greenthunder
greenthunder

Reputation: 727

Dockerfile failed to change user access

I want to run jenkins on docker and change the user access so could read the SSH key and access git. Here is sample of the dockerfile

FROM jenkins/jenkins:lts

USER root 

COPY --chown=jenkins:jenkins id_rsa $JENKINS_HOME/.ssh/id_rsa
COPY --chown=jenkins:jenkins id_rsa.pub $JENKINS_HOME/.ssh/id_rsa.pub
RUN /bin/bash -c 'ls -la $JENKINS_HOME/.ssh; chmod 600 -R $JENKINS_HOME/.ssh; ls -la $JENKINS_HOME/.ssh'

The output upon build is a success, access has been changed!

Step 3/3 : RUN /bin/bash -c 'ls -la $JENKINS_HOME/.ssh; chmod 600 -R $JENKINS_HOME/.ssh; ls -la $JENKINS_HOME/.ssh'
 ---> Running in 137d1a4f9f6d
total 16
drwxr-xr-x 2 jenkins jenkins 4096 Jan  8 04:11 .
drwxr-xr-x 3 jenkins jenkins 4096 Jan  8 04:11 ..
-rwxr-xr-x 1 jenkins jenkins 1843 Jan  2 02:33 id_rsa
-rwxr-xr-x 1 jenkins jenkins  413 Jan  2 02:33 id_rsa.pub
total 16
drw------- 2 jenkins jenkins 4096 Jan  8 04:11 .
drwxr-xr-x 3 jenkins jenkins 4096 Jan  8 04:11 ..
-rw------- 1 jenkins jenkins 1843 Jan  2 02:33 id_rsa
-rw------- 1 jenkins jenkins  413 Jan  2 02:33 id_rsa.pub
Removing intermediate container 137d1a4f9f6d
 ---> 7d6334d2b044

However when I go inside the /bin/bash the access is set to default, the chmod was not working

jenkins@f49048ec8c88:/$ ls -al /var/jenkins_home/.ssh/
total 16
drwxr-xr-x  2 jenkins jenkins 4096 Jan  8 04:25 .
drwxr-xr-x 16 jenkins jenkins 4096 Jan  8 04:26 ..
-rwxr-xr-x  1 jenkins jenkins 1843 Jan  2 02:33 id_rsa
-rwxr-xr-x  1 jenkins jenkins  413 Jan  2 02:33 id_rsa.pub

any idea why the behavior is this way?

Upvotes: 1

Views: 815

Answers (2)

Shashank V
Shashank V

Reputation: 11243

This happened because $JENKINS_HOME is defined as VOLUME in jenkins:lts base image. You can workaround this in any of the 3 ways

  1. You can fix the permissions on host machine before building and it should work.

  2. You can use multi stage build, change the permission and copy files from first stage

FROM jenkins/jenkins:lts as base
USER root
COPY --chown=jenkins:jenkins id_rsa /tmp/ssh_keys/
COPY --chown=jenkins:jenkins id_rsa.pub  /tmp/ssh_keys/
RUN chmod 600 -R /tmp/ssh_keys

FROM jenkins/jenkins:lts
USER root
COPY --chown=jenkins:jenkins --from=base /tmp/ssh_keys $JENKINS_HOME/.ssh
  1. You can copy and change permissions of the files in a temporary directory as part of build. As part of your startup script(entrypoint), you can copy them from the temporary directory to actual directory.

Upvotes: 3

rt.jar
rt.jar

Reputation: 168

Because the command /bin/bash is just for that session. If you want it to be permanent, put it inside .profile.

Upvotes: 0

Related Questions