-
Notifications
You must be signed in to change notification settings - Fork 2.4k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Filesystem driver does not honor umask #1295
Labels
Comments
Looks like this is because the filesystem driver explicitly specifies https://github.com/docker/distribution/blob/master/registry/storage/driver/filesystem/driver.go#L142 It's probably more correct to use 0666 here, and 0777 for the |
Closed by #1304. |
stefannica
added a commit
to stefannica/distribution
that referenced
this issue
Jul 16, 2020
There was a previous PR relaxing the filsystem driver permissions for files and folders to 0666 and 0777 respectively [1][2], but it was incomplete. This is required to get the registry to honor the umask value. [1] distribution#1304 [2] distribution#1295 Signed-off-by: Stefan Nica <snica@suse.com>
dylanrhysscott
pushed a commit
to digitalocean/docker-distribution
that referenced
this issue
Jan 5, 2023
There was a previous PR relaxing the filsystem driver permissions for files and folders to 0666 and 0777 respectively [1][2], but it was incomplete. This is required to get the registry to honor the umask value. [1] distribution#1304 [2] distribution#1295 Signed-off-by: Stefan Nica <snica@suse.com>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
I would like to have the registry data be group-writable in order to allow automation of periodic cleanup tasks by a non-root user.
I'm using this wrapper as the entrypoint in my Dockerfile to set the umask to 002:
/UMASK_FILE and /UMASK_DIR are created with the correct permissions (664/775), and I've verified that the registry process is running with the correct umask by attaching a debugger to the running process:
However, after pushing an image to the registry, the files and directories under /var/lib/registry/ have permissions 644 and 755 respectively:
Here's the setup:
The text was updated successfully, but these errors were encountered: