CODEWITHSUNDEEP
dockerubuntudocker-composemariadbpermission-denied
kaulex
kaulex

Reputation: 3197

Docker volume mariadb has root permission

I stumbled across a problem with docker volumes while starting docker containers with a docker compose file (MariaDB, RabbitMQ, Maven). I start them simply with docker-compose up -d (WITHOUT SUDO)

My volumes are definied like this:

...
volumes:
  - ./production/mysql:/var/lib/mysql:z
...

Everything is working fine and the ./production directory is created (where the volumes are mapped)

But when I again try to restart the docker containers with down/up, I get following error:

error checking context: 'no permission to read from '…/production/mysql/aria_log.00000001'

When I check the mentioned file I saw that it needs root:root permission. This is because the file is generated with the root user inside the container. So I tried to use namespace as mentioned in the docs.

Anyway the error still occurs. Any ideas or references?

Thanks.

Docker Compose File:

version: '3.8'

services:
  mysql:
    image: mariadb:latest
    restart: always
    env_file:
      - config.env
    volumes:
      - ./production/mysql:/var/lib/mysql:z
    environment:
      MYSQL_DATABASE: ${DATABASE_NAME}
      MYSQL_USER: ${DATABASE_USER}
      MYSQL_PASSWORD: ${DATABASE_PASSWORD}
      MYSQL_ROOT_PASSWORD: ${DATABASE_PASSWORD}
    networks:
      - testnetwork

networks:
  testnetwork:

Upvotes: 5

Views: 5312

Answers (2)

theUndying
theUndying

Reputation: 1744

The issue comes from the mapping between the host user/group IDs and the ones inside the container. One of the solutions is to use a named volume and avoid all this hassle, but you can also do the following:

Add user: ${UID}:${GID} to your service inside the docker-compose file.
Run UID=${id -u} GID=${id -g} docker-compose up. This way you make sure that the user in the container will have the same UID/GID as the user on the host and files created in the container will have proper permissions.

NOTE: Docker for Mac (using the osxfs driver) does this behind the scenes and you don't need to worry about users and groups.

Upvotes: 4

rezshar
rezshar

Reputation: 640

Run the Docker daemon as a non-root user this can be helpfull for your purpose.

all document are here.

Upvotes: 1

Related Questions