Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

ADD command does not seem to honor --chown parameter #5897

Open
a-tunc opened this issue Mar 6, 2025 · 0 comments
Open

ADD command does not seem to honor --chown parameter #5897

a-tunc opened this issue Mar 6, 2025 · 0 comments

Comments

@a-tunc
Copy link

a-tunc commented Mar 6, 2025

Description

I am working on a docker file to create a flutter development environment and learn docker containers. In the process, I stumbled across an incident where docker does not seem to do what it is supposed to, according to manuals.

I am trying to add android-studio.tar tarball into the image and I expect the owner of the target directory to be the one I used in the ADD command's --chown parameter. However it still looks like root.

Reproduce

  1. Here is my rather simple docker file:
FROM eclipse-temurin:17-noble
SHELL ["/bin/bash", "-c"]

#create a non-root user and use it
RUN useradd --base-dir /home --create-home --shell /bin/bash flutter_dev


# surpress "debconf: unable to initialize frontend: Dialog" error messages
ENV DEBIAN_FRONTEND=noninteractive


USER flutter_dev
# ADD --chown=1001:1001 --chmod=766 android-studio-2024.2.2.15-linux.tar.gz /tmp
ADD --chown=flutter_dev:flutter_dev --chmod=766 android-studio-2024.2.2.15-linux.tar.gz /tmp

PS: I tried both UID:GUID and username:groupsname formats. Outcome is still the same.

  1. Build the image with:
docker build --no-cache --progress=plain  --tag 'test' . &> build.log
  1. spin the container:
docker run -it test bash
  1. perform a bash command:
ls -lah /tmp

5.result

Image

Expected behavior

I expect android-studio folder to be owned by flutter_dev:flutter_dev as defined in Docker manual:

All files and directories copied from the build context are created with a UID and GID of 0 unless the optional --chown flag specifies a given username, groupname, or UID/GID combination to request specific ownership of the copied content. The format of the --chown flag allows for either username and groupname strings or direct integer UID and GID in any combination. Providing a username without groupname or a UID without GID will use the same numeric UID as the GID. If a username or groupname is provided, the container's root filesystem /etc/passwd and /etc/group files will be used to perform the translation from name to integer UID or GID respectively

docker version

Client:
 Version:           28.0.0
 API version:       1.48
 Go version:        go1.24.0
 Git commit:        f9ced58158
 Built:             Mon Feb 24 21:55:48 2025
 OS/Arch:           linux/amd64
 Context:           default

Server:
 Engine:
  Version:          28.0.0
  API version:      1.48 (minimum version 1.24)
  Go version:       go1.24.0
  Git commit:       af898abe44
  Built:            Mon Feb 24 21:55:48 2025
  OS/Arch:          linux/amd64
  Experimental:     false
 containerd:
  Version:          v2.0.3
  GitCommit:        06b99ca80cdbfbc6cc8bd567021738c9af2b36ce.m
 runc:
  Version:          1.2.5
  GitCommit:        
 docker-init:
  Version:          0.19.0
  GitCommit:        de40ad0

docker info

Client:
 Version:    28.0.0
 Context:    default
 Debug Mode: false
 Plugins:
  buildx: Docker Buildx (Docker Inc.)
    Version:  0.21.1
    Path:     /usr/lib/docker/cli-plugins/docker-buildx

Server:
 Containers: 2
  Running: 1
  Paused: 0
  Stopped: 1
 Images: 1
 Server Version: 28.0.0
 Storage Driver: overlay2
  Backing Filesystem: extfs
  Supports d_type: true
  Using metacopy: true
  Native Overlay Diff: false
  userxattr: false
 Logging Driver: json-file
 Cgroup Driver: systemd
 Cgroup Version: 2
 Plugins:
  Volume: local
  Network: bridge host ipvlan macvlan null overlay
  Log: awslogs fluentd gcplogs gelf journald json-file local splunk syslog
 Swarm: inactive
 Runtimes: io.containerd.runc.v2 runc
 Default Runtime: runc
 Init Binary: docker-init
 containerd version: 06b99ca80cdbfbc6cc8bd567021738c9af2b36ce.m
 runc version: 
 init version: de40ad0
 Security Options:
  seccomp
   Profile: builtin
  cgroupns
 Kernel Version: 6.6.80-1-MANJARO
 Operating System: Manjaro Linux
 OSType: linux
 Architecture: x86_64
 CPUs: 8
 Total Memory: 15.35GiB
 Name: XXX-XXX
 ID: XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX
 Docker Root Dir: /var/lib/docker
 Debug Mode: false
 Experimental: false
 Insecure Registries:
  ::1/128
  127.0.0.0/8
 Live Restore Enabled: false

Additional Info

Host environment:

CPU: quad core 11th Gen Intel Core i5-1135G7 (-MT MCP-)
speed/min/max: 400/400/4200 MHz Kernel: 6.6.80-1-MANJARO x86_64 Up: 1h 35m
Mem: 3.03/15.35 GiB (19.7%) Storage: 476.94 GiB (36.0% used) Procs: 263
Shell: Zsh inxi: 3.3.37

LSB Version: n/a
Distributor ID: ManjaroLinux
Description: Manjaro Linux
Release: 25.0.0
Codename: Zetar

Currently running:6.6.80-1-MANJARO (linux66)
The following kernels are installed in your system:

  • linux66
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

No branches or pull requests

1 participant