Docker and file system volmes

Versions (relevant - OpenSearch/Dashboard/Server OS/Browser):
docker images: v1.3.20

Describe the issue:
I am trying to get OpenSearch up and running in docker using file system volumes (not docker native volumes) and it seems no matter what I do I am not able to address all of the various permission issues. I have tried pre-creating folders and setting the permissions before starting, I have tried created zero-byte files and setting the permissions before starting, and still, I get more errors. It seems like all files are created under root and then access is attempted under uid 1000 which seems odd. Is this a bug?

Configuration:
docker running on ubuntu server

  opensearch-node1:
    # hub.docker.com/r/opensearchproject/opensearch
    container_name: opensearch-node1
    image: opensearchproject/opensearch:latest
    env_file: 
      - .env.opensearch-node1
    environment:
      - bootstrap.memory_lock=true # Disable JVM heap memory swapping
      - cluster.initial_cluster_manager_nodes=opensearch-node1,opensearch-node2 # Nodes eligible to serve as cluster manager
      - cluster.name=opensearch-cluster # Name the cluster
      - discovery.seed_hosts=opensearch-node1,opensearch-node2 # Nodes to look for when discovering the cluster
      - network.host=0.0.0.0 
      - node.name=opensearch-node1 # Name the node that will run in this container
      - plugins.security.ssl.http.enabled=false 
      - plugins.security.ssl.transport.enabled=false 
    volumes:
      - /etc/localtime:/etc/localtime:ro 
      - ${PWD}/data/opensearch-node1/config:/usr/share/opensearch/config:rw 
      - ${PWD}/data/opensearch-node1/data:/usr/share/opensearch/data:rw 
    networks:
      - web 
    ulimits:
      memlock:
        soft: -1
        hard: -1
    privileged: false
    security_opt:
      - no-new-privileges:true

Relevant Logs or Screenshots:

Exception in thread "main" java.nio.file.NoSuchFileException: /usr/share/opensearch/config/jvm.options
opensearch-node1       | 	at java.base/sun.nio.fs.UnixException.translateToIOException(UnixException.java:92)
opensearch-node1       | 	at java.base/sun.nio.fs.UnixException.rethrowAsIOException(UnixException.java:106)
opensearch-node1       | 	at java.base/sun.nio.fs.UnixException.rethrowAsIOException(UnixException.java:111)
opensearch-node1       | 	at java.base/sun.nio.fs.UnixFileSystemProvider.newByteChannel(UnixFileSystemProvider.java:261)
opensearch-node1       | 	at java.base/java.nio.file.Files.newByteChannel(Files.java:379)
opensearch-node1       | 	at java.base/java.nio.file.Files.newByteChannel(Files.java:431)
opensearch-node1       | 	at java.base/java.nio.file.spi.FileSystemProvider.newInputStream(FileSystemProvider.java:420)
opensearch-node1       | 	at java.base/java.nio.file.Files.newInputStream(Files.java:159)
opensearch-node1       | 	at org.opensearch.tools.launchers.JvmOptionsParser.readJvmOptionsFiles(JvmOptionsParser.java:180)
opensearch-node1       | 	at org.opensearch.tools.launchers.JvmOptionsParser.jvmOptions(JvmOptionsParser.java:141)
opensearch-node1       | 	at org.opensearch.tools.launchers.JvmOptionsParser.main(JvmOptionsParser.java:108)

The user ID 1000 corresponds with the opensearch user in the container. This is correct. If you’re mapping files from your host filesystem then files should be assigned to a user with ID 1000 and group ID 1000 to avoid any permission issues.

I’ve noticed that you’re mapping the full config folder. The reported error complains about a missing file.

You need to remember that /usr/share/opensearch/config contains a lot of config files, SSL certificates and plugin folders (opensearch-security).
I suggest mapping individual files instead.