Docker-based graylog permissions

I’ve the following docker-compose.yml (slightly altered, but copied from here):

version: '2'
services:
  mongodb:
    image: mongo:3
    volumes:
      - /storage/mongo_data:/data/db
  elasticsearch:
    image: docker.elastic.co/elasticsearch/elasticsearch-oss:6.6.1
    volumes:
      - /storage/es_data:/usr/share/elasticsearch/data
    environment:
      - http.host=0.0.0.0
      - transport.host=localhost
      - network.host=0.0.0.0
      - "ES_JAVA_OPTS=-Xms512m -Xmx512m"
    ulimits:
      memlock:
        soft: -1
        hard: -1
    mem_limit: 1g
  graylog:
    image: graylog/graylog:3.0
    volumes:
      - /storage/graylog_journal:/usr/share/graylog/data/journal
    environment:
      - GRAYLOG_PASSWORD_SECRET=somepasswordpepper
      - GRAYLOG_ROOT_PASSWORD_SHA2=8c6976e5b5410415bde908bd4dee15dfb167a9c873fc4bb8a81f6f2ab448a918
      - GRAYLOG_HTTP_EXTERNAL_URI=http://127.0.0.1:9000/
    links:
      - mongodb:mongo
      - elasticsearch
    depends_on:
      - mongodb
      - elasticsearch
volumes:
  mongo_data:
    driver: local
  es_data:
    driver: local
  graylog_journal:
    driver: local

The problem is that when I run it with docker-compose it fails, since both graylog and elasticsearch services don’t have access to /storage/graylog and /storage/elasticsearch respectively. What I need to change is to do:

  • chmod 1000:1000 -Rv /storage/elasticsearch
  • chmod 1100:1100 -Rv /storage/graylog

on the host machine.

So two questions arise:

  • why is that?
  • how to handle it elegantly?

Source: StackOverflow