mongodbdockerdocker-compose

Permission error with mongo when running docker

My docker-compose:

version: "2"
services:
 api:
    build: .
    ports:
      - "3007:3007"
    links:
      - mongo
    volumes:
      - .:/opt/app
  mongo:
    image: mongo
    volumes:
      - /data/db:/data/db
    ports:
      - "27017:27017"

I get permissionerror:

mongo_1          | chown: changing ownership of '/data/db/diagnostic.data/metrics.2017-06-27T13-32-30Z-00000': Operation not permitted
mongo_1          | chown: changing ownership of '/data/db/journal/WiredTigerLog.0000000054': Operation not permitted
mongo_1          | chown: changing ownership of '/data/db/journal/WiredTigerPreplog.0000000001': Operation not permitted
mongo_1          | chown: changing ownership of '/data/db/journal/WiredTigerPreplog.0000000002': Operation not permitted
mongo_1          | chown: changing ownership of '/data/db/WiredTiger.turtle': Operation not permitted
mongo_1          | chown: changing ownership of '/data/db/WiredTigerLAS.wt': Operation not permitted

ls-la on data:

ls -la data
total 0
drwxrwxrwx    3 root  wheel   102 Dec  1  2016 .
drwxr-xr-x   35 root  wheel  1258 Jun 25 04:29 ..
drwxrwxrwx@ 118 root  wheel  4012 Jun 27 15:33 db

If I manually change the permission of /data/db, it will be changed back.

What is the problem here? There's no problem if I run mongo locally.

Solution

  • Only the root or members of the sudo group can change the ownership of a file/directory. When you run mongodb in docker and attach a volume from the host, mongo is trying to run as the mongod user. Since this user doesn't exist on your host and root owns the volume mongod/docker is trying to own the OS looks at this as a permissions problem and you will see that error. You have a few options:

    1. Configure mongo to run as root via editing the mongo config and copying it during the docker build process. This assumes you're using a docker file to build that image. Then it will have no problem accessing the attached volume.

    2. Create a mongod user & group on the host and change the ownership of the data directory to that user that the OS sees no difference in ownership/permissions.

    3. Rearchitect your system so mongo can use the default container data store size for its life and completely forgo the volume mount.