ProjectStack
docker

Permission denied accessing files on a mounted volume

A process inside the container is being denied access to files or directories from a bind mount or volume. This usually comes from a UID/GID mismatch — the user inside the container has a different numeric ID than the user who owns the files on the host, and the filesystem permissions don't allow access.

Common causes

  • The container process runs as root (UID 0) but the host files are owned by a non-root user, or vice versa
  • A non-root container user (UID 1000, for example) doesn't match the UID that owns the host directory
  • SELinux or AppArmor on the host is blocking container access to the volume
  • The host directory permissions are too restrictive (e.g., mode 700 owned by another user)

How to fix it

  1. Match the container user's UID to the host file owner: docker run -u $(id -u):$(id -g) myimage
  2. Fix the host directory permissions: chmod 755 ./data or chown to match the container user
  3. For SELinux: append :Z to the mount to relabel: -v ./data:/app/data:Z
  4. Run a setup step as root to fix ownership inside: RUN chown -R appuser:appuser /app/data

Example

$ docker run -v $(pwd)/data:/app/data myapp Error: EACCES: permission denied, open '/app/data/config.json'

Container process running as UID 1001 can't read files owned by UID 1000 on the host

Related Docker Errors

Cannot connect to Docker daemonPermission denied connecting to Docker socketDocker daemon not running on this hostImage not found or pull access deniedImage manifest not found (tag doesn't exist)

Browse more errors

The Developer Hub covers 150+ errors across Git, npm, Node.js, Python, TypeScript, and Docker — with plain-English explanations and fix steps.