Must be root to run pwsh in Alpine

[fib0nacci]

Steps to reproduce

Create a DockerFIle that sources an Alpine container of PowerShell as follows:

FROM mcr.microsoft.com/powershell:6.2.0-alpine-3.8

# create a non-root user
RUN addgroup -S pstest && adduser -S -G pstest pstest

# copy the script in a folder:
COPY pstest.ps1 /opt/pstest/

# change permissions for the script:
RUN chmod +xxx /opt/pstest/pstest.ps1

# use the pstest user for the container
USER pstest

# set the entry point
ENTRYPOINT ["/opt/pstest/pstest.ps1"]

Create a PowerShell script that sets the interpreter to pwsh, and then writes "Hello world"

#!/opt/microsoft/powershell/6/pwsh
Write-Host "Hello world"

Expected behavior

The PowerShell script will run and output "Hello world"

Actual behavior

Receive an error stating " exec user process caused "permission denied" "

Upon investigation, found that the permissions on /opt/microsoft/powershell/6/pwsh/ contains:

-rwxrw-rw- 1 root root 122216 Mar 25 17:42 pwsh

which indicates that only root may run pwsh. However, if the same steps are performed using an Ubuntu container, the permissions are:

-rwxr-xr-x 1 root root 106912 Mar 25 17:40 pwsh

Environment data

Docker info:

Containers: 32
 Running: 1
 Paused: 0
 Stopped: 31
Images: 525
Server Version: 18.09.2
Storage Driver: overlay2
 Backing Filesystem: extfs
 Supports d_type: true
 Native Overlay Diff: true
Logging Driver: json-file
Cgroup Driver: cgroupfs
Plugins:
 Volume: local
 Network: bridge host macvlan null overlay
 Log: awslogs fluentd gcplogs gelf journald json-file local logentries splunk syslog
Swarm: inactive
Runtimes: runc
Default Runtime: runc
Init Binary: docker-init
containerd version: 9754871865f7fe2f4e74d43e2fc7ccd237edcbce
runc version: 09c8266bf2fcf9519a651b04ae54c967b9ab86ec
init version: fec3683
Security Options:
 seccomp
  Profile: default
Kernel Version: 4.9.125-linuxkit
Operating System: Docker for Mac
OSType: linux
Architecture: x86_64
CPUs: 4
Total Memory: 1.952GiB
Name: linuxkit-025000000001
ID: UICA:K5OL:GRYP:NCWL:UPFI:UOSJ:7ZTD:XEOW:TPYV:URZT:YIIU:O2UH
Docker Root Dir: /var/lib/docker
Debug Mode (client): false
Debug Mode (server): true
 File Descriptors: 34
 Goroutines: 66
 System Time: 2019-04-24T19:53:20.4337853Z
 EventsListeners: 2
HTTP Proxy: gateway.docker.internal:3128
HTTPS Proxy: gateway.docker.internal:3129
Registry: https://index.docker.io/v1/
Labels:
Experimental: false
Insecure Registries:
 127.0.0.0/8
Live Restore Enabled: false
Product License: Community Engine

PowerShell info:

Name                           Value
----                           -----
PSVersion                      6.2.0
PSEdition                      Core
GitCommitId                    6.2.0
OS                             Linux 4.9.125-linuxkit #1 SMP Fri Sep 7 08:20:28 UTC 2018
Platform                       Unix
PSCompatibleVersions           {1.0, 2.0, 3.0, 4.0…}
PSRemotingProtocolVersion      2.3
SerializationVersion           1.1.0.1
WSManStackVersion              3.0

[paulpc]

Also, notice that pwsh is world writable on alpine

[TravisEz13]

@paulpc Please open a new issue for the world writable as this issue is already fix.
https://github.com/PowerShell/PowerShell-Docker/pull/214/files

I'm deploying the fixed images now.

[TravisEz13]

@paulpc Opened PR #221 for the Writable issue.