I am starting a new Grafana docker instance (no migration) with the latest 5.2.4 version on ubuntu 16 and ubuntu 17 and when I add volumes I get this error
Starting grafana_grafana_1 ... done
Attaching to grafana_grafana_1
grafana_1 | GF_PATHS_DATA='/var/lib/grafana' is not writable.
grafana_1 | You may have issues with file permissions, more information here: http://docs.grafana.org/installation/docker/#migration-from-a-previous-version-of-the-docker-container-to-5-1-or-later
grafana_1 | mkdir: cannot create directory '/var/lib/grafana/plugins': Permission denied
grafana_grafana_1 exited with code 1
tried setting user 472 104 and all but nothing worked ref.
reinstall docker ce didn’t work too ref,
if you are running docker with root rights then follow the accepted answer but use the id as 0 (sudo id -u instead of id -u)
It looks like you’re trying to map a folder from your local hard drive into the Grafana container on
/var/lib/grafana, is that correct? In that case you either have to start the container using the same userid as you have locally or chown the local folder to match Grafanas userid (
You can find out what your user id is by running
Basically now every time I start grafana from docker compose, it deletes all my data. So I wanted a persistent storage to save my data and hence the volume to local system. Is there any other way to save the data?
I planned to do this based on doc at http://docs.grafana.org/installation/docker/#grafana-container-with-persistent-storage-recommended
I tried this
drwxr-xr-x 2 472 472 4096 Oct 2 09:18 grafana-storage
With that too it did not work.
also added this in docker compose
also changed chown to id obtained from
id -u that too did not work
volume from docker terminal command does not seem to crash, but from docker-compose it does throw that error
Option 1, docker volumes
With persistent storage you have a few different options. You can create a docker volume and in vanilla docker that will work with the file permissions for the Grafana docker container (id = 472, group = 472).
Option 2, using a folder on your local filesystem
When using a local folder you need to do a little bit of extra work to make it so that the docker container can read the contents of the folder as well as write to it. In the example below we will modify the user that Grafana runs as within the container so that it runs as the same user id as you do in your local file system, this will guarantee that it has access if you do.
id -u (this will give you your user id, which you will enter into the docker-compose file. In my case it is 1001, replace 1001 in the docker-compose file with your id)
I hope this helps clearing up some of the confusion.
Does not work:
Glad to hear it worked out for you. Not sure why setting the id didn’t work out though. I presume you didn’t set id but the actual numeric id that id -u returned?
I set the same id, I’ll verify it from another system. thanks for the help
it seems when you are running docker with root rights eg.
sudo usermod -a -G docker $USER
then the user id to set will be 0 (sudo id -u v/s id -u)
When you run a command with
sudo your user id will always be 0. sudo means running a command as the root user (who has id 0)
Just to share my experience with the same permissions errors:
Specifying the user:"$UID", initially didn’t work. It was throwing an error - that is until I first did “docker rm grafana” (where grafana is my container name) to clear out the failed container.
Now it is running great.
I’kind of having the same issue. The
user: "1001" option didn’t work although
id -u said
When I start grafana with changed permissions as given on this page (at the very bottom where it says Modifying permissions everything runs smoothly (for
"<your volume mapping here>" I set two volumes to my local filesystem to make the data persistent).
I thought once started with the given commands, permissions would persist. I was wrong. Yet when I tried to start the whole thing with docker-compose everything reverts “not working”.
So my question(s) is: How do I have to write docker-compose.yml to change the permissions on startup OR how to make the permission changes permanent (with a bit of work up-front).
The reason I want to have it setup like this is, that I want to regularly update (reinstall) my hostsystem. All data that need to be persistant are on an external diskstation. --> When I install new hostsystem I would like to
docker-compose up and have everything I need running…
Thank you for your help!
To save everyone some headaches. You need to add both UID (user ID) and GID (group ID).
For me run exec with root admin :
$ docker exec -ti --user root id_grafana /bin/ash
/usr/share/grafana $ ls -la /var/lib/grafana/
drwxr-xr-x 5 104 107 4096 Dec 8 16:35 .
drwxr-xr-x 1 root root 4096 Oct 5 16:28 ..
-rw-r--r-- 1 104 107 5795840 Dec 8 16:35 grafana.db
drwxr-xr-x 2 104 107 4096 Jun 23 2020 plugins
drwx------ 2 root root 4096 Dec 9 2020 png
drwx------ 18 104 107 4096 Jun 29 2020 sessions
/usr/share/grafana # chown -R 104:107 /var/lib/grafana/png/
I literally have no idea why this worked for me, but I think I have a solution.
user: ":" worked for me
What didn’t work for me:
- Setting data folder ownership to 472:472
- Setting “user:” to something meaningful, like my UID or UID:GID, or some IDs that correspond to the ownership of the host data directory
What did work:
- Setting host folder permissions to 777, but I didn’t like it. I noticed though that with 777 permissions the files created by grafana were owned by some random user IDs, that might or might not depend on the “user:” setting provided in the docker-compose.yml
So I tried setting “user:” to “$UID:$GID”, but got a warning saying
WARN The "UID" variable is not set. Defaulting to a blank string.
WARN The "GID" variable is not set. Defaulting to a blank string.
But in this case, the files created by the docker container were owned by my host user, not by a random UID (which was the case with all the other options, regardless of the user setting). Then I decided to get rid of warning and just set it to a blank string. And it worked, now all the files created by grafana are owned by my host user and everything works fine.
For some reason though
user: "" doesn’t work, but
user: ":" does.
It would be great if some docker guru explained this behaviour though.
Or doing it even more easier way:
on your docker-machine write the command on terminal
[root@docker ~]# id
uid=0(root) gid=0(root) groups=0(root)
since I am logged in as root so in my docker-compose.yml file add this line under your grafana service blueprint e.g.
## output based on the command line
then run the
docker-compose up command and should work fine. No need to manually give permission for the /var/lib/grafana folder.