Docker Compose SQL Server Permission Issue Solution

TLDR

• SQL Server container startup fails with an Access is denied error because the permissions of the mounted local volume directory do not meet the requirements of the mssql user (UID 10001) inside the container.
• The standard solution is to manually create the directory structure and then change the directory owner to 10001:0.
• Execute the command: chown -R 10001:0 volumes to resolve most permission issues.
• Ensure the local directory structure is fully created before starting the container.
• In the SQL Server 2025 image, the sqlcmd path has been changed to /opt/mssql-tools18/bin/sqlcmd.

Environment Setup and Problem Scenario

When using Docker Compose to set up SQL Server in a WSL environment, you often encounter an Access is denied permission error if you mount a local directory directly as a Volume.

When does this issue occur: When the Docker container runs as a non-root user (mssql, UID 10001), but the owner of the locally mounted directory is not that UID, the container cannot write to the database files.

services:
  SQL-Server:
    image: mcr.microsoft.com/mssql/server:2022-latest
    container_name: SQL-Server
    ports:
      - "1433:1433"
    volumes:
      - ./volumes/data:/var/opt/mssql/data
      - ./volumes/log:/var/opt/mssql/log
      - ./volumes/backup:/var/opt/mssql/backup
    environment:
      ACCEPT_EULA: "Y"
      SA_PASSWORD: "YourStrongPassword123!"

WARNING

In the SQL Server 2025 image, the path for sqlcmd has been changed from /opt/mssql-tools/bin/sqlcmd to /opt/mssql-tools18/bin/sqlcmd.

Permission Denied Error Analysis

When the container starts, SQL Server attempts to copy system data files to the mounted directory but fails due to insufficient permissions:

ERROR: BootstrapSystemDataDirectories() failure (HRESULT 0x80070005)
00:00:07.43 Server ERROR: Setup FAILED copying system data file 'C:\templatedata\master.mdf' to '/var/opt/mssql/data/master.mdf': 5(Access is denied.)

Standard Solution

To ensure data persistence and correct permissions, follow these steps:

1. Create the folder structure: Before running docker-compose up, you must ensure the local directories already exist.

   mkdir -p volumes/data volumes/log volumes/backup

2. Set directory permissions: Change the directory owner to the mssql user (UID 10001) inside the container.

   chown -R 10001:0 volumes

TIP

Testing shows that in most cases, you only need to run the chown command; there is no need to adjust group permissions additionally.

3. Start the container:

   docker-compose up -d

Detailed Permission Commands

For stricter permission control, you can refer to the following command combination:

• chgrp -R 0 volumes: Change the group owner of the directory and its contents to the root group (GID 0).
• chmod -R g=u volumes: Set group permissions to be the same as user permissions.
• chown -R 10001:0 volumes: Set the owner to UID 10001 (mssql user) and the group to root.

By setting the owner to UID 10001, the SQL Server container gains full read/write access to the mounted directory, thereby resolving the Access is denied issue.

Change Log

• 2025-08-24 Initial document creation.
• 2025-11-04 Added complete operational steps, explaining the need to create subdirectories before setting permissions.
• 2026-02-05 Added a tip for the simplified permission setting solution, noting that in most cases, only the third command needs to be executed.
• 2026-03-16 Added information regarding the mssql-tools path change in SQL Server 2025.