NAS Synology permission denied for docker compose grafana, prometheus and loki

Grafana Installation
1

issue which is happening only on NAS Synology for grafana, loki, prometheus containers:

ERROR: for prometheus  Cannot start service prometheus: OCI runtime create failed: container_linux.go:367: starting container process caused: chdir to cwd ("/prometheus") set in config.json failed: permission denied: unknown

this doesn’t help:

  init-prometheus:
    profiles:
      - init
    image: ubuntu
    user: root
    command: chown -R 65534:65534 /prometheus
    volumes:
      - ./prometheus/data:/prometheus

I run prometheus and other containers “normally” without any strange things for access:

  prometheus:
    image: prom/prometheus
    restart: unless-stopped
    environment:
      - TC=UTC
    volumes:
      - ./prometheus/prometheus.yaml:/etc/prometheus/prometheus.yml:ro
      - ./prometheus/data:/prometheus
    command:
      - --config.file=/etc/prometheus/prometheus.yml
      - --storage.tsdb.path=/prometheus
      - --web.enable-remote-write-receiver
      - --log.level=debug
    ports:
      - 9090:9090

How to fix this and at the same time doesn’t affect security of NAS Synology? What is the best practice for this use case?

2
  1. add new user in Synology panel called “grafana”.
  2. cat /etc/passwd | grep -i grafana to get user-id:group-id
  3. dokcer-compose.yaml
    init container
  init-prometheus:
    profiles:
      - init
    image: ubuntu
    user: root
    # command: chown -R 65534:65534 /prometheus
    command: chown -R user-id:group-id /prometheus
    volumes:
      - ./prometheus/data:/prometheus

run prometheus

  prometheus:
    image: prom/prometheus
    restart: unless-stopped
    user: user-id:group-id 
...

the same work for grafana, prometheus, loki.

change user-id:group-id with your ids.