chown: Permission denied on macOS bind-mounted repos (Docker Desktop) #1
Description
Issue: chown Permission denied on macOS bind-mounted Git repos (Docker Desktop)
Environment
- OS: macOS
- Docker: Docker Desktop
- Mount: bind mount (./repos -> /repos)
- Container: Node.js app (starts as root, then drops to node)
- Repos: multiple Git repos under ./repos
Problem
Container fails on startup with errors like:
chown: changing ownership of '/repos//.git/objects/pack/pack-*.pack': Permission denied
This causes a restart loop.
Why this happens
- Git pack files (.git/objects/pack/*) are created as read-only
- Files contain macOS extended attributes (com.apple.provenance)
- Docker Desktop macOS file sharing does not reliably allow chown or chmod
- This happens even when running the container as root
- Result: chown -R /repos sometimes works, sometimes fails depending on Git activity
What did NOT work
- Running the container as root
- Running chown -R /repos on every startup
- Dockerfile or docker-compose only fixes
- macOS ACL only fixes
Solution (host side, one time)
Run once on the host:
chmod -R -N ./repos
chmod -R g+rwX ./repos
find ./repos -type d -exec chmod g+s {} ;
find ./repos -path "/.git/" -type f -exec chmod u+rw,g+rw {} ;
xattr -r -d com.apple.provenance ./repos 2>/dev/null || true
Then restart containers:
docker compose down
docker compose up -d
Result
- chown -R /repos works reliably
- No restart loops
- Git operations (fetch, gc, checkout) are stable
- New repos inherit correct permissions
- No further host action required
Takeaway
On macOS with Docker Desktop, bind-mounted Git repos can fail chown
due to read-only pack files and extended attributes.
Normalizing permissions on the host is the only reliable fix.