WARNING: could not open statistics file "pg_stat_tmp/global.stat": Operation not permitted

[pedz]

There are at least three instances of this problem coming up:

• forums.docker.com
• Stack Exchange 1
• Stack Exchange 2

What I found can be seen here

In brief, somehow files inside the container are being owned by root. While attached to the db container, I see this:

root@ec24992481d1:~# find /var/lib/postgresql -user 0 -exec ls -ld {} +
-rw------- 1 root root    8 Sep  9 00:34 /var/lib/postgresql/data/pg_logical/replorigin_checkpoint
-rw------- 1 root root 2225 Sep  9 01:17 /var/lib/postgresql/data/pg_stat_tmp/db_0.stat
-rw------- 1 root root 6665 Sep  9 01:17 /var/lib/postgresql/data/pg_stat_tmp/db_13757.stat
-rw------- 1 root root 7035 Sep  9 01:17 /var/lib/postgresql/data/pg_stat_tmp/db_16384.stat
-rw------- 1 root root   94 Sep  9 00:29 /var/lib/postgresql/data/postmaster.pid

I have done chown -R postgres:postgres /var/lib/postgresql but later the Warnings start up again and when I attach to the db container, I see that more files are owned by root.

I'm assuming that this is not suppose to happen and also assuming that this is part of the problem. I tried adding ps to the container but I still can't see the processes started by docker compose.

[pedz]

I found how to list all the processes. That looks normal:

% docker top 1b6f6f0741c9
UID                 PID                 PPID                C                   STIME               TTY                 TIME                CMD
999                 64394               64369               0                   00:29               ?                   00:00:00            postgres
999                 64566               64394               0                   00:29               ?                   00:00:00            postgres: checkpointer
999                 64567               64394               0                   00:29               ?                   00:00:00            postgres: background writer
999                 64568               64394               0                   00:29               ?                   00:00:00            postgres: walwriter
999                 64569               64394               0                   00:29               ?                   00:00:00            postgres: autovacuum launcher
999                 64570               64394               0                   00:29               ?                   00:00:00            postgres: stats collector
999                 64571               64394               0                   00:29               ?                   00:00:00            postgres: logical replication launcher

So, it now appears to be a Docker issue... ???

[innovate-invent]

I am having similar issues, lots of permission errors or file not found. If you don't mount the data folder it works normally. There is something wrong with docker. What version of docker are you running?

[pedz]

Docker version 20.10.17, build 100c701

[innovate-invent]

Almost the same: Docker version 20.10.17, build 100c70180f

[innovate-invent]

Docker Desktop 4.2.0 running Docker Engine v20.10.10 should not have this issue

[tianon]

My guess is that this has something to do with the filesystem sharing implementation in Docker Desktop -- beyond that, I'm at a loss for helping debug (as this doesn't seem to be something particular to PostgreSQL but rather to the environment in which it's running or storing data).

[LukeNotable]

Still seeing it on Docker Desktop 4.2.1 (20.10.21, baeda1f) for Mac (M1), ~~but only for Alpine~~.

[rohm1]

We also had this issue. Container is deployed using saltstack and shared directory owner was set to root. Start the container, it changes the owner and works. saltstack deployment, owner is set to root again and container stops working, error from this issue title was in the logs. We now set owner to 999 (id root inside of the container).

[DCCInterstellar]

As of June 19, 2023. I'm having this exact issue on an Unraid Server. Does anyone have any information on how to fix this?

[tianon]

@DCCInterstellar I think you're actually hitting #1100 (you likely need to update libseccomp2 on your host)

[DCCInterstellar]

@tianon Thank you! I changed the repository from postgres:14 to postgres:14-bullseye and I no longer get the Permission denied error!

[tianon]

My guess is that this has something to do with the filesystem sharing implementation in Docker Desktop -- beyond that, I'm at a loss for helping debug (as this doesn't seem to be something particular to PostgreSQL but rather to the environment in which it's running or storing data).

This is still my best guess -- can anyone who is suffering from this reproduce with a named volume or without using Docker Desktop / VM shared filesystems?

[pedz]

My guess is that this has something to do with the filesystem sharing implementation in Docker Desktop -- beyond that, I'm at a loss for helping debug (as this doesn't seem to be something particular to PostgreSQL but rather to the environment in which it's running or storing data).

This is still my best guess -- can anyone who is suffering from this reproduce with a named volume or without using Docker Desktop / VM shared filesystems?

I switched to using an external volume in my compose file and I've not seen the problem since. I agree that this doesn't seem to be Postgres specific but it seems to be the only one getting hit by whatever the bug is.

I'm fine with closing this.

[DCCInterstellar]

I know this is marked as closed but I wanted to share something I found another way to fix this issue. In your docker-compose file or .env file, you will need to add the PUID and PGID variable to it:

PUID: 0 PGID: 0

For example, the 0 is representing in my instance is the root user. Now the root user for the docker container can read, write, and execute any of those files in the appdata without any issues. So far I haven't the errors regarding could not open statistics file "pg_stat_tmp/global.stat": Operation not permitted