New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
COPY command ignores USER, sets file ownership to root #13020
Comments
Hi! We would like to take this time to remind you of the information we need to debug the problem you are seeing. This is an automated response so if this ticket is not about a bug, do not fret. If you fail to provide this information within 7 days, we will close this because we cannot debug your issue. We can reopen whenever the information is provided. Thank you. Please see: Description of problem:
`docker version`:
`docker info`:
`uname -a`:
Environment details (AWS, VirtualBox, physical, etc.):
How reproducible:
Steps to Reproduce:
1.
2.
3.
Actual Results:
Expected Results:
Additional info:
#ENEEDMOREINFO |
I believe this is a dup of #6119 since ADD and COPY are pretty much the same code base |
Turns out that podman is not 1:1 compatible with docker, but in this case it's a good thing, because docker's behaviour is just plain dangerous - even if a container is running as a non-privileged user by default (like, the UBI image runs as the user "default"), they'd still make the files copied with the COPY directive owned by root. Because honoring the permissions would be a breaking change, docker instead introduced a --chown parameter to COPY: moby/moby#13020 https://stackoverflow.com/questions/44766665/how-do-i-docker-copy-as-non-root which podman luckily supports as well. Without this patch, creating the "_output" directory during the build would have failed with a Permission denied.
When building an image from a docker file where you have a sequence like so:
USER jim
COPY app/* /u01/app
The copied files will be owned by root rather than by jim.
The text was updated successfully, but these errors were encountered: