Permission error with mongo when running docker

Question

My docker-compose:

version: "2"
services:
 api:
    build: .
    ports:
      - "3007:3007"
    links:
      - mongo
    volumes:
      - .:/opt/app
  mongo:
    image: mongo
    volumes:
      - /data/db:/data/db
    ports:
      - "27017:27017"

I get permissionerror:

mongo_1          | chown: changing ownership of '/data/db/diagnostic.data/metrics.2017-06-27T13-32-30Z-00000': Operation not permitted
mongo_1          | chown: changing ownership of '/data/db/journal/WiredTigerLog.0000000054': Operation not permitted
mongo_1          | chown: changing ownership of '/data/db/journal/WiredTigerPreplog.0000000001': Operation not permitted
mongo_1          | chown: changing ownership of '/data/db/journal/WiredTigerPreplog.0000000002': Operation not permitted
mongo_1          | chown: changing ownership of '/data/db/WiredTiger.turtle': Operation not permitted
mongo_1          | chown: changing ownership of '/data/db/WiredTigerLAS.wt': Operation not permitted

ls-la on data:

ls -la data
total 0
drwxrwxrwx    3 root  wheel   102 Dec  1  2016 .
drwxr-xr-x   35 root  wheel  1258 Jun 25 04:29 ..
drwxrwxrwx@ 118 root  wheel  4012 Jun 27 15:33 db

If I manually change the permission of /data/db , it will be changed back.

What is the problem here? There's no problem if I run mongo locally.

Answer 1

Only the root or members of the sudo group can change the ownership of a file/directory. When you run mongodb in docker and attach a volume from the host, mongo is trying to run as the mongod user. Since this user doesn't exist on your host and root owns the volume mongod/docker is trying to own the OS looks at this as a permissions problem and you will see that error. You have a few options:

1. Configure mongo to run as root via editing the mongo config and copying it during the docker build process. This assumes you're using a docker file to build that image. Then it will have no problem accessing the attached volume.

2. Create a mongod user & group on the host and change the ownership of the data directory to that user that the OS sees no difference in ownership/permissions.

3. Rearchitect your system so mongo can use the default container data store size for its life and completely forgo the volume mount.

Answer 2

I had this issue in CentOS and the solution was to turn on SELinux:

setenforce 0

It's not a mongo problem. It's a docker problem actually. when docker wants to map the volume it tries to change the permission and failed do to the user/group/selinux restrictions.

UPDATE:

There's a chown command in entrypoint.sh that tries to change the permission of directories and files in the mapped volume. read more in here .

Answer 3

instead of mount with the directory, you can change to mount with the volume.

 version: "2" services: api: build: . ports: - "3007:3007" links: - mongo volumes: -.:/opt/app mongo: image: mongo volumes: - mongodata:/data/db ports: - "27017:27017" volumes: mongodata

This is the issue in mongo: https://github.com/docker-library/mongo/issues/232#issuecomment-355423692