Hi,
Today I run official postgres:9.5 image without any changes under kubernetes and I got the same problem:
# kubectl logs my_pod -p
chmod: changing permissions of ‘/var/lib/postgresql/data’: Permission denied

edited:
Probably I have some clue -
chcon -Rt svirt_sandbox_file_t /path/to/volume
solves my problem - selinux issue

If you are using MacOSX or Windows with the Vbox shared folders, then this is a duplicate of https://github.com/docker-library/postgres/issues/28

Hey, guys!
I have the same issue with running postgres on OSX.

docker run \
  --name my-postgres \
  -e POSTGRES_USER=admin \
  -e POSTGRES_PASSWORD=password \
  -e POSTGRES_DB=some_db_dev \
  -v $PG_LOCAL_DATA:/var/lib/postgresql/data \
  -d postgres:9.5.1

My output is the following:

* Starting PostgreSQL
The files belonging to this database system will be owned by user "postgres".
This user must also own the server process.

The database cluster will be initialized with locale "en_US.utf8".
The default database encoding has accordingly been set to "UTF8".
The default text search configuration will be set to "english".

Data page checksums are enabled.

fixing permissions on existing directory /var/lib/postgresql/data ... ok
initdb: could not create directory "/var/lib/postgresql/data/pg_xlog": Permission denied
initdb: removing contents of data directory "/var/lib/postgresql/data"

Versions of docker, docker-machine, virtualbox and boot2docker are:

docker-machine version 0.6.0, build e27fb87
Docker version 1.10.2, build c3959b1
VirtualBox Version 5.0.16 r105871
boot2docker 1.10.3

I saw many publications about this topic but the most of them are outdated. I had tried do the same solution as for mysql but it did not help.

Maybe somebody can updated me: does some solution exist to run postgres container with data volumes through docker-machine?

Thanks!

Any workarounds for this?

I'm experiencing the same error when trying to run the latest image on OpenShift Enterprise. The error occurs whether the container has or does not have a mounted volume:

chmod: changing permissions of ‘/var/lib/postgresql/data’: Permission denied

Hi,

Found this for solving the chmod issue:
http://stackoverflow.com/questions/24288616/permission-denied-on-accessing-host-directory-in-docker

Check here too for the selinux security issue :
https://docs.docker.com/engine/tutorials/dockervolumes/#/volume-labels

I fixed my docker-compose file by adding a :z at the end of the volume command
volumes: - /media/dataDemo/db:/var/lib/postgresql/data:z

Hope it will help.

I'm noticing that the /var/lib/postgresql/data group permission is root. That doesn't seem correct to me.

@collinpeters, it looks like we only chown to the user in the entrypoint.

any news about this issue?

My issue appears like that of @sergio1990 except that I am using "Docker for Mac" instead of "Docker Toolbox". I resolved my case by changing ownership of the host file system to be used by the PostgresQL container to the $USER who will run that container. In doing so it appeared that the container relies upon the credentials cache resulting from the ownership change: sudo chown -R $USER $POSTGRESQLFS then docker run.

I have been trying to apply the :z and :Z options in my kubernetes deployment configuration. However it fails with following error.

Failed to start container with docker id b323b283a475 with error: Error response from daemon: {"message":"SELinux relabeling of /var/lib/kubelet/pods/13a57233-0b02-11e7-bb55-0050560107db/volumes/kubernetes.io~nfs/sonar-data is not allowed: \"operation not supported\""}
Error syncing pod, skipping: failed to "StartContainer" for "sonar-postgres" with RunContainerError: "runContainer: Error response from daemon: {\"message\":\"SELinux relabeling of /var/lib/kubelet/pods/13a57233-0b02-11e7-bb55-0050560107db/volumes/kubernetes.io~nfs/sonar-data is not allowed: \\\"operation not supported\\\"\"}"
Back-off restarting failed docker container

Note that I have tried the mountPath with both :z and :Z in the following configuration. Without these it fails with the chown error mentioned by you guys.

apiVersion: extensions/v1beta1
kind: Deployment
metadata:
  name: sonar-postgres
spec:
  replicas: 1
  template:
    metadata:
      labels:
        app: sonar-postgres
        tier: backend
    spec:
      containers:
        - name: sonar-postgres
          image: postgres:9.6
          resources:
            requests:
              cpu: 100m
              memory: 100Mi
          env:
            - name: POSTGRES_USER
              valueFrom:
                secretKeyRef:
                  name: sonar-postgres
                  key: user
            - name: POSTGRES_PASSWORD
              valueFrom:
                secretKeyRef:
                  name: sonar-postgres
                  key: password
          ports:
            - name: postgresport
              containerPort: 5432
          volumeMounts:
            - name: sonar-postgres-data
              mountPath: /var/lib/postgresql/data:z
      volumes:
        - name: sonar-postgres-data
          persistentVolumeClaim:
            claimName: sonar-postgres
---
apiVersion: v1
kind: PersistentVolume
metadata:
  name: sonar-postgres
  labels:
    app: sonar
    tier: backend
spec:
  capacity:
    storage: 500Mi
  accessModes:
    - ReadWriteMany
  nfs:
    server: x.x.x.x
    path: /kubernetes/volumes/sonar/postgres
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
  name: sonar-postgres
spec:
  accessModes:
    - ReadWriteMany
  resources:
    requests:
      storage: 500Mi

@marcofranssen have same issue with kubernetes deployment. :z does not help really. Have you tried to fix this?

For anyone still experiencing this (I am, using Docker for Windows. This is my first google result for the permissions error), I discovered a workaround that works for my case (I'm using it for an end-to-end test so I don't need to persist data, unsure how this workaround interacts with volumes).

All I'm doing is setting the PGDATA environment variable to a path that's not in /var, which seems to have fewer permissions issues for whatever reason. After that, postgres starts fine.

docker run -e PGDATA=mypgdata postgres

FYI:

You can't have your db in /var/lib/postgres/data/whatever.

Change that path by /var/lib/postgres/whatever and it will work.

See https://stackoverflow.com/questions/50916801/kubernetes-pod-which-encapsulates-db-is-crashing

I want to update this issue because I think people are still hitting it via google. I don't think you should add "no_root_squash" to your exports. The answer is in https://hub.docker.com/_/postgres.

PGDATA: This optional variable can be used to define another location - like a subdirectory - for the database files. The default is /var/lib/postgresql/data, but if the data volume you're using is a filesystem mountpoint (like with GCE persistent disks), Postgres initdb recommends a subdirectory (for example /var/lib/postgresql/data/pgdata ) be created to contain the data.

So if you set the environment variable PGDATA to /var/lib/postgresql/data/pgdata and your mountPath stays as /var/lib/postgresql/data then all is well.

Your container will mount /var/lib/postgresql/data and create the pgdata directory. All of the chown operations will work because it's not trying to chown the base directory (which is the nfs mount).

@shewless don't work in OKD 3.11 with psql 11

For anyone still get this issue. I get the "permission deined" while mapping volume in docker using kubernestes. I tried so many ways to fix this like "chmod , chown ..." , but nothing works.
Then i mount the directory under my user path on the host machine and anything works perfectly . Hope this workaround can help someone.

I received this error message

fixing permissions on existing directory /var/lib/postgresql/data ... initdb: could not change permissions of directory "/var/lib/postgresql/data": Operation not permitted

Reason: Mount path of my volume and PGDATA was both set to /var/lib/postgresql/data
Obviously, postgres was trying to chown the volume mount path for which postgres user 999 did not have permissions.

When i changed PGDATA to /var/lib/postgresql/data/mydata the issue was resolved.
Just followed the recommendation from https://hub.docker.com/_/postgres for PGDATA

The default is /var/lib/postgresql/data, but if the data volume you're using is a filesystem mountpoint (like with GCE persistent disks), Postgres initdb recommends a subdirectory (for example /var/lib/postgresql/data/pgdata ) be created to contain the data.

On the off-chance that someone else is struggling with this ... I'm running inside Vagrant, and I had endless problems mounting postgres with a data volume explicitly set. Turns out it's Vagrant.

Still experiencing errors while using Docker Desktop for MacOS for PostgreSQL.

The compose file looks like

version: "3.7"

services:
  db:
    image: postgres:12
    environment:
      POSTGRES_PASSWORD: password
      POSTGRES_DB: db
      PGDATA: /var/lib/postgresql/data/pgdata
    volumes:
      - /home/docker/volumes/db:/var/lib/postgresql/data
    networks:
      - backend
    ports:
      - 5432:5432
    deploy:
      placement:
        constraints: [node.role == manager]

Notice /home/docker/volumes is a folder shared from the host of docker machine and /home/docker/volumes/db is a empty folder already exist before mounted.

The error reports:

wbc_db.1.dzbprm4atz26@wbc-manager    | The files belonging to this database system will be owned by user "postgres".
wbc_db.1.dzbprm4atz26@wbc-manager    | This user must also own the server process.
wbc_db.1.dzbprm4atz26@wbc-manager    |
wbc_db.1.dzbprm4atz26@wbc-manager    | The database cluster will be initialized with locale "en_US.utf8".
wbc_db.1.dzbprm4atz26@wbc-manager    | The default database encoding has accordingly been set to "UTF8".
wbc_db.1.dzbprm4atz26@wbc-manager    | The default text search configuration will be set to "english".
wbc_db.1.dzbprm4atz26@wbc-manager    |
wbc_db.1.dzbprm4atz26@wbc-manager    | Data page checksums are disabled.
wbc_db.1.dzbprm4atz26@wbc-manager    |
wbc_db.1.dzbprm4atz26@wbc-manager    | fixing permissions on existing directory /var/lib/postgresql/data/pgdata ... ok
wbc_db.1.dzbprm4atz26@wbc-manager    | initdb: error: could not create directory "/var/lib/postgresql/data/pgdata/pg_wal": Permission denied
wbc_db.1.dzbprm4atz26@wbc-manager    | initdb: removing contents of data directory "/var/lib/postgresql/data/pgdata"
wbc_db.1.x70r9no7asev@wbc-manager    | The files belonging to this database system will be owned by user "postgres".
wbc_db.1.x70r9no7asev@wbc-manager    | This user must also own the server process.
wbc_db.1.x70r9no7asev@wbc-manager    |
wbc_db.1.x70r9no7asev@wbc-manager    | The database cluster will be initialized with locale "en_US.utf8".
wbc_db.1.x70r9no7asev@wbc-manager    | The default database encoding has accordingly been set to "UTF8".
wbc_db.1.x70r9no7asev@wbc-manager    | The default text search configuration will be set to "english".
wbc_db.1.x70r9no7asev@wbc-manager    |
wbc_db.1.x70r9no7asev@wbc-manager    | Data page checksums are disabled.
wbc_db.1.x70r9no7asev@wbc-manager    |
wbc_db.1.x70r9no7asev@wbc-manager    | fixing permissions on existing directory /var/lib/postgresql/data/pgdata ... ok
wbc_db.1.x70r9no7asev@wbc-manager    | initdb: error: could not create directory "/var/lib/postgresql/data/pgdata/pg_wal": Permission denied
wbc_db.1.x70r9no7asev@wbc-manager    | initdb: removing contents of data directory "/var/lib/postgresql/data/pgdata"

Looking forward to your many helps.

On the off-chance that someone else is struggling with this ... I'm running inside Vagrant, and I had endless problems mounting postgres with a data volume explicitly set. Turns out it's Vagrant.

@shukriadams Could you please explicitly explain what you did to fix?

@Dhanabalan89 Could you please post your docker command?

On the off-chance that someone else is struggling with this ... I'm running inside Vagrant, and I had endless problems mounting postgres with a data volume explicitly set. Turns out it's Vagrant.

@shukriadams Could you please explicitly explain what you did to fix?

Just make sure your postgres data volume directory does not sit within a directory shared with the host (ie, the /vagrant folder or below). I provision up a throwaway postgres container + volume mount in ~/. For persistant data I use a remote postgres instance. So, not a fix, just a workaround.

I'm using Openshift 4.2 in my case when I got this problem with Postgres 12.1
But found the issue by running oc status --suggest and found it was a permission issue in Openshift

Try this command "sudo /etc/init.d/postgresql start" to start postgres it will start at 5432

Do let me know if still issue is there.

I got this issue while using Docker Desktop for Windows, with _WSL2 backend_. The error occurs if you mount a directory under Windows file system.

$ docker run -v "/mnt/c/Users/jH/Desktop/psql/data:/var/lib/postgresql/data" postgres
chmod: changing permissions of '/var/lib/postgresql/data': Operation not permitted

The error is gone when host path is in WSL filesystem.

$ docker run -v "/home/hylw/mydata:/var/lib/postgresql/data" postgres

@hylowaker , correct, it worked with me, seem we have to use system file of WSL

@hylowaker @dwthien The same is true for shared folders when working inside a Virtualbox VM. The path must be set to an internal device.

I want to update this issue because I think people are still hitting it via google. I don't think you should add "no_root_squash" to your exports. The answer is in https://hub.docker.com/_/postgres.

PGDATA: This optional variable can be used to define another location - like a subdirectory - for the database files. The default is /var/lib/postgresql/data, but if the data volume you're using is a filesystem mountpoint (like with GCE persistent disks), Postgres initdb recommends a subdirectory (for example /var/lib/postgresql/data/pgdata ) be created to contain the data.

So if you set the environment variable PGDATA to /var/lib/postgresql/data/pgdata and your mountPath stays as /var/lib/postgresql/data then all is well.

Your container will mount /var/lib/postgresql/data and create the pgdata directory. All of the chown operations will work because it's not trying to chown the base directory (which is the nfs mount).

Unfortunately the same page at https://hub.docker.com/_/postgres says:

The Docker documentation is a good starting point for understanding the different storage options and variations, and there are multiple blogs and forum postings that discuss and give advice in this area. We will simply show the basic procedure here for the latter option above:

1. Create a data directory on a suitable volume on your host system, e.g. /my/own/datadir.

2. Start your postgres container like this:

$ docker run --name some-postgres -v /my/own/datadir:/var/lib/postgresql/data -e POSTGRES_PASSWORD=mysecretpassword -d postgres:tag

The -v /my/own/datadir:/var/lib/postgresql/data part of the command mounts the /my/own/datadir directory from the underlying host system as /var/lib/postgresql/data inside the container, where PostgreSQL by default will write its data files.

So it seems to contradict itself...

So with WSL 2 you can actually use chmod -R 777 (or something more sane) on Windows directories and these permissions are also reflected in the container.

my solution in virtualbox under windows 10 with mounted NTFS disk

`

!/bin/bash

DB_PASS=admin123
DB_USER=admin
DB_NAME=objects

PG_DATA="$(pwd)/postgres-data"

docker stop postgresql && docker rm postgresql

docker volume create pgdata

docker run -d --name postgresql \
-e POSTGRES_PASSWORD=$DB_PASS \
-e POSTGRES_USER=$DB_USER \
-e POSTGRES_DB=$DB_NAME \
-e PGDATA=$PG_DATA \
-v $PG_DATA:/var/lib/postgresql/data \
postgres:11.5-alpine

`

I tried pretty much everything that has been mentioned here but was still unable to initialize postrges pod with data files stored in a PVC (nfs) mounted folder.

What finally did the trick for me was the following addition in the PVC yaml annotations:

metadata:
  annotations:
    volume.beta.kubernetes.io/mount-options: "dir_mode=0777,file_mode=0777,uid=1000,gid=1000"

For example:

apiVersion: v1
kind: PersistentVolumeClaim
metadata:
  name: postgres-pvc
  labels:
    app: postgres
  annotations:
    volume.beta.kubernetes.io/storage-class: "storage-class-name"
    volume.beta.kubernetes.io/mount-options: "dir_mode=0777,file_mode=0777,uid=1000,gid=1000"
spec:
  accessModes:
    - ReadWriteMany
  resources:
    requests:
      storage: 5Gi