Permission denied when spinning up a neo4j container via colima

Question

I recently switched from Docker Desktop to colima and I've been unable to start a neo4j container eversince. When I run docker-compose, I get the following errors in docker logs, causing neo4j to crash:

> docker logs neo4j
Changed password for user 'neo4j'.
chown: /data/dbms/auth.ini: Permission denied
chown: /data/dbms: Permission denied
chown: /data/dbms: Permission denied
chown: /data: Permission denied
chown: /data: Permission denied

Previously, the same code worked fine with the Docker Desktop set-up. Any ideas how can I fix this?

I have tried the following:

• Verified that read/write permissions are there for the signed-in user on the corresponding files and directories mentioned in the logs above.
• Tried reinstalling colima, docker and docker-compose.
• Cross-checked permissions on the relevant folders for these tools (/.colima, /.docker etc.)
• Running all commands with "sudo" wherever applicable
• Tried deleting the /data/ directory mentioned in the logs so it can be re-generated properly
• Turning it off and on :P

Answer 1

I was able to find a solution and I'm writing this here for future reference of other users who might come across the same issue. The core of the issue lies with bind mounted volumes. Previously, docker desktop had elevated privileges / permissions but now after shifting over to colima, the same privileges were no longer there.

User permissions weren't being passed on properly to the containers, resulting in them being unable to access the binded volumes on the host machine. The solution is to add a user:group or uid:gid mapping in the docker run command or the docker-compose file etc.

user: "<uid>:<gid>"  

In a docker-compose file, it would look like this:

version: '3.4'
services:
  neo4j:
      image: neo4j:3.5.5
      container_name: neo4j
      ports:
          - 7474:7474
          - 7687:7687
      volumes:
          - ./example/docker/neo4j/conf:/conf
          - ./.local/neo4j/data:/var/lib/neo4j/data
      user: '1000'
      group_add:
      - '1000'

For further information, please go through the following docs/threads:

• https://docs.docker.com/engine/reference/run/#user
• https://docs.docker.com/storage/volumes/
• https://github.com/abiosoft/colima/issues/54

Answer 2

If you are not using docker-compose, my answer may be helpful.

I recently switched from Docker Desktop to Colima and encountered a “permission denied” error for the files in the volume of a previously functioning MySQL container. However, I was able to resolve this issue.

The errors:

chown: changing ownership of '/var/lib/mysql/private_key.pem': Permission denied
chown: changing ownership of '/var/lib/mysql/ca-key.pem': Permission denied
chown: changing ownership of '/var/lib/mysql/ibdata1': Permission denied
chown: changing ownership of '/var/lib/mysql/#innodb_temp': Permission denied
chown: changing ownership of '/var/lib/mysql/#innodb_temp/temp_3.ibt': Permission denied
chown: changing ownership of '/var/lib/mysql/#innodb_temp/temp_2.ibt': Permission denied
chown: changing ownership of '/var/lib/mysql/#innodb_temp/temp_1.ibt': Permission denied

The fix was to add --user 1000:1000

docker run --rm --name my-db-name \
    -e MYSQL_ROOT_PASSWORD=1234 \
    -p 3306:3306 \
    --user 1000:1000 \
    -v $PWD/mysql-data:/var/lib/mysql \
    --platform linux/x86_64 \
    mysql:8.0