Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

WORKDIR doesn't respect USER when creating directories #20295

Closed
dmolesUC opened this issue Feb 13, 2016 · 9 comments
Closed

WORKDIR doesn't respect USER when creating directories #20295

dmolesUC opened this issue Feb 13, 2016 · 9 comments

Comments

@dmolesUC
Copy link

@dmolesUC dmolesUC commented Feb 13, 2016

To reproduce, build an image from the following Dockerfile:

FROM centos:7
RUN mkdir -p /apps/foo
RUN useradd -d /apps/foo foo && \
    chown -R foo:foo /apps/foo
USER foo
WORKDIR /apps/foo/bar
RUN mkdir baz

Expected:

  • directory /apps/foo/bar is owned by user foo
  • directory /apps/foo/bar/baz is created

Actual:

  • directory /apps/foo/bar is owned by root

    $ ls -dal /apps/foo/bar
    drwxr-xr-x 2 root root 4096 Feb 13 00:26 /apps/foo/bar
    
  • the RUN mkdir baz step fails with

    mkdir: cannot create directory 'baz': Permission denied
    The command '/bin/sh -c mkdir baz' returned a non-zero code: 1
    
@dmolesUC

This comment has been minimized.

Copy link
Author

@dmolesUC dmolesUC commented Feb 13, 2016

Given that it's documented that USER only affects RUN, CMD and ENTRYPOINT, I suppose this is a feature request. But the current behavior seems arbitrary and un-obvious, documented or not.

@AkihiroSuda

This comment has been minimized.

Copy link
Member

@AkihiroSuda AkihiroSuda commented Feb 15, 2016

@dmolesUC3 Is this AUFS specific?
Very similar to #20240

@thaJeztah

This comment has been minimized.

Copy link
Member

@thaJeztah thaJeztah commented Feb 15, 2016

the current behavior seems arbitrary and un-obvious, documented or not.

There are a couple of oversights in the way USER interacts with other commands; the same, e.g., applies to COPY and ADD, which also don't respect USER. Unfortunately, we won't be able to change that behavior without causing backward incompatible issue (the Dockerfile format is not versioned), so I'm not sure we can address this

@dmolesUC

This comment has been minimized.

Copy link
Author

@dmolesUC dmolesUC commented Feb 16, 2016

the Dockerfile format is not versioned

Oops. Configuration flag, maybe? Transition to making it the default over, I don't know, the next three years?

@dmolesUC

This comment has been minimized.

Copy link
Author

@dmolesUC dmolesUC commented Feb 16, 2016

@AkihiroSuda I'm using AUFS (4.1.13-boot2docker on Virtual Box on MacOS) but I couldn't tell you if it's AUFS-specific.

@LK4D4

This comment has been minimized.

Copy link
Contributor

@LK4D4 LK4D4 commented Oct 18, 2016

It's still a pain point. Flags for instructions were introduced, but we still afraid of using them. Probably just better to be aware :/

@thaJeztah

This comment has been minimized.

Copy link
Member

@thaJeztah thaJeztah commented Oct 19, 2016

We discussed this, and while we see it's inconvenient, the best option is to create the workdir in advance, with the correct user. For that reason, we think we should close this.

@phil294

This comment has been minimized.

Copy link

@phil294 phil294 commented Jun 8, 2019

@thaJeztah seeing the negative response to this decision, would you mind elaborating on why this was declined?

@thaJeztah

This comment has been minimized.

Copy link
Member

@thaJeztah thaJeztah commented Jun 8, 2019

It would be a breaking change #20295 (comment), also, workdir should (in hindsight) not have automatically created the directory

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
5 participants
You can’t perform that action at this time.