Not using sudo when creating directory when creating new Canasta instance?

[jeffw16]

➜  Development sudo canasta create -i canasta-fileauth -n localhost -w "FileAuth Test" -a admin -o docker-compose
2023/06/17 18:00:33 Using /etc/canasta for configuration...
Enter the admin password (Press Enter to autogenerate the password): 
Re-enter the admin password: 
Creating Canasta installation 'canasta-fileauth'...
Creating network "canasta-fileauth_default" with the default driver
Creating volume "canasta-fileauth_mysql-data-volume" with default driver
Creating volume "canasta-fileauth_elasticsearch" with default driver
Creating volume "canasta-fileauth_caddy-data" with default driver
Creating volume "canasta-fileauth_sitemap" with default driver
Creating canasta-fileauth_caddy_1 ... 
Creating canasta-fileauth_varnish_1 ... 
Creating canasta-fileauth_elasticsearch_1 ... 
Creating canasta-fileauth_db_1            ... 
Creating canasta-fileauth_elasticsearch_1 ... done
Creating canasta-fileauth_varnish_1       ... done
Creating canasta-fileauth_caddy_1         ... done
Creating canasta-fileauth_db_1            ... done
Creating canasta-fileauth_web_1           ... 
Creating canasta-fileauth_web_1           ... error

ERROR: for canasta-fileauth_web_1  Cannot start service web: error while creating mount source path '/Users/jeffrey/Documents/Development/canasta-fileauth/images': mkdir /Users/jeffrey/Documents/Development/canasta-fileauth/images: operation not permitted

ERROR: for web  Cannot start service web: error while creating mount source path '/Users/jeffrey/Documents/Development/canasta-fileauth/images': mkdir /Users/jeffrey/Documents/Development/canasta-fileauth/images: operation not permitted
Encountered errors while bringing up the project.

A fatal error occured during the installation.
Do you want to keep the files related to it? (y/n)
y
Keeping all the containers and config files
Exiting

[freephile]

This error may have to do with the host system umask setting in /etc/profile (or elsewhere)

On the system in question, as user Jeffrey, what do you get when you issue the umask command? What is the output of sudo umask? Note: you can use umask -S to show the symbolic output instead of octal values.

[freephile]

btw, I encountered a system today where a non-standard umask policy was in place (umask 0077) which totally breaks Canasta. The non-standard umask results in containers not working since, for example, MySQL can't read its own configs (/etc/my.cnf) and volume mounts; everything in the ./config directory has incorrect (restrictive) permissions.

This might be solved with an extra step in CLI usage. For example:

Enter umask into your terminal. If the printout is anything other than 0022, set the appropriate umask for your terminal session by entering OLDUMASK=umask && umask 0022
This will ensure that all files and directories created by the Canasta CLI carry the expected permissions.
When your CLI work is complete, you can switch back to the local setup with umask=$OLDUMASK

There is a long-standing feature request in Docker to add umask as an option in the Docker CLI. Although that is NOT our use-case, that ticket and related tickets do give some good insights, solutions, and background to a whole set of "permissions" problems.