Docker - chown: changing ownership of '/data/db': Operation not permitted

Question

I am trying to run my application using Docker and here is my yml file content to run the mongo container.

 services:
   mongodb:
    image: mongo:3.4
    #    ports:
    #        - "27017:27017"
    volumes:
      - ./data/mongo:/data/db
    restart: always

And getting this error in contianer: (Saw this error after running docker logs command)

chown: changing ownership of '/data/db': Operation not permitted

The host has ./data/mongo folder and here are the details.

drwxrwxrwx  2 nfsnobody nfsnobody 4096 May 11 23:13 mongo

I tried to run this on the host as suggested in one of the forums.

sudo chgrp 1000 ./data/mongo

Not sure how this would help to solve the issue because the error we get is insdide the container folder not the one from host, anyway i tried..

But got this response :

chgrp: changing group of ‘mongo’: Operation not permitted

How to solve this issue? is there any solution other than "chgrp"? Thank you.

Here is the full docker-compose.yml file

## You can generate a custom docker compose file automatically on http://reportportal.io/download (Step 2)

## This is example of Docker Compose for ReportPortal
## Do not forget to configure data volumes for production usage

## Execute 'docker-compose -p reportportal up -d --force-recreate'
## to start all containers in daemon mode
## Where:
##      '-p reportportal' -- specifies container's prefix (project name)
##      '-d' -- enables daemon mode
##      '--force-recreate' -- forces re-recreating of all containers

version: '2'

services:

  mongodb:
    image: mongo:3.4
    #    ports:
    #        - "27017:27017"
    volumes:
      - ./data/mongo:/data/db
    restart: always

  registry:
    image: consul:1.0.6
    volumes:
      - ./data/consul:/usr/share/consul/data
#    ports:
#      - "8500:8500"
#      - "8300:8300"
#      - "53:8600/udp"
    command: "agent -server -bootstrap-expect=1 -ui -client 0.0.0.0"
    environment:
      - 'CONSUL_LOCAL_CONFIG={"leave_on_terminate": true}'
    restart: always


  uat:
    image: reportportal/service-authorization:4.2.0
    #ports:
    #  - "9999:9999"
    depends_on:
      - mongodb
    environment:
      - RP_PROFILES=docker
      - RP_SESSION_LIVE=86400 #in seconds
    #      - RP_MONGO_URI=mongodb://localhost:27017
    restart: always

  ### Another option for gateway
  ### Can be used instead of traefik
  #  gateway:
  #    image: fabiolb/fabio:1.5.8-go1.10
  #    ports:
  #      - "9998:9998" # GUI/management
  #      - "8080:9999" # HTTP exposed
  #    environment:
  #      - FABIO_REGISTRY_CONSUL_ADDR=registry:8500
  #      - FABIO_REGISTRY_CONSUL_REGISTER_NAME=gateway
  #      - FABIO_PROXY_ADDR=:9999;rt=300s;wt=300s
  #    restart: always



  gateway:
    image: traefik:1.6.6
    ports:
      - "4444:8080" # HTTP exposed
      - "8081:8081" # HTTP Administration exposed
#    expose:
#      - '8080'
    command:
      - --consulcatalog.endpoint=registry:8500
      - --defaultEntryPoints=http
      - --entryPoints=Name:http Address::8080
      - --web
      - --web.address=:8081
    restart: always

  index:
    image: reportportal/service-index:4.2.0
    environment:
      - RP_SERVER_PORT=8080
      - RP_PROXY_CONSUL=true
    depends_on:
      - registry
      - gateway
    restart: always

  api:
    image: reportportal/service-api:4.3.0
    depends_on:
      - mongodb
    environment:
      - RP_PROFILES=docker
      - JAVA_OPTS=-Xmx1g -XX:+HeapDumpOnOutOfMemoryError -XX:HeapDumpPath=/tmp
    #      - RP_MONGO_URI=mongodb://localhost:27017
    restart: always

  ui:
    image: reportportal/service-ui:4.3.0
    environment:
      - RP_SERVER.PORT=8080
      - RP_CONSUL.TAGS=urlprefix-/ui opts strip=/ui
      - RP_CONSUL.ADDRESS=registry:8500
    restart: always

  analyzer:
    image: reportportal/service-analyzer:4.3.0
    depends_on:
      - registry
      - gateway
      - elasticsearch
    restart: always

  elasticsearch:
    image: docker.elastic.co/elasticsearch/elasticsearch-oss:6.1.1
    restart: always
    volumes:
      - ./data/elasticsearch:/usr/share/elasticsearch/data
    environment:
      - bootstrap.memory_lock=true
    ulimits:
      memlock:
        soft: -1
        hard: -1
      nofile:
        soft: 65536
        hard: 65536
  #    ports:
  #        - "9200:9200"

  jira:
    image: reportportal/service-jira:4.0.0
    environment:
      - RP_PROFILES=docker
    #     - RP_MONGO_URI=mongodb://localhost:27017
    restart: always

  rally:
    image: reportportal/service-rally:4.3.0
    environment:
      - RP_PROFILES=docker
    #     - RP_MONGO_URI=mongodb://localhost:27017
    restart: always

Answer 1

An alternative solution: use the bitnami/mongodb image.

I was running into the same problem on MacOS Ventura 13.0 (M2 Chip). Was initially using Colima, then switched to Rancher 1.11.1, and tried the solutions mentioned here, none of them worked for me.

As mentioned here: https://www.mongodb.com/community/forums/t/problems-installing-mongodb-in-a-docker-container/13066/7, now I'm using the bitnami/mongodb image and I can get a MongoDB up and running.

docker-compose.yml

...
services:
  mongodb:
    container_name: my-mongodb
    image: bitnami/mongodb:latest
    volumes:
      - ${MONGODB_DATA_MOUNT_PATH}:/data/db
    restart: unless-stopped
...

Answer 2

For Mac user running Colima.

I had the same problem on Mac and it turns out it was a problem when using the default Colima settings. Changing the vmType to vz and mountType to virtiofs.

To fix this run:

1. Colima delete
2. Colima start --edit and update vmType and mountType

Answer 3

Sharing the volume to a Windows or a Mac host could be limited or hard (see https://github.com/docker-library/mongo/issues/232#issuecomment-355423692). I had similar issues with arm64 Mac and Rancher Desktop, and decided to remove the volume but still had issues starting the mongo container.

If you don't really need the shared volume, and just need to resolve the errors, a docker-desktop solution could be:

services:
    mongodb:
        container_name: mongodb
        restart: always
        image: mongo
        volumes:
          - mongodata:/data/db
        ports:
          - '27017:27017'

volumes:
  mongodata:
    external: true

Answer 4

I tried to answer here for a similar question - https://stackoverflow.com/a/73238863/1294667

In short, we could mount to path /data instead of /data/db. With this, mongo is able to perform chown on /data/db internally.

Answer 5

Mongo startup script changes ownership on files in /data/configdb and /data/db if ran as root. Try running it as nfsnobody (the owner of local ./data/mongo) to skip this step:

services:
  mongodb:
    user: "nfsnobody" # insert either uid or name of the user

Answer 6

It looks like you have user namespace remapping turned on.

Open below file in in your host computer

/etc/sysconfig/docker

And Add/Modify these options like below and if required replace root with your user

OPTIONS='--userns-remap=root:root'