Docker Copy and change owner
Solution 1
I think I found a solution, which works. Using a data volume container will do the trick. First I create the Data Volume Container, which contains the copy of my external directory:
FROM busybox
RUN mkdir /data
VOLUME /data
COPY /test /data/test
CMD /bin/sh
In my application container, where I have my users, which could look something like this
FROM ubuntu
RUN groupadd mygroup
RUN useradd -ms /bin/bash -G mygroup john
COPY setpermissions.sh /root/setpermissions.sh
CMD /root/setpermissions.sh && /bin/bash
The setpermissions script does the job of setting the user permissions:
#!/bin/bash
if [ ! -e /data/.bootstrapped ] ; then
chown -R john:mygroup /data
touch /data/.bootstrapped
fi
Now I just have to use the --volumes-from <myDataContainerId>
when running the application container.
Solution 2
A --chown
flag has finally been added to COPY
:
COPY --chown=patrick hostPath containerPath
This new syntax seems to work on Docker 17.09.
See the PR for more information.
Related videos on Youtube
Christian Metzler
Updated on July 29, 2020Comments
-
Christian Metzler almost 4 years
Given the following Dockerfile
FROM ubuntu RUN groupadd mygroup RUN useradd -ms /bin/bash -G mygroup john MKDIR /data COPY test/ /data/test data RUN chown -R john:mygroup /data CMD /bin/bash
In my test directory, which is copied I have set the file permissions to 770.
If I do a
su john
inside my container, I cannot access any of the files or subdirectories in my test directory. It seems this problem is related to the ownership in the aufs filesystem, where the copied directory still is owned by root and permissions are set to 770.Is there a workaround for this problem to set the permissions correctly? One could be to set the permissions of the original directory to the uid of the container user before copying it. But this seems more like a hack.
-
user2915097 about 9 yearsbefore the
COPY
and theMKDIR
I think you should have aUSER john
-
Christian Metzler about 9 yearsPerhaps this could work, but I would have to create the complete directory structure which is copied and so this is not acceptable.
-
-
Charan over 6 yearsfor me it worked with
--chown=user:group
, I had that user and group created in container -
Andras Gyomrey about 6 yearsThis is just the same you had before. You should consider accepting the other answer as correct. It uses an official docker flag for it without scripting.
-
Torque almost 5 yearsThanks for that comment, I used the normal
user.group
syntax and it didn't work, glad I stumbled across this. -
Robin Thoni over 4 years@Torque Where is
user.group
the "normal" syntax? A.
is usually accepted as part of a username, so I'm a bit suspicious/curious on why one would use it as a separator... -
Sat93 almost 4 yearsIn docker version: 19.03.9, even
ADD --chown=user:group
orUID:GID
works well. -
Vassilis over 3 yearsPlease consider accepting the other answer to also help other people! Additionally, you probably should just do
RUN <fullpath_of_setpermissions.sh>
in yourDockerfile
-
Doctor Eval about 3 yearsFor whatever it's worth, user.group used to be common. I can't give you a reference but I think it might have been used in Sun's YP. Anyway, the "normal" format changed from user.group to user:group at some point, but as is the nature of these things, both formats frequently work, it's not surprising that someone who's been around a while might get tricked.