initdb failure due to ownership issue

[himani-dangwal]

I am doing a fresh deploymnet of the cloudnative-pg on my aws cluster where for mounting i have storageclass efs-sc-dynamic.

But the inidb scripts fails with the ownership issue . I updated the podSecurityGroup as well but still the issue remains the same

`

apiVersion: helm.toolkit.fluxcd.io/v2beta1
kind: HelmRelease
metadata:
name: postgres-cluster
namespace: postgres-operator
spec:
chart:
spec:
chart: cluster
version: 0.5.0
sourceRef:
kind: HelmRepository
name: postgres-cluster
namespace: postgres-operator
interval: 5m
targetNamespace: postgres-operator
releaseName: postgres-operator
values:
version:
postgresql: "18"
cluster:
instances: 2
imageName: ghcr.io/cloudnative-pg/postgresql:18.0-system-trixie
podSecurityContext:
runAsUser: 26
runAsGroup: 26
fsGroup: 26
fsGroupChangePolicy: "OnRootMismatch"
runAsNonRoot: true
storage:
storageClass: efs-sc-dynamic
size: 1Gi `

error log

{"level":"info","ts":"2026-01-22T09:16:30.05658759Z","msg":"Creating new data directory","logging_pod":"postgres-cluster-1-initdb","pgdata":"/var/lib/postgresql/data/pgdata","initDbOptions":["--username","postgres","-D","/var/lib/postgresql/data/pgdata","--encoding=UTF8","--lc-collate=C","--lc-ctype=C"]}
{"level":"info","ts":"2026-01-22T09:16:31.152535095Z","logger":"initdb","msg":"The files belonging to this database system will be owned by user "postgres".\nThis user must also own the server process.\n\nThe database cluster will be initialized with locale "C".\nThe default text search configuration will be set to "english".\n\nData page checksums are enabled.\n\ncreating directory /var/lib/postgresql/data/pgdata ... ok\ncreating subdirectories ... ok\nselecting dynamic shared memory implementation ... posix\nselecting default "max_connections" ... 20\nselecting default "shared_buffers" ... 400kB\nselecting default time zone ... Etc/UTC\ncreating configuration files ... ok\nrunning bootstrap script ... ","pipe":"stdout","logging_pod":"postgres-cluster-1-initdb"}
{"level":"info","ts":"2026-01-22T09:16:31.152596466Z","logger":"initdb","msg":"2026-01-22 09:16:30.900 UTC [69[] FATAL: data directory "/var/lib/postgresql/data/pgdata" has wrong ownership\n2026-01-22 09:16:30.900 UTC [69] HINT: The server must be started by the user that owns the data directory.\nchild process exited with exit code 1\ninitdb: removing data directory "/var/lib/postgresql/data/pgdata"\n","pipe":"stderr","logging_pod":"postgres-cluster-1-initdb"}
{"level":"error","ts":"2026-01-22T09:16:31.152622006Z","msg":"Error while bootstrapping data directory","logging_pod":"postgres-cluster-1-initdb","error":"error while creating the PostgreSQL instance: exit status 1","stacktrace":"github.com/cloudnative-pg/machinery/pkg/log.(*logger).Error\n\tpkg/mod/github.com/cloudnative-pg/machinery@v0.3.1/pkg/log/log.go:125\ngithub.com/cloudnative-pg/cloudnative-pg/internal/cmd/manager/instance/initdb.initSubCommand\n\tinternal/cmd/manager/instance/initdb/cmd.go:163\ngithub.com/cloudnative-pg/cloudnative-pg/internal/cmd/manager/instance/initdb.NewCmd.func2\n\tinternal/cmd/manager/instance/initdb/cmd.go:112\ngithub.com/spf13/cobra.(*Command).execute\n\tpkg/mod/github.com/spf13/cobra@v1.10.1/command.go:1015\ngithub.com/spf13/cobra.(*Command).ExecuteC\n\tpkg/mod/github.com/spf13/cobra@v1.10.1/command.go:1148\ngithub.com/spf13/cobra.(*Command).Execute\n\tpkg/mod/github.com/spf13/cobra@v1.10.1/command.go:1071\nmain.main\n\tcmd/manager/main.go:71\nruntime.main\n\t/opt/hostedtoolcache/go/1.25.5/x64/src/runtime/proc.go:285"}
Error: error while creating the PostgreSQL instance: exit status 1
stream closed EOF for postgres-operator/postgres-cluster-1-initdb-2k9hg (initdb)

What is to be done for this issue

[dosubot]

Hi @himani-dangwal! I'm Dosu and I’m helping the charts team.

This happens because AWS EFS (and similar NFS-based storage) often mounts volumes with ownership set to root (UID 0) or another fixed UID/GID, which doesn't match the default postgres user (UID 26) in the CloudNativePG container. Kubernetes podSecurityContext settings like runAsUser, runAsGroup, and fsGroup only work if the storage backend honors them—which EFS does not. As a result, initdb fails with a "wrong ownership" error, even if your security context is set correctly in the Helm values.

To resolve this:

1. Check the UID/GID of your EFS mount:
   Launch a debug pod using the same storage class, mount the EFS volume, and run ls -ln to see the UID/GID of the directory.
2. Align the UID/GID:
   • If the EFS directory is owned by a UID/GID other than 26, you have two options:
     • Change the EFS export or directory ownership to UID 26 (if possible).
     • Build a custom PostgreSQL image where the postgres user has the same UID/GID as the EFS volume owner, and set postgresUID/postgresGID in your Cluster spec to match.
       Example Dockerfile:

       FROM ghcr.io/cloudnative-pg/postgresql:18.0-system-trixie
       USER root
       RUN usermod -u <EFS_UID> postgres
       USER <EFS_UID>

       Then set in your Helm values:

       cluster:
         postgresUID: <EFS_UID>
         postgresGID: <EFS_GID>
         imageName: <your-custom-image>

   • Make sure the UID exists in /etc/passwd in your image, or initdb will fail with "user does not exist" errors [source] [source].
3. Note: Changing postgresUID/postgresGID after cluster creation is not supported; you must create a new cluster if you need to change these [source].

There is no built-in support in CloudNativePG to inject a chown/chmod or nss_wrapper at runtime; the storage and user mapping must be aligned before cluster creation [source].

For more details and user experiences, see these relevant threads:

• CloudNativePG issue #5076
• CloudNativePG issue #9401
• CloudNativePG issue #2573

Once the UID/GID is aligned, redeploy your cluster and initdb should succeed.

To reply, just mention @dosu.

---

^{How did I do? Good | Irrelevant | Incorrect | Verbose | Hallucination | Report 🐛 | Other}