Docker Copy and change owner

docker file-permissions dockerfile
116,567

Solution 1

I think I found a solution, which works. Using a data volume container will do the trick. First I create the Data Volume Container, which contains the copy of my external directory:

FROM busybox
RUN mkdir /data
VOLUME /data
COPY /test /data/test
CMD /bin/sh

In my application container, where I have my users, which could look something like this

FROM ubuntu
RUN groupadd mygroup
RUN useradd -ms /bin/bash -G mygroup john
COPY setpermissions.sh /root/setpermissions.sh
CMD /root/setpermissions.sh && /bin/bash

The setpermissions script does the job of setting the user permissions:

#!/bin/bash

if [ ! -e /data/.bootstrapped ] ; then
  chown -R john:mygroup /data
  touch /data/.bootstrapped
fi

Now I just have to use the --volumes-from <myDataContainerId> when running the application container.

Solution 2

A --chown flag has finally been added to COPY:

COPY --chown=patrick hostPath containerPath

This new syntax seems to work on Docker 17.09.

See the PR for more information.

Share:
116,567

Related videos on Youtube

Christian Metzler
Author by

Christian Metzler

Updated on July 29, 2020

Comments

  • Christian Metzler
    Christian Metzler almost 4 years

    Given the following Dockerfile

    FROM ubuntu
RUN groupadd mygroup
RUN useradd -ms /bin/bash -G mygroup john
MKDIR /data
COPY test/ /data/test data
RUN chown -R john:mygroup /data
CMD /bin/bash

    In my test directory, which is copied I have set the file permissions to 770.

    If I do a su john inside my container, I cannot access any of the files or subdirectories in my test directory. It seems this problem is related to the ownership in the aufs filesystem, where the copied directory still is owned by root and permissions are set to 770.

    Is there a workaround for this problem to set the permissions correctly? One could be to set the permissions of the original directory to the uid of the container user before copying it. But this seems more like a hack.

    • user2915097
      user2915097 about 9 years
      before the COPY and the MKDIR I think you should have a USER john
    • Christian Metzler
      Christian Metzler about 9 years
      Perhaps this could work, but I would have to create the complete directory structure which is copied and so this is not acceptable.
  • Charan
    Charan over 6 years
    for me it worked with --chown=user:group , I had that user and group created in container
  • Andras Gyomrey
    Andras Gyomrey about 6 years
    This is just the same you had before. You should consider accepting the other answer as correct. It uses an official docker flag for it without scripting.
  • Torque
    Torque almost 5 years
    Thanks for that comment, I used the normal user.group syntax and it didn't work, glad I stumbled across this.
  • Robin Thoni
    Robin Thoni over 4 years
    @Torque Where is user.group the "normal" syntax? A . is usually accepted as part of a username, so I'm a bit suspicious/curious on why one would use it as a separator...
  • Sat93
    Sat93 almost 4 years
    In docker version: 19.03.9, even ADD --chown=user:group or UID:GID works well.
  • Vassilis
    Vassilis over 3 years
    Please consider accepting the other answer to also help other people! Additionally, you probably should just do RUN <fullpath_of_setpermissions.sh> in your Dockerfile
  • Doctor Eval
    Doctor Eval about 3 years
    For whatever it's worth, user.group used to be common. I can't give you a reference but I think it might have been used in Sun's YP. Anyway, the "normal" format changed from user.group to user:group at some point, but as is the nature of these things, both formats frequently work, it's not surprising that someone who's been around a while might get tricked.

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?
How to troubleshoot crashes detected by Google Play Store for Flutter app
Cupertino DateTime picker interfering with scroll behaviour
Why does awk -F work for most letters, but not for the letter "t"?
Flutter change focus color and icon color but not works
How to print and connect to printer using flutter desktop via usb?
Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0
Flutter Dart - get localized country name from country code
navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage
Android Sdk manager not found- Flutter doctor error
Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)
How to change the color of ElevatedButton when entering text in TextField

Related

Fixing World-writable MySql error in Docker
File ownership after docker cp
AWS credentials during Docker build process
Dockerfile: Is there any way to read variables from .env file
Reloading code in a dockerized node.js app with docker-compose
How to resolve "Cannot retrieve .Id from docker" when building Docker image using Jenkins pipeline
Docker swarm: 'build' configuration in docker compose file ignored during stack deployment
how to correctly use system user in docker container
\Dockerfile: The system cannot find the file specified
dockerize a wpf application and use it