Write permissions on volume mount with OpenShift

Question

Using OpenShift 3.11, I've mounted an nfs persistent volume, but the application cannot copy into the new volume, saying:

oc logs my-project-77858bc694-6kbm6 
cp: cannot create regular file '/config/dbdata/resdb.lock.db': Permission denied
...

I've tried to change the ownership of the folder by doing a chown in an InitContainers, but it tells me the operation not permitted.

      initContainers:
        - name: chowner
          image:  alpine:latest
          command: ["/bin/sh", "-c"]
          args:
            - ls -alt /config/dbdata; chown 1001:1001 /config/dbdata;
          volumeMounts:
          - name: my-volume
            mountPath: /config/dbdata/

oc logs my-project-77858bc694-6kbm6 -c chowner
total 12
drwxr-xr-x    3 root     root          4096 Nov  7 03:06 ..
drwxr-xr-x    2 99       99            4096 Nov  7 02:26 .
chown: /config/dbdata: Operation not permitted

I expect to be able to write to the mounted volume.

Using openshift this can be helpful [Security Context Constraints](https://docs.okd.io/latest/architecture/additional_concepts/authorization.html#security-context-constraints) — Mark, Nov 07 '19 at 14:42

score 3 · Accepted Answer · answered Nov 07 '19 at 14:50

3

You can give your Pods permission to write into a volume by using fsGroup: GROUP_ID in a Security Context. fsGroup makes your volumes writable by GROUP_ID and makes all processes inside your container part of that group.

For example:

apiVersion: v1
kind: Pod
metadata:
  name: POD_NAME
spec:
  securityContext:
    fsGroup: GROUP_ID
...

answered Nov 07 '19 at 14:50

Alassane Ndiaye

4,427
1
10
19

Thnx, that was exactly what I needed in order for PVC to be writeable for non-root user in Openshift4. – Nik Oct 07 '22 at 12:38

Write permissions on volume mount with OpenShift

1 Answers1

Linked