ADD file using FROM scratch and security best practice

lazize · November 28, 2017, 9:58am

Hello,

As documentation states, when we use ADD instruction on Dockerfile, the file will be added as UID and GID 0.

All new files and directories are created with a UID and GID of 0.

Best practice says we should not run the container as root.
When we use the base image as scratch, how we can change the file owner and/or file permission?

In the example below, the file app will be root:root and the permission will be the same as I have in my host.

FROM scratch
COPY app /app
COPY /etc/passwd /etc/group /etc/shadow /etc/
USER nobody:nogroup
ENTRYPOINT ["/app"]

Topic		Replies	Views
Permission conflicts with coding in docker, linux General	2	847	June 8, 2021
Best practices for uid/gid and permissions? General	9	7806	January 13, 2024
How to be root inside container General	3	16664	June 9, 2018
Securing Docker containers UID/GID? General security , docker	3	21756	November 14, 2022
New file sharing UID/GID permissions break image portability Docker Desktop macos	16	9530	September 3, 2016

ADD file using FROM scratch and security best practice

Related Topics