I cannot understand why I am not able to remove directories copied with COPY --chown user:group
as the user
inside my container.
File tree:
.
├── Dockerfile.copy
├── Dockerfile.run
└── build
└── file.txt
Dockerfile.copy
FROM alpine:latest
WORKDIR /opt/app
RUN addgroup -g 98765 -S mygroup && adduser -S -u 56789 -G mygroup -D myuser
COPY --chown=myuser:mygroup build /opt/app/build
USER myuser:mygroup
in the CLI:
$ docker build --file=Dockerfile.copy --tag=copy:latest --progress="plain" .
> ... building
$ docker run copy:latest whoami
> myuser
$ docker run copy:latest ls -altrh
> total 12K
> drwxr-xr-x 1 root root 4.0K Jan 13 09:25 ..
> drwxr-xr-x 4 myuser mygroup 4.0K Jan 13 09:26 build
> drwxr-xr-x 1 root root 4.0K Jan 13 09:26 .
$ docker run copy:latest rm -rf build
> rm: can't remove 'build': Permission denied
Error received when running rm -rf build
is:
rm: can't remove 'build': Permission denied
Whereas in the other image, when I use RUN chown
, I am able to remove the directory without errors.
Dockerfile.run
FROM alpine:latest
WORKDIR /opt/app
RUN addgroup -g 98765 -S mygroup && adduser -S -u 56789 -G mygroup -D myuser
COPY build /opt/app/build
RUN chown -R myuser:mygroup /opt/app
USER myuser:mygroup
then in CLI:
$ docker build --file=Dockerfile.run --tag=run:latest --progress="plain" .
> ... building
$ docker run run:latest rm -rf build
> (nothing, no errors)
My docker version:
$ docker --version
> Docker version 20.10.21, build baeda1f
Why is that, what am I missing and don't understand about the COPY --chown user:group
?
CodePudding user response:
In your first Dockerfile, myuser
owns /opt/app/build
.
In your second Dockerfile, myuser
owns /opt/app
.
To be able to remove the directory, you need access to modify /opt/app
.