chowning a docker folder from dockerfile

Question

I'm trying to change a just created folder persimisions on Dockerfile in order to create an custom elasticsearch image.

I don't quite figure out why once the image is pulled and elasticsearch is working, the folder permissions keep without changes.

I'm just trying to create a backup folder under /usr/share/elasticsearch. Once it's created I change permissions:

COPY ./backup.sh .
RUN ["chmod", "+x", "./backup.sh"]
CMD ["./backup.sh"]

where backup.sh file content is:

mkdir backup
chown -R elasticsearch:elasticsearch ./backup

backup folder is created under /usr/share/elasticsearch, nevertheless, its permissions remains unchanged:

#docker exec -it es ls -la /usr/share/elasticsearch
drwxr-xr-x.  1 root          root          4096 Jan 16 12:11 .
drwxr-xr-x.  1 root          root          4096 Aug 31 17:30 ..
drwxr-xr-x.  2 >>>>root<<<<  >>>>root<<<<  4096 Jan 16 12:03 backup <<<<<<<<<<<<<<<<<
-rwxr-xr-x.  1 root          root            58 Jan 16 12:02 backup.sh
drwxr-xr-x.  2 root          root          4096 Jan 16 12:11 bin
drwxr-xr-x.  3 elasticsearch elasticsearch 4096 Jan 16 12:11 config
drwxr-xr-x.  3 elasticsearch elasticsearch 4096 Jan 16 12:11 data
drwxr-xr-x.  2 root          root          4096 Jan 16 12:11 lib
drwxr-xr-x.  2 elasticsearch elasticsearch 4096 Aug 31 17:30 logs
drwxr-xr-x.  5 root          root          4096 Jan 16 12:11 modules
drwxr-xr-x.  2 elasticsearch elasticsearch 4096 Aug 29 09:24 plugins

Any ideas?

EDIT

Dockerfile:

FROM elasticsearch:2.4

COPY ./backup.sh .
RUN ["chmod", "+x", "./backup.sh"]
CMD ["./backup.sh"]

VOLUME /usr/share/elasticsearch/backup

backup.sh:

mkdir backup
chown -R elasticsearch:elasticsearch ./backup

EDIT2

I've just got the idea from official elasticsearch:2.4 dockerfile. I pose the fragment:

WORKDIR /usr/share/elasticsearch

RUN set -ex \
    && for path in \
        ./data \
        ./logs \
        ./config \
        ./config/scripts \
    ; do \
        mkdir -p "$path"; \
        chown -R elasticsearch:elasticsearch "$path"; \
done

VOLUME /usr/share/elasticsearch/data

I've also tried this:

WORKDIR /usr/share/elasticsearch

RUN set -ex \
    && for path in \
        ./backup \
    ; do \
        mkdir -p "$path"; \
        chown -R elasticsearch:elasticsearch "$path"; \
done

VOLUME /usr/share/elasticsearch/backup

However, backup is assigned to root:root instead of elasticsearch:elasticsearch:

#docker exec -it es ls -la /usr/share/elasticsearch
drwxr-xr-x. 10 root          root          4096 Jan 17 08:02 .
drwxr-xr-x. 51 root          root          4096 Aug 31 17:30 ..
drwxr-xr-x.  2 root          root          4096 Jan 17 08:06 backup  <<<<<<<<<<<<
drwxr-xr-x.  2 root          root          4096 Jan 17 08:08 bin
drwxr-xr-x.  3 elasticsearch elasticsearch 4096 Jan 17 08:08 config
drwxr-xr-x.  3 elasticsearch elasticsearch 4096 Jan 17 08:08 data
drwxr-xr-x.  2 root          root          4096 Jan 17 08:08 lib
drwxr-xr-x.  2 elasticsearch elasticsearch 4096 Aug 31 17:30 logs
drwxr-xr-x.  5 root          root          4096 Jan 17 08:08 modules
drwxr-xr-x.  2 elasticsearch elasticsearch 4096 Aug 29 09:24 plugins

Answer 1

VOLUME /usr/share/elasticsearch/backup

You appear to be mounting this directory as a volume into your container. When that happens, the contents of that volume, including permissions of the directory and any contained files, will replace what is provided by the image. You can't change permissions of an existing volume by rebuilding the image, the volume is not mounted during the image creation. However, if you use a named volume, it will be initialized with the contents of the image at this folder location. If you use a host volume, directly mounting a host path into the container, this will always be exactly the contents of the host directory without any initialization.