Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

WORKDIR doesn't respect USER when creating directories #20295

Closed
dmolesUC opened this issue Feb 13, 2016 · 10 comments
Closed

WORKDIR doesn't respect USER when creating directories #20295

dmolesUC opened this issue Feb 13, 2016 · 10 comments
Labels
area/builder kind/enhancement Enhancements are not bugs or new features but can improve usability or performance.

Comments

@dmolesUC
Copy link

To reproduce, build an image from the following Dockerfile:

FROM centos:7
RUN mkdir -p /apps/foo
RUN useradd -d /apps/foo foo && \
    chown -R foo:foo /apps/foo
USER foo
WORKDIR /apps/foo/bar
RUN mkdir baz

Expected:

  • directory /apps/foo/bar is owned by user foo
  • directory /apps/foo/bar/baz is created

Actual:

  • directory /apps/foo/bar is owned by root

    $ ls -dal /apps/foo/bar
    drwxr-xr-x 2 root root 4096 Feb 13 00:26 /apps/foo/bar
    
  • the RUN mkdir baz step fails with

    mkdir: cannot create directory 'baz': Permission denied
    The command '/bin/sh -c mkdir baz' returned a non-zero code: 1
    
@dmolesUC
Copy link
Author

Given that it's documented that USER only affects RUN, CMD and ENTRYPOINT, I suppose this is a feature request. But the current behavior seems arbitrary and un-obvious, documented or not.

@AkihiroSuda
Copy link
Member

@dmolesUC3 Is this AUFS specific?
Very similar to #20240

@thaJeztah
Copy link
Member

the current behavior seems arbitrary and un-obvious, documented or not.

There are a couple of oversights in the way USER interacts with other commands; the same, e.g., applies to COPY and ADD, which also don't respect USER. Unfortunately, we won't be able to change that behavior without causing backward incompatible issue (the Dockerfile format is not versioned), so I'm not sure we can address this

@thaJeztah thaJeztah added area/builder kind/enhancement Enhancements are not bugs or new features but can improve usability or performance. labels Feb 15, 2016
@dmolesUC
Copy link
Author

the Dockerfile format is not versioned

Oops. Configuration flag, maybe? Transition to making it the default over, I don't know, the next three years?

@dmolesUC
Copy link
Author

@AkihiroSuda I'm using AUFS (4.1.13-boot2docker on Virtual Box on MacOS) but I couldn't tell you if it's AUFS-specific.

@LK4D4
Copy link
Contributor

LK4D4 commented Oct 18, 2016

It's still a pain point. Flags for instructions were introduced, but we still afraid of using them. Probably just better to be aware :/

@thaJeztah
Copy link
Member

We discussed this, and while we see it's inconvenient, the best option is to create the workdir in advance, with the correct user. For that reason, we think we should close this.

@phil294
Copy link

phil294 commented Jun 8, 2019

@thaJeztah seeing the negative response to this decision, would you mind elaborating on why this was declined?

@thaJeztah
Copy link
Member

It would be a breaking change #20295 (comment), also, workdir should (in hindsight) not have automatically created the directory

@TonyTromp
Copy link

+1 Add --chown to WORKDIR

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
area/builder kind/enhancement Enhancements are not bugs or new features but can improve usability or performance.
Projects
None yet
Development

No branches or pull requests

6 participants