Reputation: 6076
COPY in dockerfile changes from expected user to root user
I've hit a wall on trying to user the COPY command in a dockerfile. When building with --privileged, it's not a problem, but that switch is not viable from a security standpoint. Here's what's happening:
- List the files on the host -> they all show as user123
- Show user name and uid/gid in the container -> they all correspond to user123
- Issue a COPY inside the container
- List the files inside the container -> they all show as root
For the last item above, I would like the files to show as user123.
I've tried/confirmed the following:
- Create and set the userid/groupid in the dockerfile using groupadd/useradd/USER
- Set USER in docker file by name
- Set USER in docker file by id's
- Pass in uid/gid from host to dockerfile via ARGS
- chown the files after the COPY -> access denied
- Confirmed host user is a member of the docker group
I've also tried COPY --chown in the dockerfile, but that option isn't available because the docker server version is stuck in the stone ages (1.13).
To state the obvious, this is occurring during a docker build.
Upvotes: 3
Views: 1386
Answers (1)
Reputation: 20196
If you can't use COPY --chown why don't you RUN chown after copy?
RUN chown -R 123:123 file
Also why do you have to build the image on the server? You can build it elsewhere, where a more recent Docker version is available. Then deliver the image to the server via repository or through export/import.
Upvotes: 3
Related Questions
- Docker Copy and change owner
- How do I Docker COPY as non root?
- Docker COPY command give 777 access to the copied file
- How To Docker Copy to user root ~
- File ownership after docker cp
- Setup different user permissions on files copied in Dockerfile
- Dockerfile: COPY does not work (even tho he can find the file)
- Non-root user in Docker
- Docker COPY behaving inconsistently
- Docker, strange issue with permissions in copied resources