Home > Back-end >  Almost all files are created by root user in my Docker image
Almost all files are created by root user in my Docker image

Time:07-30

This is my Dockerfile:

FROM python:3.10.5-alpine

ENV PYTHONDONTWRITEBYTECODE=1
ENV PYTHONUNBUFFERED=1

RUN adduser -D appuser

USER appuser

WORKDIR /home/appuser/

COPY requirements.txt .

RUN python -m pip install --user --no-cache-dir --disable-pip-version-check --requirement requirements.txt

COPY . .

ENTRYPOINT [ "./entrypoint.sh" ]

So I create a user called appuser and switch to it as soon as I can before copying anything (I've checked both user and its home folder is created).

But when I browse the filesystem of my image:

~ $ ls -l
total 156
-rwxr-xr-x    1 root     root           335 Jul 28 10:57 Dockerfile
-rw-r--r--    1 appuser  appuser     131072 Jul 28 12:28 db.sqlite3
-rwxr-xr-x    1 root     root           150 Jul 28 11:37 entrypoint.sh
-rwxr-xr-x    1 root     root           685 Jul 28 10:04 manage.py
drwxr-xr-x    2 root     root          4096 Jul 28 10:56 project
-rwxr-xr-x    1 root     root            41 Jul 28 11:56 requirements.txt
drwxr-xr-x    2 root     root          4096 Jul 28 11:50 static
drwxr-xr-x    5 root     root          4096 Jul 28 10:05 venv

... almost everything belongs to root user and this gives me several permission denied errors.

What is my mistake because I assume Docker shouldn't operate under root when I've switched the user?

I know I can add RUN mkdir ~/static to the Dockerfile and get over it, but then what the documentation says about USER command doesn't make sense to me:

The USER instruction sets the user name (or UID) and optionally the user group (or GID) to use as the default user and group for the remainder of the current stage.

CodePudding user response:

Use the optional flag --chown=<user>:<group> with either the ADD or COPY commands.

For example:

COPY --chown=appuser:appuser . .

docker docs

  • Related