docker-compose: directory permission errors on bind mount

Question

Trying to spin up a docker-compose stack with a prometheus image (although the actual service is rather irrelevant.

I have created the following dir to persist prometheus data.

$ ls -ald /prometheus_data/
drwxrwxr-x 3 root root 4096 Jan 17 07:24 /prometheus_data/

and set up the service in docker-compose as follows:

prometheus:
    image: prom/prometheus
    volumes:
        - ./prometheus/:/etc/prometheus/
        - /prometheus_data:/prometheus_data:rw
    command:
        - '--config.file=/etc/prometheus/prometheus.yml'
        - '--storage.tsdb.path=/prometheus_data'
        - '--storage.tsdb.retention=4d'
        - '--web.console.libraries=/usr/share/prometheus/console_libraries'
        - '--web.console.templates=/usr/share/prometheus/consoles'
    ports:
        - 9090:9090
    depends_on:
        - cadvisor
    restart: always

However the service fails:

prometheus_1     | level=error ts=2019-01-17T09:35:09.200050622Z caller=main.go:579 err="Opening storage failed open DB in /prometheus_data: open /prometheus_data/146791472: permission denied"
prometheus_1     | level=info ts=2019-01-17T09:35:09.20007784Z caller=main.go:581 msg="See you next time!"

Isn't the service initiated by the root user?

Why its gets the above permission errors?

Answer 1

According to the Dockerfile of prometheus the USER is set to nobody.

So it makes sense that the above dir is not accessible by the service.

So the problem was solved by performing a

chgrp -R nogroup /prometheus_data