Error when mounting host path with Docker for Windows - "Permission Denied"

[Teodelas]

Expected behavior

I'm not able to do a docker run … I get the error below. I'm trying to run a Linux container on Windows 10.
error while creating mount source path '/host_mnt/c/Users/xyz/AppData/Roaming/Microsoft/UserSecrets': mkdir /host_mnt/c/Users/xyz/AppData: permission denied.

Actual behavior

Run the container successfully

Information

• Windows Version: Windows 10
• Docker for Windows Version: 2.0.0.0-win78 (28905)
  I checked the Drive sharing config and Drive sharing is enabled with credentials that have local admin rights on my machine.

Steps to reproduce the behavior

[flummingbird]

Same problem here.

[hypdeb]

Same here.
For context, I have an Azure Active Directory account and I had to create another local one with the same name to be able to use Docker AT ALL. But it seems to still be unable to mount folders inside the user directories.

[ZeroWiggliness]

Also have this problem. Creates volumes fine once you add the local account, the container just cant access them. Doesn't seem matter what rights I put on the .docker folder either for the new account user.

Also see "Error response from daemon: error while creating mount source path '/host_mnt/c/Users//.docker/Volumes/elasticdata-elasticsearch-0/pvc-64d22745-7883-11e9-9d67-00155d021b09': mkdir /host_mnt/c/Users//.docker: permission denied" when inspecting the pod. File exists in the user directory and no issue with volumes themselves it seems.

Tried unsuccessfully to find a way to change the directory for these volumes to somewhere I would have more control as having them on another drive would be useful also.

[ZeroWiggliness]

The solution seems to be to add the Users group to the .docker folder and grant full access. Just the new local account access wasn't enough for me.

[daton89]

@DarrenV79 could you please explain in more details how to add Users group to .docker folder and grant full access? thanks in advance

[alexkoepke]

@daton89 To add a group to a directory you in windows follow these steps:

1. Right-click the dir
2. Click properties
3. click the security tab
4. click the "Edit" button.
5. click the add button
6. Type "users" in the text box
7. click "Check Names" (should auto fill/update for you)
8. click okay
9. Highlight your newly added group.
   10 . Under "Permissions for [User/Groupname]" select Full control
10. click apply
11. Click "OK"
12. Click "OK"

With all that out of the way I will report that adding the "Users" group to just the .docker file in my c:\Users\[home]\.docker dir did not work.

What did work was having the Users group added to at least the .docker, the great great great grandparent dir of my working dir, and the local dir I was trying to mount to my container.

[freerider7777]

Same problem... Trying to give access to users...

[alexkoepke]

@freerider7777 were you able to resolve your issue?

[freerider7777]

@alexkoepke Yes, I gave permissions from @DarrenV79's workaround and it worked

[Hopp3r]

What did work was having the Users group added to at least the .docker, the great great great grandparent dir of my working dir, and the local dir I was trying to mount to my container.

@alexkoepke this solved it for me as well

[palbrecht1]

@DarrenV79 's answer solved my issue as well.

[tedchirvasiu]

Giving full permissions only to the .docker folder didn't seem to work for me. Giving full permissions to the entire User folder seemed to do the trick, even though it is nasty.

My setup is as follows:

• I have a primary account called "User" onto which I'm currently logged in and do my development work
• I have a user called "DockerDiskSharing" with full admin rights, which I intend to use for Docker to run with

The steps I took were:

1. I opened a command prompt with admin rights and added the DockerDiskSharing user to the docker-users group by running

net localgroups docker-users DockerDiskSharing /add

2. I went to Docker -> Settings -> Shared Drives, I clicked "Reset credentials" and added the DockerDiskSharing user's credentials. I ticked C drive (my main partition) and the D drive (where my project is located)
3. I opened a command prompt with admin rights and gave full access permissions to the entire Users/User folder by running:

icacls "C:\Users\User" /q /c /t /grant docker-users:F

Still unsure which folders in particular it needs permissions to read/write to though from Users/User but it worked...

[ZeroWiggliness]

Yes its ridiculously nasty as multiple people can use my work machine and then has access to some of my keys. Ideally for me I want to be able to change the default directory. This is also useful because my C: is fairly small but I don't seem to be able to find any information on how to do that.

[tedchirvasiu]

You only give full access to the user running docker, not to everyone. As long as you keep the docker user's credentials secret you should be fine, but it still kinda defeats the purpose of creating a separate user for docker in the first place.

[CodeGTDLearn]

Step 01: https://tomssl.com/2018/01/11/sharing-your-c-drive-with-docker-for-windows-when-using-azure-active-directory-azuread-aad/

Step 02: @alexkoepke Solution. His sequence works perfectly form me

[ZeroWiggliness]

@PauloPortfolio see my answer. This only partially fixes it. At least when running K8s. Basically it creates the volume, it just fails to mount.

[petefurtado]

The solution tedchirvasiu posted on September 19th worked for me! Thanks!!!

[HyperCriSiS]

Hi,

I gave access for users to D:/Server/Pi-Hole and the .docker folder.
What do I still need to change?
Is this issue a Docker Installer Bug?

Thanks,
Hyper

D:\server\pi-hole> docker run -d --name pihole -p 53:53/tcp -p 53:53/udp -p 80:80 -p 443:443 -v "/d/Server/Pi-Hole/:/etc/pihole/" -v "/d/Server/Pi-Hole/dnsmasq.d/:/etc/dnsmasq.d/" -e ServerIP="192.168.0.10" -e WEBPASSWORD=admin --restart=unless-stopped pi-hole/pi-hole:latest C:\Program Files\Docker\Docker\Resources\bin\docker.exe: Error response from daemon: Mount denied:
The source path "D:/Server/Pi-Hole/dnsmasq.d"
doesn't exist and is not known to Docker.

[abraaoz]

1. Stop your container.

2. Open cmd with admin rights and enter the following commands:

> net user /add DockerDiskSharing DockerDiskSharing
> net localgroup Administrators DockerDiskSharing /add
> net localgroup docker-users DockerDiskSharing /add
> icacls "%UserProfile%" /q /c /t /grant docker-users:F

3. At Docker -> Settings -> Shared Drives screen:

• click Reset credentials
• tick drive C
• click Apply
• type DockerDiskSharing in user name and DockerDiskSharing in password and click OK

[syk-yaman]

Just resetting credentials as @abraaoz mentioned worked for me well.

[docker-robott]

Issues go stale after 90d of inactivity.
Mark the issue as fresh with /remove-lifecycle stale comment.
Stale issues will be closed after an additional 30d of inactivity.

Prevent issues from auto-closing with an /lifecycle frozen comment.

If this issue is safe to close now please do so.

Send feedback to Docker Community Slack channels #docker-for-mac or #docker-for-windows.
/lifecycle stale

[secbug]

This is still a big issue, and it seems the ability to reset credentials has been removed from the GUI.

[mat007]

@secbug there is no need for credentials anymore as the file sharing doesn’t use Samba anymore.

I’ll go ahead and close this issue, could you please open one describing the problem you’re having?

[docker-robott]

Closed issues are locked after 30 days of inactivity.
This helps our team focus on active issues.

If you have found a problem that seems similar to this, please open a new issue.

Send feedback to Docker Community Slack channels #docker-for-mac or #docker-for-windows.
/lifecycle locked