Docker Compose mounts named volumes as 'root' exclusively
Problem
It's about named volumes (so no "data volume container", no "volumes-from") and docker-compose.yml. The goal here is to use docker-compose to manage two services 'appserver' and 'server-postgresql' in two separate containers and use the "volumes:" docker-compose.yml feature to make data from service 'server-postgresql' persistent. The Dockerfile for 'server-postgresql' looks like this: [code block] Adn the docker-compose.yml looks like this: [code block] Then I start everything with `docker-compose up -d`, I enter my server-postgresql container with `docker-compose exec server-postgresql bash`, a quick `ls` does reveal `/volume_data`, I then `cd` into it and try `touch testFile` and got "permission denied. Which is normal because a quick `ls -l` show that `volume_data` is owned by `root:root`. Now what I think is happening is that since I have `USER postgres` in the Dockerfile, when I run `docker-compose exec` I am logged in as user 'postgres' (and the postgresql daemon runs as user 'postgres' as well, so it won't be able to write to `/volume_data`). This is confirmed because when I run this instead: `docker-compose exec --user root server-postgresql bash` and retry to `cd /volume_data` and `touch testFile`, it does work (it's not a permission error between the host and the container, as it is somtimes the case when the container mounts a host folder, this is a typical unix permission error because `/volume_data` is mounted as 'root:root' while user 'postgres' is tryin
Error Output
error between the host and the container, as it is somtimes the case when the container mounts a host folder, this is a typical unix permission error because `/volume_data` is mounted as 'root:root' while u
Unverified for your environment
Select your OS to check compatibility.
1 Fix
Adjust Permissions for PostgreSQL Volume in Docker Compose
The named volume '/volume_data' is created with root ownership because the Dockerfile for 'server-postgresql' does not change the ownership of the volume directory after it is created. When the container runs as user 'postgres', it cannot write to the volume due to permission issues, as the volume is owned by 'root:root'.
Awaiting Verification
Be the first to verify this fix
- 1
Modify Dockerfile to Change Ownership
Add a command in the Dockerfile to change the ownership of the '/volume_data' directory to the 'postgres' user after it is created.
dockerfileRUN chown -R postgres:postgres /volume_data - 2
Rebuild Docker Image
After modifying the Dockerfile, rebuild the Docker image for 'server-postgresql' to apply the changes.
bashdocker-compose build server-postgresql - 3
Restart Docker Compose Services
Restart the Docker Compose services to ensure the changes take effect and the container uses the updated image.
bashdocker-compose up -d - 4
Verify Permissions in Container
Enter the 'server-postgresql' container and check the ownership of the '/volume_data' directory to ensure it is now owned by 'postgres'.
bashdocker-compose exec server-postgresql bash -c 'ls -l / | grep volume_data' - 5
Test File Creation
While inside the 'server-postgresql' container as the 'postgres' user, attempt to create a file in the '/volume_data' directory to confirm that the permission issue is resolved.
bashtouch /volume_data/testFile
Validation
Confirm that the ownership of '/volume_data' is 'postgres:postgres' and that you can create files within this directory without permission errors.
Sign in to verify this fix
Environment
Submitted by
Alex Chen
2450 rep