System.UnauthorizedAccessException running EventStore 20.6.1 on docker

[albertocorrales]

Describe the bug
When I try to run EventStore version 20.6.1, I'm having an access error. I based my docker-compose on this URL: https://developers.eventstore.com/clients/dotnet/generated/v20.6.0/getting-started/quick-tour.html#requirements

To Reproduce
Steps to reproduce the behavior:

1. I'm using this docker-compose.yml

version: "3"
services:
  eventstore:
    image: eventstore/eventstore:20.6.1-buster-slim
    environment:
      - EVENTSTORE_INSECURE=true
    ports:
      - 2113:2113
      - 1113:1113

2. I run command docker-compose up

Expected behavior
EventStore starts running on docker

Actual behavior
I get an error on the console: System.UnauthorizedAccessException: Access to the path '/var/lib/eventstore/writer.chk' is denied.

Config/Logs/Screenshots

Starting docker_eventstore_1 ... done
Attaching to docker_eventstore_1
eventstore_1  | [    1, 1,09:55:13.788,INF]
eventstore_1  | "ES VERSION:"             "20.6.1.0" ("tags/oss-v20.6.1"/"9ea108855", "Unknown")
eventstore_1  | [    1, 1,09:55:13.829,INF] "OS:"                     Linux ("Unix 4.19.76.0")
eventstore_1  | [    1, 1,09:55:13.832,INF] "RUNTIME:"                ".NET 3.1.8" (64-bit)
eventstore_1  | [    1, 1,09:55:13.833,INF] "GC:"                     "3 GENERATIONS"
eventstore_1  | [    1, 1,09:55:13.833,INF] "LOGS:"                   "/var/log/eventstore"
eventstore_1  | [    1, 1,09:55:13.850,INF] MODIFIED OPTIONS:
eventstore_1  |
eventstore_1  |         INSECURE:                 true (Environment Variable)
eventstore_1  |         EXT IP:                   0.0.0.0 (Config File)
eventstore_1  |         INT IP:                   0.0.0.0 (Config File)
eventstore_1  |
eventstore_1  | DEFAULT OPTIONS:
eventstore_1  |
eventstore_1  |         CONFIG:                   /etc/eventstore/eventstore.conf (<DEFAULT>)
eventstore_1  |         HELP:                     False (<DEFAULT>)
eventstore_1  |         VERSION:                  False (<DEFAULT>)
eventstore_1  |         LOG:                      /var/log/eventstore (<DEFAULT>)
eventstore_1  |         LOG LEVEL:                Default (<DEFAULT>)
eventstore_1  |         WHAT IF:                  False (<DEFAULT>)
eventstore_1  |         START STANDARD PROJECTIONS: False (<DEFAULT>)
eventstore_1  |         DISABLE HTTP CACHING:     False (<DEFAULT>)
eventstore_1  |         HTTP PORT:                2113 (<DEFAULT>)
eventstore_1  |         ENABLE EXTERNAL TCP:      False (<DEFAULT>)
eventstore_1  |         INT TCP PORT:             1112 (<DEFAULT>)
eventstore_1  |         EXT TCP PORT:             1113 (<DEFAULT>)
eventstore_1  |         EXT HOST ADVERTISE AS:    <empty> (<DEFAULT>)
eventstore_1  |         ADVERTISE HOST TO CLIENT AS: <empty> (<DEFAULT>)
eventstore_1  |         ADVERTISE HTTP PORT TO CLIENT AS: 0 (<DEFAULT>)
eventstore_1  |         ADVERTISE TCP PORT TO CLIENT AS: 0 (<DEFAULT>)
eventstore_1  |         EXT TCP PORT ADVERTISE AS: 0 (<DEFAULT>)
eventstore_1  |         HTTP PORT ADVERTISE AS:   0 (<DEFAULT>)
eventstore_1  |         INT HOST ADVERTISE AS:    <empty> (<DEFAULT>)
eventstore_1  |         INT TCP PORT ADVERTISE AS: 0 (<DEFAULT>)
eventstore_1  |         INT TCP HEARTBEAT TIMEOUT: 700 (<DEFAULT>)
eventstore_1  |         EXT TCP HEARTBEAT TIMEOUT: 1000 (<DEFAULT>)
eventstore_1  |         INT TCP HEARTBEAT INTERVAL: 700 (<DEFAULT>)
eventstore_1  |         EXT TCP HEARTBEAT INTERVAL: 2000 (<DEFAULT>)
eventstore_1  |         GOSSIP ON SINGLE NODE:    False (<DEFAULT>)
eventstore_1  |         CONNECTION PENDING SEND BYTES THRESHOLD: 10485760 (<DEFAULT>)
eventstore_1  |         CONNECTION QUEUE SIZE THRESHOLD: 50000 (<DEFAULT>)
eventstore_1  |         CLUSTER SIZE:             1 (<DEFAULT>)
eventstore_1  |         NODE PRIORITY:            0 (<DEFAULT>)
eventstore_1  |         MIN FLUSH DELAY MS:       2 (<DEFAULT>)
eventstore_1  |         COMMIT COUNT:             -1 (<DEFAULT>)
eventstore_1  |         PREPARE COUNT:            -1 (<DEFAULT>)
eventstore_1  |         DISABLE ADMIN UI:         False (<DEFAULT>)
eventstore_1  |         DISABLE STATS ON HTTP:    False (<DEFAULT>)
eventstore_1  |         DISABLE GOSSIP ON HTTP:   False (<DEFAULT>)
eventstore_1  |         DISABLE SCAVENGE MERGING: False (<DEFAULT>)
eventstore_1  |         SCAVENGE HISTORY MAX AGE: 30 (<DEFAULT>)
eventstore_1  |         DISCOVER VIA DNS:         True (<DEFAULT>)
eventstore_1  |         CLUSTER DNS:              fake.dns (<DEFAULT>)
eventstore_1  |         CLUSTER GOSSIP PORT:      2113 (<DEFAULT>)
eventstore_1  |         GOSSIP SEED:              <empty> (<DEFAULT>)
eventstore_1  |         STATS PERIOD SEC:         30 (<DEFAULT>)
eventstore_1  |         CACHED CHUNKS:            -1 (<DEFAULT>)
eventstore_1  |         READER THREADS COUNT:     4 (<DEFAULT>)
eventstore_1  |         CHUNKS CACHE SIZE:        536871424 (<DEFAULT>)
eventstore_1  |         MAX MEM TABLE SIZE:       1000000 (<DEFAULT>)
eventstore_1  |         HASH COLLISION READ LIMIT: 100 (<DEFAULT>)
eventstore_1  |         DB:                       /var/lib/eventstore (<DEFAULT>)
eventstore_1  |         INDEX:                    <empty> (<DEFAULT>)
eventstore_1  |         MEM DB:                   False (<DEFAULT>)
eventstore_1  |         SKIP DB VERIFY:           False (<DEFAULT>)
eventstore_1  |         WRITE THROUGH:            False (<DEFAULT>)
eventstore_1  |         UNBUFFERED:               False (<DEFAULT>)
eventstore_1  |         CHUNK INITIAL READER COUNT: 5 (<DEFAULT>)
eventstore_1  |         RUN PROJECTIONS:          None (<DEFAULT>)
eventstore_1  |         PROJECTION THREADS:       3 (<DEFAULT>)
eventstore_1  |         WORKER THREADS:           5 (<DEFAULT>)
eventstore_1  |         PROJECTIONS QUERY EXPIRY: 5 (<DEFAULT>)
eventstore_1  |         FAULT OUT OF ORDER PROJECTIONS: False (<DEFAULT>)
eventstore_1  |         ENABLE TRUSTED AUTH:      False (<DEFAULT>)
eventstore_1  |         TRUSTED ROOT CERTIFICATES PATH: <empty> (<DEFAULT>)
eventstore_1  |         CERTIFICATE FILE:         <empty> (<DEFAULT>)
eventstore_1  |         CERTIFICATE PRIVATE KEY FILE: <empty> (<DEFAULT>)
eventstore_1  |         CERTIFICATE PASSWORD:     <empty> (<DEFAULT>)
eventstore_1  |         CERTIFICATE STORE LOCATION: <empty> (<DEFAULT>)
eventstore_1  |         CERTIFICATE STORE NAME:   <empty> (<DEFAULT>)
eventstore_1  |         CERTIFICATE SUBJECT NAME: <empty> (<DEFAULT>)
eventstore_1  |         CERTIFICATE RESERVED NODE COMMON NAME: eventstoredb-node (<DEFAULT>)
eventstore_1  |         CERTIFICATE THUMBPRINT:   <empty> (<DEFAULT>)
eventstore_1  |         DISABLE INTERNAL TCP TLS: False (<DEFAULT>)
eventstore_1  |         DISABLE EXTERNAL TCP TLS: False (<DEFAULT>)
eventstore_1  |         AUTHORIZATION TYPE:       internal (<DEFAULT>)
eventstore_1  |         AUTHENTICATION TYPE:      internal (<DEFAULT>)
eventstore_1  |         AUTHORIZATION CONFIG:     <empty> (<DEFAULT>)
eventstore_1  |         AUTHENTICATION CONFIG:    <empty> (<DEFAULT>)
eventstore_1  |         DISABLE FIRST LEVEL HTTP AUTHORIZATION: False (<DEFAULT>)
eventstore_1  |         PREPARE TIMEOUT MS:       2000 (<DEFAULT>)
eventstore_1  |         COMMIT TIMEOUT MS:        2000 (<DEFAULT>)
eventstore_1  |         WRITE TIMEOUT MS:         2000 (<DEFAULT>)
eventstore_1  |         UNSAFE DISABLE FLUSH TO DISK: False (<DEFAULT>)
eventstore_1  |         UNSAFE IGNORE HARD DELETE: False (<DEFAULT>)
eventstore_1  |         SKIP INDEX VERIFY:        False (<DEFAULT>)
eventstore_1  |         INDEX CACHE DEPTH:        16 (<DEFAULT>)
eventstore_1  |         OPTIMIZE INDEX MERGE:     False (<DEFAULT>)
eventstore_1  |         GOSSIP INTERVAL MS:       2000 (<DEFAULT>)
eventstore_1  |         GOSSIP ALLOWED DIFFERENCE MS: 60000 (<DEFAULT>)
eventstore_1  |         GOSSIP TIMEOUT MS:        2500 (<DEFAULT>)
eventstore_1  |         READ ONLY REPLICA:        False (<DEFAULT>)
eventstore_1  |         UNSAFE ALLOW SURPLUS NODES: False (<DEFAULT>)
eventstore_1  |         ENABLE HISTOGRAMS:        False (<DEFAULT>)
eventstore_1  |         LOG HTTP REQUESTS:        False (<DEFAULT>)
eventstore_1  |         LOG FAILED AUTHENTICATION ATTEMPTS: False (<DEFAULT>)
eventstore_1  |         ALWAYS KEEP SCAVENGED:    False (<DEFAULT>)
eventstore_1  |         SKIP INDEX SCAN ON READS: False (<DEFAULT>)
eventstore_1  |         REDUCE FILE CACHE PRESSURE: False (<DEFAULT>)
eventstore_1  |         INITIALIZATION THREADS:   1 (<DEFAULT>)
eventstore_1  |         MAX AUTO MERGE INDEX LEVEL: 2147483647 (<DEFAULT>)
eventstore_1  |         WRITE STATS TO DB:        False (<DEFAULT>)
eventstore_1  |         MAX TRUNCATION:           268435456 (<DEFAULT>)
eventstore_1  |         MAX APPEND SIZE:          1048576 (<DEFAULT>)
eventstore_1  |         ENABLE ATOM PUB OVER HTTP: False (<DEFAULT>)
eventstore_1  |         DEAD MEMBER REMOVAL PERIOD SEC: 1800 (<DEFAULT>)
eventstore_1  |
eventstore_1  | [    1, 1,09:55:13.852,WRN]
eventstore_1  | ==============================================================================================================
eventstore_1  | INSECURE MODE IS ON. THIS MODE IS *NOT* RECOMMENDED FOR PRODUCTION USE.
eventstore_1  | INSECURE MODE WILL DISABLE ALL AUTHENTICATION, AUTHORIZATION AND TRANSPORT SECURITY FOR ALL CLIENTS AND NODES.
eventstore_1  | ==============================================================================================================
eventstore_1  |
eventstore_1  | [    1, 1,09:55:13.916,INF] Quorum size set to 1
eventstore_1  | [    1, 1,09:55:13.919,WRN] Authentication and Authorization is disabled on all TCP/HTTP interfaces. It is recommended to run with Authentication and Authorization enabled in production
eventstore_1  | [    1, 1,09:55:13.920,WRN] TLS is disabled on all TCP/HTTP interfaces - no certificates are required to run EventStoreDB. It is recommended to run with TLS enabled in production.
eventstore_1  | [    1, 1,09:55:13.937,INF] Cannot find plugins path: "/usr/share/eventstore/plugins"
eventstore_1  | [    1, 1,09:55:14.342,DBG] MessageHierarchy initialization took 00:00:00.3019769.
eventstore_1  | [    1, 1,09:55:14.371,FTL] Host terminated unexpectedly.
eventstore_1  | System.UnauthorizedAccessException: Access to the path '/var/lib/eventstore/writer.chk' is denied.
eventstore_1  |  ---> System.IO.IOException: Permission denied
eventstore_1  |    --- End of inner exception stack trace ---
eventstore_1  |    at Interop.ThrowExceptionForIoErrno(ErrorInfo errorInfo, String path, Boolean isDirectory, Func`2 errorRewriter)
eventstore_1  |    at Microsoft.Win32.SafeHandles.SafeFileHandle.Open(String path, OpenFlags flags, Int32 mode)
eventstore_1  |    at System.IO.FileStream.OpenHandle(FileMode mode, FileShare share, FileOptions options)
eventstore_1  |    at System.IO.FileStream..ctor(String path, FileMode mode, FileAccess access, FileShare share, Int32 bufferSize, FileOptions options)
eventstore_1  |    at System.IO.FileStream..ctor(String path, FileMode mode, FileAccess access, FileShare share)
eventstore_1  |    at EventStore.Core.TransactionLog.Checkpoint.MemoryMappedFileCheckpoint..ctor(String filename, String name, Boolean cached, Boolean mustExist, Int64 initValue) in /build/src/EventStore.Core/TransactionLog/Checkpoint/MemoryMappedFileCheckpoint.cs:line 31
eventstore_1  |    at EventStore.Core.VNodeBuilder.CreateDbConfig(Int32 chunkSize, Int32 cachedChunks, String dbPath, Int64 chunksCacheSize, Boolean inMemDb, Boolean unbuffered, Boolean writethrough, Int32 chunkInitialReaderCount, Int32 chunkMaxReaderCount, Boolean optimizeReadSideCache, Boolean reduceFileCachePressure, Int64 maxTruncation, ILogger log) in /build/src/EventStore.Core/VNodeBuilder.cs:line 1584
eventstore_1  |    at EventStore.Core.VNodeBuilder.Build(IOptions options, IPersistentSubscriptionConsumerStrategyFactory[] consumerStrategies) in /build/src/EventStore.Core/VNodeBuilder.cs:line 1375
eventstore_1  |    at EventStore.ClusterNode.ClusterVNodeHostedService.BuildNode(ClusterNodeOptions options, Func`1 loadConfigFunc) in /build/src/EventStore.ClusterNode/ClusterVNodeHostedService.cs:line 163
eventstore_1  |    at EventStore.ClusterNode.ClusterVNodeHostedService.Create(ClusterNodeOptions opts) in /build/src/EventStore.ClusterNode/ClusterVNodeHostedService.cs:line 144
eventstore_1  |    at EventStore.Core.EventStoreHostedService`1..ctor(String[] args) in /build/src/EventStore.Core/EventStoreHostedService.cs:line 45
eventstore_1  |    at EventStore.ClusterNode.ClusterVNodeHostedService..ctor(String[] args) in /build/src/EventStore.ClusterNode/ClusterVNodeHostedService.cs:line 35
eventstore_1  |    at EventStore.ClusterNode.Program.Main(String[] args) in /build/src/EventStore.ClusterNode/Program.cs:line 22
docker_eventstore_1 exited with code 1

EventStore details

• EventStore server version: 20.6.1
• Operating system: Windows 10 and docker 2.4.0.0 (48506)
• EventStore client version (if applicable): NA

[albertocorrales]

After spending a few hours struggling with this, I finally managed to figure it out by myself. It seems we need new config for version v20.6.1 and the documentation is not updated.

For those who had the same issue, I'm sharing a repo with an example working with v20.6.1.

This is my docker-compose.yml https://github.com/albertocorrales/eventstoreissue2061/blob/main/docker-compose.yml

And for the client now you have also to configure explicitly that you are not using tsl, like in this example https://github.com/albertocorrales/eventstoreissue2061/blob/main/Program.cs

[alexeyzimarev]

It's not the config issue, it's Docker permissions issue and the user used to run the container.

I just used your original compose file and it worked just fine. Of course, all your observations are correct. For the UI to work you need Atom Pub enabled. To use the TCP protocol, you'd need to enable TCP on the external port. You also need to tell the client that your server is running without HTTPS/TLS.

[aafonya]

Or just try to delete the eventstore volume.

[kollerdroid]

The same error in Kubernetes StatefulSet:

System.UnauthorizedAccessException: Access to the path 'var/lib/eventstore/writer.chk' is denied.
// ...

Tested images:

• eventstore/eventstore:latest
• eventstore/eventstore:20.6.1-buster-slim

 # ...
apiVersion: apps/v1
kind: StatefulSet
 # ...
          volumeMounts:
            - name: my-eventstore-data
              mountPath: /var/lib/eventstore
 # ...
  volumeClaimTemplates:
    - metadata:
        name: my-eventstore-data
      spec:
        accessModes: ['ReadWriteOnce']
        resources:
          requests:
            storage: 5Gi
 # ...

Behind the default StorageClass there is a dynamic storage provisioner (csi.vsphere.vmware.com), which works fine.

[pointmax]

The eventstore docker container uses user ID 1000. I was mapping the volumes locally and couldn't get eventstore to run. After changing the owner of the folder to 1000 I got it working with local volumes.

chown -R 1000:1000 data/
chown -R 1000:1000 logs/

Here's my docker-compose.yml

version: "3.4"

services:
  eventstore.db:
    image: eventstore/eventstore:20.10.2-buster-slim
    environment:
      - EVENTSTORE_CLUSTER_SIZE=1
      - EVENTSTORE_RUN_PROJECTIONS=All
      - EVENTSTORE_START_STANDARD_PROJECTIONS=true
      - EVENTSTORE_EXT_TCP_PORT=1113
      - EVENTSTORE_HTTP_PORT=2113
      - EVENTSTORE_INSECURE=true
      - EVENTSTORE_ENABLE_EXTERNAL_TCP=true
      - EVENTSTORE_ENABLE_ATOM_PUB_OVER_HTTP=true
    ports:
      - "1113:1113"
      - "2113:2113"
    volumes:
      - ./data:/var/lib/eventstore
      - ./logs:/var/log/eventstore

Hope this helps anyone

[mohammadsaadshafiq]

OR try this approach
https://medium.com/@saad.shafiq1997/how-to-locally-set-up-an-event-store-usi-9c909d7a5603