Docker-compose mounted file system operation not permitted for volume

Question

I am experiencing a problem with docker-compose, its mounting a volume in a folder on a mounted hard drive. I have seen lots of solutions out there and honestly tried them all.

I changed the permissions to the user that I am using, to root, to docker, within their respective groups. Nothing

Writing operations work fine, I can write a file through python I am not restricted, but when I run docker compose to make an sql db it gives me this:

ERROR: for mysql_db Cannot start service mysql_db: error while creating mount source path '/db-path-mount': chown /db-path-mount/db-volume-folder/db-one: operation not permitted

ERROR: for mysql_db Cannot start service mysql_db: error while creating mount source path '/db-path-mount': chown /db-path-mount/db-volume-folder/db-one: operation not permitted ERROR: Encountered errors while bringing up the project.

Out there seems that the troubleshooting is scarce, I tried docker-compose up -d and sudo docker-compose up -d, nothing really changes.

drwxr-xr-x 3 myUser docker 4028276 Jul 26 04:47 db-volume-folder/

and my mount point (etc/fstab):

UUID=MY_UUID /home/user/my_mount_point    auto uid=1001,gid=122,umask=022,defaults 0 1
(gid=122 is docker)
(uid=1001 is user)

I am using ubuntu 20 server

docker-compose.yml:

version: "3.7"
services:
  my_sql_db:
    container_name: my_sql_db
    user: root
    image: mysql/mysql-server:latest
    ports:
      - "1533:3306"
    env_file:
      - secrets/sqlserver.env
      - secrets/sqlpassword.env
    volumes:
      - ./db-path-mount/db-volume-folder/db-one:/var/lib/mysql

Answer 1

There are a couple of things in your setup that I would do differently, and I'll try to outline this in my answer. I can't guarantee it will work, but it's how I have my containers set up, so hopefully it can help.

First, I wouldn't mount my data disk with uid and gid attributes. I would mount with default attributes, like this:

UUID=MY_UUID /home/user/my_mount_point    auto umask=022,defaults 0 1

(From this point on, I will use /home/user/my_mount_point as a reference from where your disk is mounted.)

Secondly, I don't understand your volume reference in the docker-compose.yml. I would have it like this:

    volumes:
      - /home/user/my_mount_point/db-volume-folder/db-one:/var/lib/mysql

Note that I would always use an absolute path in the docker-compose.yml.

Also, the ownership should match those of the container running, so the folder db-one should be owned by root.

myUser@ubuntu:~/my_mount_point/db-volume-folder$
drwxr-xr-x 3 root root 4028276 Jul 26 04:47 db-one

Note that the folder name db-one should match the last folder on the left side in the volume mount path - this is the folder where the permissions matter.

Finally, as you have noted, docker-compose also supports that you specify which user the container should run as. So I believe you could change the user, and then change the ownership accordingly.

So if you change the user like this:

version: "3.7"
services:
  my_sql_db:
    container_name: my_sql_db
    user: myUser

And then the folder permissions to match:

myUser@ubuntu:~/my_mount_point/db-volume-folder$
drwxr-xr-x 3 myUser myUser 4028276 Jul 26 04:47 db-one

I hope some of these instructions will work for you - please let us know if it does.

EDIT:

I just tested the MySql container with the following docker-compose.yml:

version: "3.7"
services:
my_sql_db:
    container_name: my_sql_db
    user: root
    image: mysql/mysql-server:latest
    ports:
      - "1533:3306"
    environment:
      MYSQL_ROOT_PASSWORD: topsecret
      MYSQL_USER: mysqluser
      MYSQL_PASSWORD: mysqlpassword
    volumes:
      - /mnt/zfs/docker-data/mysql-test/db-one:/var/lib/mysql
    restart: always

This is the contents of the folder /mnt/zfs/docker-data/mysql-test:

/mnt/zfs/docker-data/mysql-test$ ls -la
total 7
drwxr-xr-x  3 root root   4 Aug  1 22:02 .
drwxr-xr-x 22 root root  22 Aug  1 21:47 ..
drwxr-xr-x  6   27 sudo  30 Aug  1 21:59 db-one
-rw-r--r--  1 root root 374 Aug  1 21:58 docker-compose.yml

In this way, the container comes up successfully. It appears the container itself changes ownership to 27:sudo (I guess these are default values).

If I change the user in docker-compose.yml to myuser:myuser and also change permissions on the folder db-one to myuser:myuser, I get this error when trying to start the container:

ERROR: for my_sql_db  Cannot start service my_sql_db: unable to find user myuser: no matching entries in passwd file

So it seems the problem is between matching users, and not filesystem ownership. And if you get another error, its probably something else than filesystem ownership - see my link in comments.