Volume inaccessible, although uid and gid match those of the user parameter

[plafue]

The image neo4j:5.7-community won't start when the user parameter is provided to docker run. It states that the mount is inaccessible to the user, even though its uid and gid match those of the user parameter. May be similar to #351 .

Steps to reproduce

≻  mkdir -p neo4j/data neo4j/logs import/csv conf
≻  docker run --user $(id -u ${USER}):$(id -g ${USER}) --publish=7474:7474 --publish=7687:7687 --volume="./neo4j/data":/data --volume="./neo4j/logs":/logs --volume="./import/csv":/import --volume="./conf":/conf neo4j:5.7-community

Folder /logs is not accessible for user: 1000 or group 1000 or groups 1000, this is commonly a file permissions issue on the mounted folder.

Hints to solve the issue:
1) Make sure the folder exists before mounting it. Docker will create the folder using root permissions before starting the Neo4j container. The root permissions disallow Neo4j from writing to the mounted folder.
2) Pass the folder owner's user ID and group ID to docker run, so that docker runs as that user.
If the folder is owned by the current user, this can be done by adding this flag to your docker run command:
  --user=$(id -u):$(id -g)

≻  stat neo4j/logs
  File: neo4j/logs
  Size: 4096            Blocks: 8          IO Block: 4096   directory
Device: 8,16    Inode: 18006800    Links: 2
Access: (0775/drwxrwxr-x)  Uid: ( 1000/   plafue)   Gid: ( 1000/   plafue)
Access: 2023-06-22 08:17:52.483478097 +0200
Modify: 2023-06-22 08:17:52.483478097 +0200
Change: 2023-06-22 08:17:52.483478097 +0200
 Birth: 2023-06-22 08:17:52.483478097 +0200

Expected behaviour
Container starts and mounts are properly recognised as owned by the user.
Actual behaviour
Container halts
Neo4j image tag being used, eg neo4j:latest, neo4j:enterprise-3.5 etc
neo4j:5.7-community
The output of the docker version command

Client:       Podman Engine
Version:      4.5.1
API Version:  4.5.1
Go Version:   go1.18.1
Built:        Thu Jan  1 01:00:00 1970
OS/Arch:      linux/amd64

Operating system: (for example Windows 95/Ubuntu 16.04)

Distributor ID: Ubuntu
Description:    Ubuntu 23.04
Release:        23.04
Codename:       lunar

[vinaysb]

I was having the same issue, from what I can understand this is not the issue of neo4j, but the misconstruction of the docker run line while using podman instead of docker. What you are missing might be the following option while using podman, --userns keep-id.

This fixed the issue for me. Would be great if this was also included in the README to avoid this issue in the future

[plafue]

@vinaysb Thanks a lot for your input! It does work with the additional option that you provided 👍 . I'll test if it can always be set so that the command works regardless of the container engine team members are using.