Cp: cannot create regular file/ Permission Denied in Docker Compose file

I’ve been having trouble getting Graylog to launch on a new docker host using Portainer. I have this exact same compose file on an older host also using Portainer that has been working for 3 months.

compose file:

services:
  # MongoDB: https://hub.docker.com/_/mongo/
  mongodb:
    image: mongo:4.2
    volumes:
      - mongo_data:/data/db
    restart: always
  # Elasticsearch: https://www.elastic.co/guide/en/elasticsearch/reference/6.x/docker.html
  elasticsearch:
    image: docker.elastic.co/elasticsearch/elasticsearch-oss:7.10.0
    volumes:
      - es_data:/usr/share/elasticsearch/data
    environment:
      - http.host=0.0.0.0
      - transport.host=localhost
      - network.host=0.0.0.0
      - "ES_JAVA_OPTS=-Xms512m -Xmx512m"
      - path.repo=/usr/share/elasticsearch/es_backup
    restart: always
  # Graylog: https://hub.docker.com/r/graylog/graylog/
  graylog:
    image: graylog/graylog:4.0
    volumes:
      - graylog_data:/usr/share/graylog/data
      - /home/aaron/graylog/GeoIP/GeoLite2-City.mmdb:/etc/graylog/server/GeoLite2-City.mmdb
    environment:
      # CHANGE ME (must be at least 16 characters)!
      - GRAYLOG_PASSWORD_SECRET=XXX
      # Password: admin
      - GRAYLOG_ROOT_PASSWORD_SHA2=XXX
      - GRAYLOG_HTTP_EXTERNAL_URI=http://192.168.1.101:9000/
      - GRAYLOG_HTTP_ENABLE_CORS=TRUE
      - GRAYLOG_WEB_ENDPOINT_URI=http://graylog.redacted.com:9000/graylog/api
      - GRAYLOG_ROOT_TIMEZONE=America/Chicago
      - GRAYLOG_RETENTION="--size=3 --indices=10"      
    links:
      - mongodb:mongo
      - elasticsearch
    restart: always
    depends_on:
      - mongodb
      - elasticsearch
    ports:
      # Graylog web interface and REST API
      - 9000:9000
      # Syslog TCP
      - 1514:1514
      # Syslog UDP
      - 1514:1514/udp
      # GELF TCP
      - 12201:12201
      # GELF UDP
      - 12201:12201/udp
      # GELF UDP
      - 5044:5044/udp      
    #cpu_percent: 50
    #cpus: 1
    #cpuset: "1"
    #mem_limit: 2G
    #memswap_limit: 2G
    #mem_reservation: 1G    
# Volumes for persisting data, see https://docs.docker.com/engine/admin/volumes/volumes/
volumes:
  mongo_data:
    driver: local
  es_data:
    driver: local
  graylog_data:
    driver: local```

logs:
```cp: cannot create regular file '/usr/share/graylog/plugins-merged/graylog-plugin-threatintel-4.0.5.jar': Permission denied,
cp: cannot create regular file '/usr/share/graylog/plugins-merged/graylog-plugin-collector-4.0.5.jar': Permission denied,
cp: cannot create regular file '/usr/share/graylog/plugins-merged/graylog-storage-elasticsearch7-4.0.5.jar': Permission denied,
cp: cannot create regular file '/usr/share/graylog/plugins-merged/graylog-storage-elasticsearch6-4.0.5.jar': Permission denied,
cp: cannot create regular file '/usr/share/graylog/plugins-merged/graylog-plugin-aws-4.0.5.jar': Permission denied,
mkdir: cannot create directory ‘/usr/share/graylog/data’: Permission denied,
cp: cannot create regular file '/usr/share/graylog/plugins-merged/graylog-plugin-threatintel-4.0.5.jar': Permission denied,
cp: cannot create regular file '/usr/share/graylog/plugins-merged/graylog-plugin-collector-4.0.5.jar': Permission denied,
cp: cannot create regular file '/usr/share/graylog/plugins-merged/graylog-storage-elasticsearch7-4.0.5.jar': Permission denied,
cp: cannot create regular file '/usr/share/graylog/plugins-merged/graylog-storage-elasticsearch6-4.0.5.jar': Permission denied,
cp: cannot create regular file '/usr/share/graylog/plugins-merged/graylog-plugin-aws-4.0.5.jar': Permission denied,
mkdir: cannot create directory ‘/usr/share/graylog/data’: Permission denied,
cp: cannot create regular file '/usr/share/graylog/plugins-merged/graylog-plugin-threatintel-4.0.5.jar': Permission denied,
cp: cannot create regular file '/usr/share/graylog/plugins-merged/graylog-plugin-collector-4.0.5.jar': Permission denied,
cp: cannot create regular file '/usr/share/graylog/plugins-merged/graylog-storage-elasticsearch7-4.0.5.jar': Permission denied,
cp: cannot create regular file '/usr/share/graylog/plugins-merged/graylog-storage-elasticsearch6-4.0.5.jar': Permission denied,
cp: cannot create regular file '/usr/share/graylog/plugins-merged/graylog-plugin-aws-4.0.5.jar': Permission denied,
mkdir: cannot create directory ‘/usr/share/graylog/data’: Permission denied,
cp: cannot create regular file '/usr/share/graylog/plugins-merged/graylog-plugin-threatintel-4.0.5.jar': Permission denied,
cp: cannot create regular file '/usr/share/graylog/plugins-merged/graylog-plugin-collector-4.0.5.jar': Permission denied,
cp: cannot create regular file '/usr/share/graylog/plugins-merged/graylog-storage-elasticsearch7-4.0.5.jar': Permission denied,
cp: cannot create regular file '/usr/share/graylog/plugins-merged/graylog-storage-elasticsearch6-4.0.5.jar': Permission denied,
cp: cannot create regular file '/usr/share/graylog/plugins-merged/graylog-plugin-aws-4.0.5.jar': Permission denied,
mkdir: cannot create directory ‘/usr/share/graylog/data’: Permission denied,
cp: cannot create regular file '/usr/share/graylog/plugins-merged/graylog-plugin-threatintel-4.0.5.jar': Permission denied,
cp: cannot create regular file '/usr/share/graylog/plugins-merged/graylog-plugin-collector-4.0.5.jar': Permission denied,
cp: cannot create regular file '/usr/share/graylog/plugins-merged/graylog-storage-elasticsearch7-4.0.5.jar': Permission denied,
cp: cannot create regular file '/usr/share/graylog/plugins-merged/graylog-storage-elasticsearch6-4.0.5.jar': Permission denied,
cp: cannot create regular file '/usr/share/graylog/plugins-merged/graylog-plugin-aws-4.0.5.jar': Permission denied,
mkdir: cannot create directory ‘/usr/share/graylog/data’: Permission denied,
cp: cannot create regular file '/usr/share/graylog/plugins-merged/graylog-plugin-threatintel-4.0.5.jar': Permission denied,
cp: cannot create regular file '/usr/share/graylog/plugins-merged/graylog-plugin-collector-4.0.5.jar': Permission denied,
cp: cannot create regular file '/usr/share/graylog/plugins-merged/graylog-storage-elasticsearch7-4.0.5.jar': Permission denied,
cp: cannot create regular file '/usr/share/graylog/plugins-merged/graylog-storage-elasticsearch6-4.0.5.jar': Permission denied,
cp: cannot create regular file '/usr/share/graylog/plugins-merged/graylog-plugin-aws-4.0.5.jar': Permission denied,
mkdir: cannot create directory ‘/usr/share/graylog/data’: Permission denied,
cp: cannot create regular file '/usr/share/graylog/plugins-merged/graylog-plugin-threatintel-4.0.5.jar': Permission denied,
cp: cannot create regular file '/usr/share/graylog/plugins-merged/graylog-plugin-collector-4.0.5.jar': Permission denied,
cp: cannot create regular file '/usr/share/graylog/plugins-merged/graylog-storage-elasticsearch7-4.0.5.jar': Permission denied,
cp: cannot create regular file '/usr/share/graylog/plugins-merged/graylog-storage-elasticsearch6-4.0.5.jar': Permission denied,
cp: cannot create regular file '/usr/share/graylog/plugins-merged/graylog-plugin-aws-4.0.5.jar': Permission denied,
mkdir: cannot create directory ‘/usr/share/graylog/data’: Permission denied,
cp: cannot create regular file '/usr/share/graylog/plugins-merged/graylog-plugin-threatintel-4.0.5.jar': Permission denied,
cp: cannot create regular file '/usr/share/graylog/plugins-merged/graylog-plugin-collector-4.0.5.jar': Permission denied,
cp: cannot create regular file '/usr/share/graylog/plugins-merged/graylog-storage-elasticsearch7-4.0.5.jar': Permission denied,
cp: cannot create regular file '/usr/share/graylog/plugins-merged/graylog-storage-elasticsearch6-4.0.5.jar': Permission denied,
cp: cannot create regular file '/usr/share/graylog/plugins-merged/graylog-plugin-aws-4.0.5.jar': Permission denied,
mkdir: cannot create directory ‘/usr/share/graylog/data’: Permission denied,
cp: cannot create regular file '/usr/share/graylog/plugins-merged/graylog-plugin-threatintel-4.0.5.jar': Permission denied,
cp: cannot create regular file '/usr/share/graylog/plugins-merged/graylog-plugin-collector-4.0.5.jar': Permission denied,
cp: cannot create regular file '/usr/share/graylog/plugins-merged/graylog-storage-elasticsearch7-4.0.5.jar': Permission denied,
cp: cannot create regular file '/usr/share/graylog/plugins-merged/graylog-storage-elasticsearch6-4.0.5.jar': Permission denied,
cp: cannot create regular file '/usr/share/graylog/plugins-merged/graylog-plugin-aws-4.0.5.jar': Permission denied,
mkdir: cannot create directory ‘/usr/share/graylog/data’: Permission denied,
cp: cannot create regular file '/usr/share/graylog/plugins-merged/graylog-plugin-threatintel-4.0.5.jar': Permission denied,
cp: cannot create regular file '/usr/share/graylog/plugins-merged/graylog-plugin-collector-4.0.5.jar': Permission denied,
cp: cannot create regular file '/usr/share/graylog/plugins-merged/graylog-storage-elasticsearch7-4.0.5.jar': Permission denied,
cp: cannot create regular file '/usr/share/graylog/plugins-merged/graylog-storage-elasticsearch6-4.0.5.jar': Permission denied,
cp: cannot create regular file '/usr/share/graylog/plugins-merged/graylog-plugin-aws-4.0.5.jar': Permission denied,
mkdir: cannot create directory ‘/usr/share/graylog/data’: Permission denied,```

check permissions on the volumes (/usr/share/graylog/data), I have to set the volumes to 777 (probably more restrictive perms would work too, but I’m too lazy to test) if I’m using custom path for graylog volumes

my working config dir ls -la output looks like this:

sammael@vm-docker:~/docker/graylog$ ls -la
total 36
drwxrwxr-x 5 sammael          sammael  4096 Apr  1 17:53 .
drwxr-xr-x 8 root             root     4096 Apr  1 23:01 ..
-rw-rw-r-- 1 sammael          sammael  1648 Apr  1 17:53 docker-compose.yml
drwxrwxrwx 3 sammael          sammael  4096 Nov 26 14:44 es_data
drwxrwxrwx 9 sammael          sammael  4096 Nov 26 14:45 graylog_data
drwxrwxrwx 4 systemd-coredump sammael 12288 Apr  4 13:06 mongo_data
-rwxr-xr-x 1 sammael          sammael    93 Nov 18 20:44 update.sh

After a blowing away all volumes and a restart of the server, it started working. But it’s good to know that there’s a working directory to review if things go awry.

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.