dosubot[bot] commented on issue #8695: URL: https://github.com/apache/incubator-devlake/issues/8695#issuecomment-3843183862
<!-- Answer --> The need to run the Grafana container as root (`user: '0'`) on macOS with bind mounts started after changes in the DevLake Grafana Dockerfile for beta9. These changes, made for OpenShift compatibility, switched some operations to root and altered group ownership and permissions on key directories before switching back to a non-root user. This setup works well for OpenShift, but on macOS with Docker Desktop, bind mounts can cause permission issues if the container user (now UID 101) doesn't exist on the host, leading to errors like "Error checking server process execution privilege" and "attempt to write a readonly database" [source](https://github.com/apache/incubator-devlake/pull/8657). Setting `user: '0'` in your Docker configuration bypasses these permission problems by running Grafana as root, which matches the workaround recommended in upstream Grafana documentation for macOS bind mounts. There aren't any migration notes or troubleshooting docs in DevLake about this, but the timing and nature of the Dockerfile changes explain why this is needed now. If you or others encounter this, using `user: '0'` is the recommended fix for macOS with bind mounts. For more details, see the upstream Grafana docs on [bind mounts](https://grafana.com/docs/grafana/latest/setup-grafana/installation/docker/#use-bind-mounts-1) and the related [issue](https://github.com/grafana/grafana/issues/63599). If this becomes a common problem, it may be worth sharing your findings with the community. <!-- Dosu Comment Footer --> *To reply, just mention [@dosu](https://go.dosu.dev/dosubot).* --- <sup>How did I do? [Good](https://app.dosu.dev/response-feedback/52be1967-7c5c-4b93-98cd-b562175a2bfd?feedback_type=great_response) | [Irrelevant](https://app.dosu.dev/response-feedback/52be1967-7c5c-4b93-98cd-b562175a2bfd?feedback_type=irrelevant_answer) | [Incorrect](https://app.dosu.dev/response-feedback/52be1967-7c5c-4b93-98cd-b562175a2bfd?feedback_type=incorrect_sources) | [Verbose](https://app.dosu.dev/response-feedback/52be1967-7c5c-4b93-98cd-b562175a2bfd?feedback_type=too_verbose) | [Hallucination](https://app.dosu.dev/response-feedback/52be1967-7c5c-4b93-98cd-b562175a2bfd?feedback_type=hallucination) | [Report 🐛](https://app.dosu.dev/response-feedback/52be1967-7c5c-4b93-98cd-b562175a2bfd?feedback_type=bug_report) | [Other](https://app.dosu.dev/response-feedback/52be1967-7c5c-4b93-98cd-b562175a2bfd?feedback_type=other)</sup> [](https://app.dosu.dev/b4e8e847-d479-4541-83a8-d88d83fea5c9/ask?utm_source=github) [](https://cursor.com/link/prompt?text=The%20need%20to%20run%20the%20Grafana%20container%20as%20root%20%28%60user%3A%20%270%27%60%29%20on%20macOS%20with%20bind%20mounts%20started%20after%20changes%20in%20the%20DevLake%20Grafana%20Dockerfile%20for%20beta9.%20These%20changes%2C%20made%20for%20OpenShift%20compatibility%2C%20switched%20some%20operations%20to%20root%20and%20altered%20group%20ownership%20and%20permissions%20on%20key%20directories%20before%20switching%20back%20to%20a%20non-root%20user.%20This%20setup%20works%20well%20for%20OpenShift%2C%20but%20on%20macOS%20with%20Docker%20Desktop%2C%20bind%20mounts%20can%20cause%20permission%20issues%20if%20the%20container%20user%20%28now%20UID%20101%29%20doesn%27t%20exist%20on%20the%20host%2C%20leading%20to%20errors%20like%20%22Error%20checki ng%20server%20process%20execution%20privilege%22%20and%20%22attempt%20to%20write%20a%20readonly%20database%22%20%5Bsource%5D%28https%3A//github.com/apache/incubator-devlake/pull/8657%29.%0A%0ASetting%20%60user%3A%20%270%27%60%20in%20your%20Docker%20configuration%20bypasses%20these%20permission%20problems%20by%20running%20Grafana%20as%20root%2C%20which%20matches%20the%20workaround%20recommended%20in%20upstream%20Grafana%20documentation%20for%20macOS%20bind%20mounts.%20There%20aren%27t%20any%20migration%20notes%20or%20troubleshooting%20docs%20in%20DevLake%20about%20this%2C%20but%20the%20timing%20and%20nature%20of%20the%20Dockerfile%20changes%20explain%20why%20this%20is%20needed%20now.%0A%0AIf%20you%20or%20others%20encounter%20this%2C%20using%20%60user%3A%20%270%27%60%20is%20the%20recommended%20fix%20for%20macOS%20with%20bind%20mounts.%20For%20more%20details%2C%20see%20the%20upstream%20Grafana%20docs%20on%20%5Bbind%20mounts%5D%28https%3A//grafana.com/docs/grafana/latest/setup-grafana/i nstallation/docker/%23use-bind-mounts-1%29%20and%20the%20related%20%5Bissue%5D%28https%3A//github.com/grafana/grafana/issues/63599%29.%20If%20this%20becomes%20a%20common%20problem%2C%20it%20may%20be%20worth%20sharing%20your%20findings%20with%20the%20community.) [](https://go.dosu.dev/discord-bot) [](https://twitter.com/intent/tweet?text=%40dosu_ai%20helped%20me%20solve%20this%20issue!&url=https%3A//github.com/apache/incubator-devlake/issues/8695) -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
