Docker Community Forums

Share and learn in the Docker community.

`USER` only affects permission of immediately following `COPY`


(Sean Kelleher) #1

I’m having trouble COPYing files with the correct permissions. I have two empty files in a directory (touch a b) and the following Dockerfile:

FROM debian:8.0
RUN useradd --create-home dev
USER dev
COPY a /home/dev/dir/
COPY b /home/dev/dir/

I build and run it using:

docker build --tag=x:test . && docker run --rm x:test /bin/bash -c 'ls -l /home/dev{,/dir}'

This gives the following ouptut:

/home/dev:
total 4
drwxr-xr-x 2 root root 4096 Jun 25 15:13 dir

/home/dev/dir:
total 0
-rw-r--r-- 1 dev  dev  0 Jun 25 15:11 a
-rw-r--r-- 1 root root 0 Jun 25 15:11 b

As can be seen, only the COPY command immediately following the USER command copies the file with dev as owner; swapping the order of the commands causes the file owned by dev to swap. Curiously, duplicating the USER command before the second COPY doesn’t change this outcome, and neither does copying both files in the same statement.

Something else I’ve noticed is that if I add RUN mkdir /home/dev/dir just before the first COPY, then only the directory is owned by dev:

/home/dev:
total 4
drwxr-xr-x 2 dev dev 4096 Jun 25 15:22 dir

/home/dev/dir:
total 0
-rw-r--r-- 1 root root 0 Jun 25 15:11 a
-rw-r--r-- 1 root root 0 Jun 25 15:11 b

Is there a way to get all the files COPY'd as dev without chown in this case? Also, is there a way to specify that the directory created by COPY is owned by dev when it’s created implicitly?

My docker version, for reference:

Client version: 1.7.0
Client API version: 1.19
Go version (client): go1.4.2
Git commit (client): 0baf609
OS/Arch (client): linux/amd64
Server version: 1.7.0
Server API version: 1.19
Go version (server): go1.4.2
Git commit (server): 0baf609
OS/Arch (server): linux/amd64

(Andy Rothfusz) #2

This looks similar to https://github.com/docker/docker/issues/13974