Login/Register
Docker - chown: changing ownership of '/data/db': Operation not permitted
Asked Answered
Solved mongodbdockerdocker-volume
A

6

14

I am trying to run my application using Docker and here is my yml file content to run the mongo container.

 services:
   mongodb:
    image: mongo:3.4
    #    ports:
    #        - "27017:27017"
    volumes:
      - ./data/mongo:/data/db
    restart: always

And getting this error in contianer: (Saw this error after running docker logs command)

chown: changing ownership of '/data/db': Operation not permitted

The host has ./data/mongo folder and here are the details.

drwxrwxrwx  2 nfsnobody nfsnobody 4096 May 11 23:13 mongo

I tried to run this on the host as suggested in one of the forums.

sudo chgrp 1000 ./data/mongo

Not sure how this would help to solve the issue because the error we get is insdide the container folder not the one from host, anyway i tried..

But got this response :

chgrp: changing group of ‘mongo’: Operation not permitted

How to solve this issue? is there any solution other than "chgrp"? Thank you.

Here is the full docker-compose.yml file

## You can generate a custom docker compose file automatically on http://reportportal.io/download (Step 2)

## This is example of Docker Compose for ReportPortal
## Do not forget to configure data volumes for production usage

## Execute 'docker-compose -p reportportal up -d --force-recreate'
## to start all containers in daemon mode
## Where:
##      '-p reportportal' -- specifies container's prefix (project name)
##      '-d' -- enables daemon mode
##      '--force-recreate' -- forces re-recreating of all containers

version: '2'

services:

  mongodb:
    image: mongo:3.4
    #    ports:
    #        - "27017:27017"
    volumes:
      - ./data/mongo:/data/db
    restart: always

  registry:
    image: consul:1.0.6
    volumes:
      - ./data/consul:/usr/share/consul/data
#    ports:
#      - "8500:8500"
#      - "8300:8300"
#      - "53:8600/udp"
    command: "agent -server -bootstrap-expect=1 -ui -client 0.0.0.0"
    environment:
      - 'CONSUL_LOCAL_CONFIG={"leave_on_terminate": true}'
    restart: always


  uat:
    image: reportportal/service-authorization:4.2.0
    #ports:
    #  - "9999:9999"
    depends_on:
      - mongodb
    environment:
      - RP_PROFILES=docker
      - RP_SESSION_LIVE=86400 #in seconds
    #      - RP_MONGO_URI=mongodb://localhost:27017
    restart: always

  ### Another option for gateway
  ### Can be used instead of traefik
  #  gateway:
  #    image: fabiolb/fabio:1.5.8-go1.10
  #    ports:
  #      - "9998:9998" # GUI/management
  #      - "8080:9999" # HTTP exposed
  #    environment:
  #      - FABIO_REGISTRY_CONSUL_ADDR=registry:8500
  #      - FABIO_REGISTRY_CONSUL_REGISTER_NAME=gateway
  #      - FABIO_PROXY_ADDR=:9999;rt=300s;wt=300s
  #    restart: always



  gateway:
    image: traefik:1.6.6
    ports:
      - "4444:8080" # HTTP exposed
      - "8081:8081" # HTTP Administration exposed
#    expose:
#      - '8080'
    command:
      - --consulcatalog.endpoint=registry:8500
      - --defaultEntryPoints=http
      - --entryPoints=Name:http Address::8080
      - --web
      - --web.address=:8081
    restart: always

  index:
    image: reportportal/service-index:4.2.0
    environment:
      - RP_SERVER_PORT=8080
      - RP_PROXY_CONSUL=true
    depends_on:
      - registry
      - gateway
    restart: always

  api:
    image: reportportal/service-api:4.3.0
    depends_on:
      - mongodb
    environment:
      - RP_PROFILES=docker
      - JAVA_OPTS=-Xmx1g -XX:+HeapDumpOnOutOfMemoryError -XX:HeapDumpPath=/tmp
    #      - RP_MONGO_URI=mongodb://localhost:27017
    restart: always

  ui:
    image: reportportal/service-ui:4.3.0
    environment:
      - RP_SERVER.PORT=8080
      - RP_CONSUL.TAGS=urlprefix-/ui opts strip=/ui
      - RP_CONSUL.ADDRESS=registry:8500
    restart: always

  analyzer:
    image: reportportal/service-analyzer:4.3.0
    depends_on:
      - registry
      - gateway
      - elasticsearch
    restart: always

  elasticsearch:
    image: docker.elastic.co/elasticsearch/elasticsearch-oss:6.1.1
    restart: always
    volumes:
      - ./data/elasticsearch:/usr/share/elasticsearch/data
    environment:
      - bootstrap.memory_lock=true
    ulimits:
      memlock:
        soft: -1
        hard: -1
      nofile:
        soft: 65536
        hard: 65536
  #    ports:
  #        - "9200:9200"

  jira:
    image: reportportal/service-jira:4.0.0
    environment:
      - RP_PROFILES=docker
    #     - RP_MONGO_URI=mongodb://localhost:27017
    restart: always

  rally:
    image: reportportal/service-rally:4.3.0
    environment:
      - RP_PROFILES=docker
    #     - RP_MONGO_URI=mongodb://localhost:27017
    restart: always
Aam answered 12/5, 2021 at 7:12 Comment(2)
You can give full permission to all users for the directory (if that is safe for your environment) using '''chmod -R a+rwX directory/'''. If it still does not work it would be helpful to share your app structure and whole docker-compose and Dockerfile contentsIntern
@Intern , i tried this but have the same issue. Full content of the yml file has been added in the question. thank you..Aam
S
10

Mongo startup script changes ownership on files in /data/configdb and /data/db if ran as root. Try running it as nfsnobody (the owner of local ./data/mongo) to skip this step:

services:
  mongodb:
    user: "nfsnobody" # insert either uid or name of the user
Squeaky answered 12/5, 2021 at 8:6 Comment(4)
This helped me solve a similar issue, though I needed to use the username in string form instead of the user IDSiskin
@Siskin both ways are applicable but there is a little difference. If you use name, there must be a user with that name inside the container. With an ID this isn't mandatory.Squeaky
Similar to @Siskin I fixed a related problem with a bitcoin docker image, I listed all users and found bitcoin user in /etc/passwd and added it into docker-compose.yml.Aquilar
I got error of: Error response from daemon: unable to find user nfsnobody: no matching entries in passwd fileWarden
O
15

For Mac user running Colima.

I had the same problem on Mac and it turns out it was a problem when using the default Colima settings. Changing the vmType to vz and mountType to virtiofs.

To fix this run:

  1. Colima delete
  2. Colima start --edit and update vmType and mountType
Outofdate answered 3/12, 2023 at 21:11 Comment(0)
S
10

Mongo startup script changes ownership on files in /data/configdb and /data/db if ran as root. Try running it as nfsnobody (the owner of local ./data/mongo) to skip this step:

services:
  mongodb:
    user: "nfsnobody" # insert either uid or name of the user
Squeaky answered 12/5, 2021 at 8:6 Comment(4)
This helped me solve a similar issue, though I needed to use the username in string form instead of the user IDSiskin
@Siskin both ways are applicable but there is a little difference. If you use name, there must be a user with that name inside the container. With an ID this isn't mandatory.Squeaky
Similar to @Siskin I fixed a related problem with a bitcoin docker image, I listed all users and found bitcoin user in /etc/passwd and added it into docker-compose.yml.Aquilar
I got error of: Error response from daemon: unable to find user nfsnobody: no matching entries in passwd fileWarden
W
6

I tried to answer here for a similar question - https://mcmap.net/q/828028/-chown-changing-ownership-of-39-data-db-39-operation-not-permitted

In short, we could mount to path /data instead of /data/db. With this, mongo is able to perform chown on /data/db internally.

Won answered 4/8, 2022 at 15:57 Comment(0)
K
1

An alternative solution: use the bitnami/mongodb image.

I was running into the same problem on MacOS Ventura 13.0 (M2 Chip). Was initially using Colima, then switched to Rancher 1.11.1, and tried the solutions mentioned here, none of them worked for me.

As mentioned here: https://www.mongodb.com/community/forums/t/problems-installing-mongodb-in-a-docker-container/13066/7, now I'm using the bitnami/mongodb image and I can get a MongoDB up and running.

docker-compose.yml

...
services:
  mongodb:
    container_name: my-mongodb
    image: bitnami/mongodb:latest
    volumes:
      - ${MONGODB_DATA_MOUNT_PATH}:/data/db
    restart: unless-stopped
...
Kathline answered 16/4 at 9:40 Comment(0)
C
0

It looks like you have user namespace remapping turned on.

Open below file in in your host computer

/etc/sysconfig/docker

And Add/Modify these options like below and if required replace root with your user

OPTIONS='--userns-remap=root:root'
Cockiness answered 24/9, 2021 at 10:21 Comment(0)
P
0

Sharing the volume to a Windows or a Mac host could be limited or hard (see https://github.com/docker-library/mongo/issues/232#issuecomment-355423692). I had similar issues with arm64 Mac and Rancher Desktop, and decided to remove the volume but still had issues starting the mongo container.

If you don't really need the shared volume, and just need to resolve the errors, a docker-desktop solution could be:

services:
    mongodb:
        container_name: mongodb
        restart: always
        image: mongo
        volumes:
          - mongodata:/data/db
        ports:
          - '27017:27017'

volumes:
  mongodata:
    external: true
Paradies answered 22/10, 2022 at 13:3 Comment(0)

© 2022 - 2024 — McMap. All rights reserved.