"
volumes:
  mongodata

This is the issue in mongo: https://github.com/docker-library/mongo/issues/232#issuecomment-355423692

Joashus answered 1/9, 2022 at 6:41 Comment(0)
S
0

I solved this problem by adding a .dockerignore file and ignore the folders that you can't access. And remember to create a new folder to save the volume.

Scary answered 6/10 at 11:35 Comment(0)

© 2022 - 2024 — McMap. All rights reserved.