mcmaule
February 4, 2022, 8:30pm
1
Hi. I have the following Dockerfile snippet:
FROM docker-remote.artifactory.oci.oraclecorp.com/oraclelinux:7-slim
COPY --from=odo-docker-signed-local.artifactory.oci.oraclecorp.com/odo/base-image-support:ol7x-1.6 / /
ARG DEFAULT_USER=testuser
RUN true \
&& useradd --create-home --user-group --shell /bin/bash testuser \
&& usermod --append --groups wheel testuser \
&& mkdir /home/testuser/bin \
&& mkdir /home/testuser/testdir \
&& chown -R testuser:testuser /home/testuser
USER testuser:testuser
RUN true \
&& echo "===== /home/testuser before creating files " \
&& find /home/testuser -exec ls -ld {} + \
&& echo "===== try to create files" \
&& echo 'testfile1' > /home/testuser/bin/testfile1 || true \
&& echo 'testfile2' > /home/testuser/testdir/testfile2 || true \
&& echo "===== /home/testuser after file create test" \
&& find /home/testuser -exec ls -ld {} +
When I docker build this with:
docker build --no-cache /mnt/repos/bitbucket/FFSW/ffsw/test/test-infra/docker/image
For some reason I get a failure writing data to the /home/testuser/bin/testfile1. The file itself is created, but cannot be written to. Anyone know why?
===== /home/testuser before creating files
drwx------ 4 testuser testuser 4096 Feb 4 20:19 /home/testuser
-rw-r--r-- 1 testuser testuser 18 Nov 23 17:44 /home/testuser/.bash_logout
-rw-r--r-- 1 testuser testuser 193 Nov 23 17:44 /home/testuser/.bash_profile
-rw-r--r-- 1 testuser testuser 231 Nov 23 17:44 /home/testuser/.bashrc
drwxr-xr-x 2 testuser testuser 4096 Feb 4 20:19 /home/testuser/bin
drwxr-xr-x 2 testuser testuser 4096 Feb 4 20:19 /home/testuser/testdir
/bin/sh: /home/testuser/bin/testfile1: Permission denied
===== try to create files
===== /home/testuser after file create test
drwx------ 1 testuser testuser 4096 Feb 4 20:19 /home/testuser
-rw-r--r-- 1 testuser testuser 18 Nov 23 17:44 /home/testuser/.bash_logout
-rw-r--r-- 1 testuser testuser 193 Nov 23 17:44 /home/testuser/.bash_profile
-rw-r--r-- 1 testuser testuser 231 Nov 23 17:44 /home/testuser/.bashrc
drwxr-xr-x 1 testuser testuser 4096 Feb 4 20:19 /home/testuser/bin
-rw-r--r-- 1 testuser testuser 0 Feb 4 20:19 /home/testuser/bin/testfile1
drwxr-xr-x 1 testuser testuser 4096 Feb 4 20:19 /home/testuser/testdir
-rw-r--r-- 1 testuser testuser 10 Feb 4 20:19 /home/testuser/testdir/testfile2
mcmaule
February 4, 2022, 8:32pm
2
My environment is a Ubuntu 20.04
mmaule@mmaule-ubuntu:[mmaule-test-infrastructure]./$ docker --version
Docker version 19.03.13, build 4484c46d9d
rimelek
February 4, 2022, 9:25pm
3
I can’t pull the base image. Can you reproduce this error building from an other image?
mcmaule
February 4, 2022, 9:27pm
4
If I use hackery to create /home/testuser/.bin and softlink /home/testuser/bin to it, things work. I’m either missing something super obvious here, or something very subtle about the docker build environment that I haven’t been able to find in the google-verse.
working Dockerfile (with bad /home/testuser/bin hack):
FROM docker-remote.artifactory.oci.oraclecorp.com/oraclelinux:7-slim
COPY --from=odo-docker-signed-local.artifactory.oci.oraclecorp.com/odo/base-image-support:ol7x-1.6 / /
ARG DEFAULT_USER=testuser
RUN true \
&& useradd --create-home --user-group --shell /bin/bash testuser \
&& usermod --append --groups wheel testuser \
&& mkdir /home/testuser/.bin \
&& ln -s /home/testuser/.bin /home/testuser/bin \
&& mkdir /home/testuser/testdir \
&& chown -R testuser:testuser /home/testuser
USER testuser:testuser
RUN true \
&& echo "===== /home/testuser before creating files " \
&& find /home/testuser -exec ls -ld {} + \
&& echo "===== try to create files" \
&& echo 'testfile1' > /home/testuser/bin/testfile1 || true \
&& echo 'testfile2' > /home/testuser/testdir/testfile2 || true \
&& echo "===== /home/testuser after file create test" \
&& find /home/testuser -exec ls -ld {} +
docker build output showing testfile1 and testfile2 with sizes as expected:
---> Running in b57c79fdad44
===== /home/testuser before creating files
drwx------ 4 testuser testuser 4096 Feb 4 21:23 /home/testuser
-rw-r--r-- 1 testuser testuser 18 Nov 23 17:44 /home/testuser/.bash_logout
-rw-r--r-- 1 testuser testuser 193 Nov 23 17:44 /home/testuser/.bash_profile
-rw-r--r-- 1 testuser testuser 231 Nov 23 17:44 /home/testuser/.bashrc
drwxr-xr-x 2 testuser testuser 4096 Feb 4 21:23 /home/testuser/.bin
lrwxrwxrwx 1 testuser testuser 19 Feb 4 21:23 /home/testuser/bin -> /home/testuser/.bin
drwxr-xr-x 2 testuser testuser 4096 Feb 4 21:23 /home/testuser/testdir
===== try to create files
===== /home/testuser after file create test
drwx------ 1 testuser testuser 4096 Feb 4 21:23 /home/testuser
-rw-r--r-- 1 testuser testuser 18 Nov 23 17:44 /home/testuser/.bash_logout
-rw-r--r-- 1 testuser testuser 193 Nov 23 17:44 /home/testuser/.bash_profile
-rw-r--r-- 1 testuser testuser 231 Nov 23 17:44 /home/testuser/.bashrc
drwxr-xr-x 1 testuser testuser 4096 Feb 4 21:23 /home/testuser/.bin
-rw-r--r-- 1 testuser testuser 10 Feb 4 21:23 /home/testuser/.bin/testfile1
lrwxrwxrwx 1 testuser testuser 19 Feb 4 21:23 /home/testuser/bin -> /home/testuser/.bin
drwxr-xr-x 1 testuser testuser 4096 Feb 4 21:23 /home/testuser/testdir
-rw-r--r-- 1 testuser testuser 10 Feb 4 21:23 /home/testuser/testdir/testfile2
Removing intermediate container b57c79fdad44
rimelek
February 4, 2022, 9:41pm
5
You were writing so you probably missed my question.
Since I can’t download your base image and it works with a centos:7, I can only think of a special permission handling in the Linux distribution you are using or a different kind of shell.
mcmaule
February 4, 2022, 10:00pm
6
got sidetracked … let me pull one of the public oracle docker base’s and see …
mcmaule
February 4, 2022, 10:02pm
7
doubt its shell, I originally saw the issue with the ‘cp’ command.
mcmaule
February 4, 2022, 10:08pm
8
hopefully you can pull this one. I changed the ‘echo’ to ‘dd’ to omit possible shell issues.
FROM oraclelinux:7-slim
RUN true \
&& useradd --create-home --user-group --shell /bin/bash testuser \
&& usermod --append --groups wheel testuser \
&& mkdir /home/testuser/bin \
&& mkdir /home/testuser/testdir \
&& chown -R testuser:testuser /home/testuser
USER testuser:testuser
RUN true \
&& echo "===== /home/testuser before creating files " \
&& find /home/testuser -exec ls -ld {} + \
&& echo "===== try to create files" \
&& dd count=20 bs=1 if=/dev/random of=/home/testuser/bin/testfile1 || true \
&& dd count=20 bs=1 if=/dev/random of=/home/testuser/testdir/testfile2 || true \
&& echo "===== /home/testuser after file create test" \
&& find /home/testuser -exec ls -ld {} +
new output
---> Running in f307bb569772
===== /home/testuser before creating files
drwx------ 4 testuser testuser 4096 Feb 4 22:07 /home/testuser
-rw-r--r-- 1 testuser testuser 18 Nov 23 17:44 /home/testuser/.bash_logout
-rw-r--r-- 1 testuser testuser 193 Nov 23 17:44 /home/testuser/.bash_profile
-rw-r--r-- 1 testuser testuser 231 Nov 23 17:44 /home/testuser/.bashrc
drwxr-xr-x 2 testuser testuser 4096 Feb 4 22:07 /home/testuser/bin
drwxr-xr-x 2 testuser testuser 4096 Feb 4 22:07 /home/testuser/testdir
===== try to create files
dd: failed to open '/home/testuser/bin/testfile1': Permission denied
20+0 records in
20+0 records out
20 bytes (20 B) copied, 0.000111567 s, 179 kB/s
===== /home/testuser after file create test
drwx------ 1 testuser testuser 4096 Feb 4 22:07 /home/testuser
-rw-r--r-- 1 testuser testuser 18 Nov 23 17:44 /home/testuser/.bash_logout
-rw-r--r-- 1 testuser testuser 193 Nov 23 17:44 /home/testuser/.bash_profile
-rw-r--r-- 1 testuser testuser 231 Nov 23 17:44 /home/testuser/.bashrc
drwxr-xr-x 1 testuser testuser 4096 Feb 4 22:07 /home/testuser/bin
-rw-r--r-- 1 testuser testuser 0 Feb 4 22:07 /home/testuser/bin/testfile1
drwxr-xr-x 1 testuser testuser 4096 Feb 4 22:07 /home/testuser/testdir
-rw-r--r-- 1 testuser testuser 20 Feb 4 22:07 /home/testuser/testdir/testfile2
Removing intermediate container f307bb569772
mcmaule
February 4, 2022, 10:16pm
10
reproduced using FROM centos:7
---> Running in 3e0741ca3944
===== os release
NAME="CentOS Linux"
VERSION="7 (Core)"
ID="centos"
ID_LIKE="rhel fedora"
VERSION_ID="7"
PRETTY_NAME="CentOS Linux 7 (Core)"
ANSI_COLOR="0;31"
CPE_NAME="cpe:/o:centos:centos:7"
HOME_URL="https://www.centos.org/"
BUG_REPORT_URL="https://bugs.centos.org/"
CENTOS_MANTISBT_PROJECT="CentOS-7"
CENTOS_MANTISBT_PROJECT_VERSION="7"
REDHAT_SUPPORT_PRODUCT="centos"
REDHAT_SUPPORT_PRODUCT_VERSION="7"
===== /home/testuser before creating files
drwx------ 4 testuser testuser 4096 Feb 4 22:13 /home/testuser
-rw-r--r-- 1 testuser testuser 18 Apr 1 2020 /home/testuser/.bash_logout
-rw-r--r-- 1 testuser testuser 193 Apr 1 2020 /home/testuser/.bash_profile
-rw-r--r-- 1 testuser testuser 231 Apr 1 2020 /home/testuser/.bashrc
drwxr-xr-x 2 testuser testuser 4096 Feb 4 22:13 /home/testuser/bin
drwxr-xr-x 2 testuser testuser 4096 Feb 4 22:13 /home/testuser/testdir
===== try to create files
===== /home/testuser after file create test
drwx------ 1 testuser testuser 4096 Feb 4 22:13 /home/testuser
-rw-r--r-- 1 testuser testuser 18 Apr 1 2020 /home/testuser/.bash_logout
-rw-r--r-- 1 testuser testuser 193 Apr 1 2020 /home/testuser/.bash_profile
-rw-r--r-- 1 testuser testuser 231 Apr 1 2020 /home/testuser/.bashrc
drwxr-xr-x 1 testuser testuser 4096 Feb 4 22:15 /home/testuser/bin
-rw-r--r-- 1 testuser testuser 0 Feb 4 22:15 /home/testuser/bin/testfile1
drwxr-xr-x 1 testuser testuser 4096 Feb 4 22:15 /home/testuser/testdir
-rw-r--r-- 1 testuser testuser 20 Feb 4 22:15 /home/testuser/testdir/testfile2
dd: failed to open '/home/testuser/bin/testfile1': Permission denied
20+0 records in
20+0 records out
20 bytes (20 B) copied, 0.000918818 s, 21.8 kB/s
Removing intermediate container 3e0741ca3944
rimelek
February 4, 2022, 10:17pm
11
I have already tried it, but it seems you were right. It is not something inside the container, because it works for me.
mcmaule:
reproduced with centos:7
Great, but please, try to edit your comment instead of posting multiple comments with short messages.
mcmaule
February 4, 2022, 10:23pm
12
The environment I’m running docker build in is ubuntu 20.04 running as a VBox VM on Windows 10. Not sure any of that matters, but I don’t think I called out the VM in the original post.