Docker permission error

[Ismael]

• I'm submitting a ...
• Bug report

I'm using the official grafana/grafana image.
I'm using Vagrant with CoreOS as docker host. I have /var/lib/grafana mounted from the host, which is mounted through NFS.

My NFS server has this in /etc/exports
"/srv/vagrant/coreos-vagrant/shared" 172.17.8.101(rw,no_subtree_check,all_squash,anonuid=1000,anongid=1000,fsid=893788748)

In my docker host I'm running:
docker run -i -p 3000:3000 -v /srv/grafana:/var/lib/grafana/ grafana/grafana

And docker logs grafana shows this:
chown: changing ownership of '/var/lib/grafana': Operation not permitted

Grafana is not running, the container keeps failing.

[torkelo]

/var/lib/grafana needs to be accessible/writable by user running grafana-server, by default the user uses grafana

[Ismael]

But the user won't exist outside the container...

I solved this by changing the userid and groupid of grafana to 1000, which is the usual user/group id for a single user. See discussion at moby/moby#7198 (comment)

This is my Dockerfile

FROM grafana/grafana

RUN groupmod -g 1000 grafana \
    && usermod -u 1000 grafana \
    #&& `find / -user 104 -exec chown -h 1000 {} \;` \
    #&& `find / -group 107 -exec chgrp -h 1000 {} \;` \
    && usermod -g 1000 grafana \
    && chown -R grafana:grafana /var/lib/grafana

[ornith-it-admin]

The problem is worse if you have read-only snapshots on your NFS share, since even with the above permission fix, grafana insists on owning files that are read-only, and the container fails.