Wrong ownership on bind mount

[BigBoulard]

Hi guys,

Just trying to run a postgres 14.5 container using compose on docker-desktop (Engine 20.10.20 and Compose: v2.12.1) on macOS Monterey.

Everything works well using a volume, but here I need to use a bind mount for some reason and I get a wrong ownership error on startup.

** postgres container logs**

docker-postgres-bug-postgres-1 | PostgreSQL Database directory appears to contain a database; Skipping initialization
docker-postgres-bug-postgres-1 | 
docker-postgres-bug-postgres-1 | 2022-11-08 09:14:32.867 UTC [1] FATAL:  data directory "/var/lib/postgresql/data" has wrong ownership
docker-postgres-bug-postgres-1 | 2022-11-08 09:14:32.867 UTC [1] HINT:  The server must be started by the user that owns the data directory.

docker-compose.yml

version: '3'

services:

  postgres:
    image: 'postgres:15.0'
    ports:
      - "5432:5432"
    restart: always
    deploy:
      mode: replicated
      replicas: 1
    environment:
      POSTGRES_USER: postgres
      POSTGRES_PASSWORD: password
      POSTGRES_DB: users
    volumes:
      - ./db-data/postgres/:/var/lib/postgresql/data/

❯ ll
Permissions Size User          Date Modified Name
drwxr-xr-x     - bigboulard  8 Nov 10:08   db-data/

❯ ll db-data
Permissions Size User          Date Modified Name
drwx------     - bigboulard  8 Nov 10:09   postgres/

Thank you for your help.

[wglambert]

Do a chown -R 999 ./db-data/

[BigBoulard]

Hi @wglambert, thanks for your quick response. I've sudo chown -R 999 ./db-data/ but:

docker compose up
[+] Running 1/0
 ⠿ Container docker-postgres-bug-postgres-1  Created                                                                                                                                     0.0s
Attaching to docker-postgres-bug-postgres-1
Error response from daemon: error while creating mount source path '/host_mnt/Users/bigboulard/.../docker-postgres-bug/db-data/postgres': mkdir /host_mnt/Users/bigboulard/.../docker-postgres-bug/db-data/postgres: permission denied

... so I just sudo chmod -R 777 db-data and got this one:

❯ docker compose up
[+] Running 2/2
 ⠿ Network docker-postgres-bug_default       Created                                                                                                                                     0.1s
 ⠿ Container docker-postgres-bug-postgres-1  Created                                                                                                                                     0.2s
Attaching to docker-postgres-bug-postgres-1
docker-postgres-bug-postgres-1  | chmod: changing permissions of '/var/lib/postgresql/data': Operation not permitted
docker-postgres-bug-postgres-1  | chmod: changing permissions of '/var/lib/postgresql/data': Operation not permitted
docker-postgres-bug-postgres-1  | 
docker-postgres-bug-postgres-1  | PostgreSQL Database directory appears to contain a database; Skipping initialization
docker-postgres-bug-postgres-1  | 
docker-postgres-bug-postgres-1  | 2022-11-09 15:20:34.043 UTC [1] FATAL:  data directory "/var/lib/postgresql/data" has wrong ownership
docker-postgres-bug-postgres-1  | 2022-11-09 15:20:34.043 UTC [1] HINT:  The server must be started by the user that owns the data directory.
docker-postgres-bug-postgres-1 exited with code 1

[wglambert]

Looks like a few people are running into this https://github.com/docker/for-mac/issues/6270#issuecomment-1138663903 One user said just letting it run will eventually succeed

[robcast]

Bind-mounts on Docker-for-Mac do funny things with permissions. Currently the ownership of the bind-mounted directory changes to the user the container is run with (--user) and it can not be changed...

docker run -it --rm --volume /tmp/pgdata:/var/lib/postgresql/data -e "POSTGRES_PASSWORD=password" postgres:11-alpine bash

bash-5.1# ls -la /var/lib/postgresql/
total 8
drwxr-xr-x    1 postgres postgres      4096 Nov 12 05:43 .
drwxr-xr-x    1 root     root          4096 Nov 12 05:43 ..
drwx------   25 root     root           800 Nov 19 16:46 data

vs.

docker run -it --rm --volume /tmp/pgdata:/var/lib/postgresql/data --user postgres -e "POSTGRES_PASSWORD=password" postgres:11-alpine bash

bash-5.1$ ls -la /var/lib/postgresql/
total 8
drwxr-xr-x    1 postgres postgres      4096 Nov 12 05:43 .
drwxr-xr-x    1 root     root          4096 Nov 12 05:43 ..
drwx------   25 postgres postgres       800 Nov 19 16:46 data

But I still get errors starting Postgres with an empty directory: https://github.com/docker/for-mac/issues/6270#issuecomment-1320923224

[MauriceArikoglu]

I have the same issue on v4.21.1 / VirtioFS. Switching back to gRPC FUSE fixed it for me. Not a solution, but maybe a workaround for some until it is fixed. Apple Silicon, 13.2

[MikeVL]

docker run \
    -v ./db-data/postgres/:/var/lib/postgresql/data/ \
    --entrypoint /bin/chown \
    postgres:15.0 -Rc postgres:postgres /var/lib/postgresql/data

[vertebarbe]

I have the same issue, but only when the volume is on a NTFS partition. If someone finds a way to disable this requirement for Postgres without modifying the source, it would be great. Otherwise it seems it is simply impossible to use with this configuration, as disabling this ownership check is not possible.

[tianon]

As of https://github.com/docker-library/postgres/pull/1018 (about a year ago now), the NSS Wrapper behavior is available on all variants, so you should be able to simply set --user/user: to be the UID/GID of the directory on your host and it should Just Work.

[stouch]

This post helped me : https://github.com/timescale/timescaledb-docker-ha/issues/359#issuecomment-1528156067 (the user:root part)