Cp: cannot create regular file/ Permission Denied in Docker Compose file

cinemafunk · April 2, 2021, 5:01pm

I’ve been having trouble getting Graylog to launch on a new docker host using Portainer. I have this exact same compose file on an older host also using Portainer that has been working for 3 months.

compose file:

services:
  # MongoDB: https://hub.docker.com/_/mongo/
  mongodb:
    image: mongo:4.2
    volumes:
      - mongo_data:/data/db
    restart: always
  # Elasticsearch: https://www.elastic.co/guide/en/elasticsearch/reference/6.x/docker.html
  elasticsearch:
    image: docker.elastic.co/elasticsearch/elasticsearch-oss:7.10.0
    volumes:
      - es_data:/usr/share/elasticsearch/data
    environment:
      - http.host=0.0.0.0
      - transport.host=localhost
      - network.host=0.0.0.0
      - "ES_JAVA_OPTS=-Xms512m -Xmx512m"
      - path.repo=/usr/share/elasticsearch/es_backup
    restart: always
  # Graylog: https://hub.docker.com/r/graylog/graylog/
  graylog:
    image: graylog/graylog:4.0
    volumes:
      - graylog_data:/usr/share/graylog/data
      - /home/aaron/graylog/GeoIP/GeoLite2-City.mmdb:/etc/graylog/server/GeoLite2-City.mmdb
    environment:
      # CHANGE ME (must be at least 16 characters)!
      - GRAYLOG_PASSWORD_SECRET=XXX
      # Password: admin
      - GRAYLOG_ROOT_PASSWORD_SHA2=XXX
      - GRAYLOG_HTTP_EXTERNAL_URI=http://192.168.1.101:9000/
      - GRAYLOG_HTTP_ENABLE_CORS=TRUE
      - GRAYLOG_WEB_ENDPOINT_URI=http://graylog.redacted.com:9000/graylog/api
      - GRAYLOG_ROOT_TIMEZONE=America/Chicago
      - GRAYLOG_RETENTION="--size=3 --indices=10"      
    links:
      - mongodb:mongo
      - elasticsearch
    restart: always
    depends_on:
      - mongodb
      - elasticsearch
    ports:
      # Graylog web interface and REST API
      - 9000:9000
      # Syslog TCP
      - 1514:1514
      # Syslog UDP
      - 1514:1514/udp
      # GELF TCP
      - 12201:12201
      # GELF UDP
      - 12201:12201/udp
      # GELF UDP
      - 5044:5044/udp      
    #cpu_percent: 50
    #cpus: 1
    #cpuset: "1"
    #mem_limit: 2G
    #memswap_limit: 2G
    #mem_reservation: 1G    
# Volumes for persisting data, see https://docs.docker.com/engine/admin/volumes/volumes/
volumes:
  mongo_data:
    driver: local
  es_data:
    driver: local
  graylog_data:
    driver: local```

logs:
```cp: cannot create regular file '/usr/share/graylog/plugins-merged/graylog-plugin-threatintel-4.0.5.jar': Permission denied,
cp: cannot create regular file '/usr/share/graylog/plugins-merged/graylog-plugin-collector-4.0.5.jar': Permission denied,
cp: cannot create regular file '/usr/share/graylog/plugins-merged/graylog-storage-elasticsearch7-4.0.5.jar': Permission denied,
cp: cannot create regular file '/usr/share/graylog/plugins-merged/graylog-storage-elasticsearch6-4.0.5.jar': Permission denied,
cp: cannot create regular file '/usr/share/graylog/plugins-merged/graylog-plugin-aws-4.0.5.jar': Permission denied,
mkdir: cannot create directory ‘/usr/share/graylog/data’: Permission denied,
cp: cannot create regular file '/usr/share/graylog/plugins-merged/graylog-plugin-threatintel-4.0.5.jar': Permission denied,
cp: cannot create regular file '/usr/share/graylog/plugins-merged/graylog-plugin-collector-4.0.5.jar': Permission denied,
cp: cannot create regular file '/usr/share/graylog/plugins-merged/graylog-storage-elasticsearch7-4.0.5.jar': Permission denied,
cp: cannot create regular file '/usr/share/graylog/plugins-merged/graylog-storage-elasticsearch6-4.0.5.jar': Permission denied,
cp: cannot create regular file '/usr/share/graylog/plugins-merged/graylog-plugin-aws-4.0.5.jar': Permission denied,
mkdir: cannot create directory ‘/usr/share/graylog/data’: Permission denied,
cp: cannot create regular file '/usr/share/graylog/plugins-merged/graylog-plugin-threatintel-4.0.5.jar': Permission denied,
cp: cannot create regular file '/usr/share/graylog/plugins-merged/graylog-plugin-collector-4.0.5.jar': Permission denied,
cp: cannot create regular file '/usr/share/graylog/plugins-merged/graylog-storage-elasticsearch7-4.0.5.jar': Permission denied,
cp: cannot create regular file '/usr/share/graylog/plugins-merged/graylog-storage-elasticsearch6-4.0.5.jar': Permission denied,
cp: cannot create regular file '/usr/share/graylog/plugins-merged/graylog-plugin-aws-4.0.5.jar': Permission denied,
mkdir: cannot create directory ‘/usr/share/graylog/data’: Permission denied,
cp: cannot create regular file '/usr/share/graylog/plugins-merged/graylog-plugin-threatintel-4.0.5.jar': Permission denied,
cp: cannot create regular file '/usr/share/graylog/plugins-merged/graylog-plugin-collector-4.0.5.jar': Permission denied,
cp: cannot create regular file '/usr/share/graylog/plugins-merged/graylog-storage-elasticsearch7-4.0.5.jar': Permission denied,
cp: cannot create regular file '/usr/share/graylog/plugins-merged/graylog-storage-elasticsearch6-4.0.5.jar': Permission denied,
cp: cannot create regular file '/usr/share/graylog/plugins-merged/graylog-plugin-aws-4.0.5.jar': Permission denied,
mkdir: cannot create directory ‘/usr/share/graylog/data’: Permission denied,
cp: cannot create regular file '/usr/share/graylog/plugins-merged/graylog-plugin-threatintel-4.0.5.jar': Permission denied,
cp: cannot create regular file '/usr/share/graylog/plugins-merged/graylog-plugin-collector-4.0.5.jar': Permission denied,
cp: cannot create regular file '/usr/share/graylog/plugins-merged/graylog-storage-elasticsearch7-4.0.5.jar': Permission denied,
cp: cannot create regular file '/usr/share/graylog/plugins-merged/graylog-storage-elasticsearch6-4.0.5.jar': Permission denied,
cp: cannot create regular file '/usr/share/graylog/plugins-merged/graylog-plugin-aws-4.0.5.jar': Permission denied,
mkdir: cannot create directory ‘/usr/share/graylog/data’: Permission denied,
cp: cannot create regular file '/usr/share/graylog/plugins-merged/graylog-plugin-threatintel-4.0.5.jar': Permission denied,
cp: cannot create regular file '/usr/share/graylog/plugins-merged/graylog-plugin-collector-4.0.5.jar': Permission denied,
cp: cannot create regular file '/usr/share/graylog/plugins-merged/graylog-storage-elasticsearch7-4.0.5.jar': Permission denied,
cp: cannot create regular file '/usr/share/graylog/plugins-merged/graylog-storage-elasticsearch6-4.0.5.jar': Permission denied,
cp: cannot create regular file '/usr/share/graylog/plugins-merged/graylog-plugin-aws-4.0.5.jar': Permission denied,
mkdir: cannot create directory ‘/usr/share/graylog/data’: Permission denied,
cp: cannot create regular file '/usr/share/graylog/plugins-merged/graylog-plugin-threatintel-4.0.5.jar': Permission denied,
cp: cannot create regular file '/usr/share/graylog/plugins-merged/graylog-plugin-collector-4.0.5.jar': Permission denied,
cp: cannot create regular file '/usr/share/graylog/plugins-merged/graylog-storage-elasticsearch7-4.0.5.jar': Permission denied,
cp: cannot create regular file '/usr/share/graylog/plugins-merged/graylog-storage-elasticsearch6-4.0.5.jar': Permission denied,
cp: cannot create regular file '/usr/share/graylog/plugins-merged/graylog-plugin-aws-4.0.5.jar': Permission denied,
mkdir: cannot create directory ‘/usr/share/graylog/data’: Permission denied,
cp: cannot create regular file '/usr/share/graylog/plugins-merged/graylog-plugin-threatintel-4.0.5.jar': Permission denied,
cp: cannot create regular file '/usr/share/graylog/plugins-merged/graylog-plugin-collector-4.0.5.jar': Permission denied,
cp: cannot create regular file '/usr/share/graylog/plugins-merged/graylog-storage-elasticsearch7-4.0.5.jar': Permission denied,
cp: cannot create regular file '/usr/share/graylog/plugins-merged/graylog-storage-elasticsearch6-4.0.5.jar': Permission denied,
cp: cannot create regular file '/usr/share/graylog/plugins-merged/graylog-plugin-aws-4.0.5.jar': Permission denied,
mkdir: cannot create directory ‘/usr/share/graylog/data’: Permission denied,
cp: cannot create regular file '/usr/share/graylog/plugins-merged/graylog-plugin-threatintel-4.0.5.jar': Permission denied,
cp: cannot create regular file '/usr/share/graylog/plugins-merged/graylog-plugin-collector-4.0.5.jar': Permission denied,
cp: cannot create regular file '/usr/share/graylog/plugins-merged/graylog-storage-elasticsearch7-4.0.5.jar': Permission denied,
cp: cannot create regular file '/usr/share/graylog/plugins-merged/graylog-storage-elasticsearch6-4.0.5.jar': Permission denied,
cp: cannot create regular file '/usr/share/graylog/plugins-merged/graylog-plugin-aws-4.0.5.jar': Permission denied,
mkdir: cannot create directory ‘/usr/share/graylog/data’: Permission denied,
cp: cannot create regular file '/usr/share/graylog/plugins-merged/graylog-plugin-threatintel-4.0.5.jar': Permission denied,
cp: cannot create regular file '/usr/share/graylog/plugins-merged/graylog-plugin-collector-4.0.5.jar': Permission denied,
cp: cannot create regular file '/usr/share/graylog/plugins-merged/graylog-storage-elasticsearch7-4.0.5.jar': Permission denied,
cp: cannot create regular file '/usr/share/graylog/plugins-merged/graylog-storage-elasticsearch6-4.0.5.jar': Permission denied,
cp: cannot create regular file '/usr/share/graylog/plugins-merged/graylog-plugin-aws-4.0.5.jar': Permission denied,
mkdir: cannot create directory ‘/usr/share/graylog/data’: Permission denied,```

C.G.B.Spender · April 4, 2021, 12:10pm

check permissions on the volumes (/usr/share/graylog/data), I have to set the volumes to 777 (probably more restrictive perms would work too, but I’m too lazy to test) if I’m using custom path for graylog volumes

my working config dir ls -la output looks like this:

sammael@vm-docker:~/docker/graylog$ ls -la
total 36
drwxrwxr-x 5 sammael          sammael  4096 Apr  1 17:53 .
drwxr-xr-x 8 root             root     4096 Apr  1 23:01 ..
-rw-rw-r-- 1 sammael          sammael  1648 Apr  1 17:53 docker-compose.yml
drwxrwxrwx 3 sammael          sammael  4096 Nov 26 14:44 es_data
drwxrwxrwx 9 sammael          sammael  4096 Nov 26 14:45 graylog_data
drwxrwxrwx 4 systemd-coredump sammael 12288 Apr  4 13:06 mongo_data
-rwxr-xr-x 1 sammael          sammael    93 Nov 18 20:44 update.sh

cinemafunk · April 4, 2021, 2:19pm

After a blowing away all volumes and a restart of the server, it started working. But it’s good to know that there’s a working directory to review if things go awry.

system · April 18, 2021, 2:20pm

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Can't get docker graylog up and running Graylog Central (peer support)	3	7082	January 2, 2019
Upgrade to 3.0 docker failed Graylog Central (peer support)	7	2932	March 17, 2019
Docker - External Configfiles - Opensearch: "node-id is not writable" Graylog Central (peer support) docker	5	1140	April 20, 2023
Docker-Compose file issue Graylog Central (peer support)	2	1705	December 7, 2023
Unable to login after starting docker container Graylog Central (peer support) docker	2	757	December 23, 2022

Cp: cannot create regular file/ Permission Denied in Docker Compose file

Related Topics