Specify data directory permissions for Docker containers like Elasticsearch

Hi there,

I’m attempting to run an Elasticsearch container on Ubuntu 16, and on startup it attempts to access a data directory at /usr/share/elasticsearch/data where it runs in to a bunch of errors like these.

Caused by: java.nio.file.AccessDeniedException: /usr/share/elasticsearch/data/nodes/0/node.lock

First off, it didn’t even create the directory, so I created it. Then I recursively changed the owner:group to root:docker and chmoded the group permissions to rwx, so that the docker group had full permissions on it. Both myself and the project user are members of the docker group.

drwxrwxr-x   3 root docker  4096 Feb  7 13:23 elasticsearch

So, I’m not quite sure what’s going on here. There isn’t a separate docker user registered, so why does the container process not have privileges in the data directory? I see some people on the Github saying to just chmod to 777, but that’s obviously not a serious solution. There’s gotta be something I’m missing here.

Huh, and even if I do chmod -R 777 it still doesn’t work…

666 would be better, not executable

but this is not a FOLDER permission error, it is a FILE permission error…

so, what clear the folder tree

chmod -R 666 /usr/share/elasticsearch

The file doesn’t exist yet, though. That’s why I thought execute may be necessary, so that the process could populate the data directory with whatever it needed.

I’m actually binding the data volume to an existing database in another directory, using

docker run -v /project/data:/usr/share/elasticsearch/data

but it doesn’t seem like that has anything to do with this issue. I have the same container with the same exact settings running on my Mac just fine, it’s only when I try running it in Ubuntu that I have the problem.

…in fact, the /usr/share/elasticsearch directory doesn’t even exist on my Mac so, I’m not quite sure what’s going on here. Perhaps Docker has aliased the data directory in the container to the other volume I specified and actually what’s happening is that it can’t access the /project/data directory, even if it’s not being displayed in the logs as such?

Holy jeez, I think I just answered my own question.

What was the solution here?