Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

Copying files with execute permissions in Docker Image

Tags:

docker

dockerfile

bitbucket

containers

bitbucket-server

Seems like a basic issue but couldnt find any answers so far ..

When using ADD / COPY in Dockerfile and running the image on linux, the default file permission of the file copied in the image is 644. The onwner of this file seems to be as 'root'

However, when running the image, a non-root user starts the container and any file thus copied with 644 permission cannot execute this copied/added file and if the file is executed at ENTRYPOINT it fails to start with permission denied error.

I read in one of the posts that COPY/ADD after Docker 1.17.0+ allows chown but in my case i dont know who will be the non-root user starting so i cannot set the permission as that user.

I also saw another work around to ADD/COPY files to a different location and use RUN to copy them from the temp location to actual folder like what am doing below. But this approach doesnt work as the final image doesnt have the files in /otp/scm

#Installing Bitbucket and setting variables  
WORKDIR /tmp
ADD atlassian-bitbucket-${BITBUCKET_VERSION}.tar.gz .
COPY bbconfigupdater.sh .

#Copying Entrypoint script which will get executed when container starts 
WORKDIR /tmp 
COPY entrypoint.sh .

RUN ls -lrth /tmp

WORKDIR /opt/scm 
RUN pwd && cp /tmp/bbconfigupdater.sh /opt/scm \
 && cp /tmp/entrypoint.sh /opt/scm \
 && cp -r /tmp/atlassian-bitbucket-${BITBUCKET_VERSION} /opt/scm \
 && chgrp -R 0 /opt/ \
 && chmod -R 755 /opt/ \
 && chgrp -R 0 /scm/bitbucket \
 && chmod -R 755 /scm/bitbucket \
 && ls -lrth /opt/scm && ls -lrth /scmdata

Any help is appreciated to figure out how i can get my entrypoint script copied to the desired path with execute permissions set.

like image 593
Raghav Vaidhyanathan Avatar asked Jun 12 '19 09:06

Raghav Vaidhyanathan

People also ask

Can you copy a file into a Docker image?

Dockerfile Dockerfiles are used to build Docker images, which are then instantiated into Docker containers. Dockerfiles can contain several different instructions, one of which is COPY. The COPY instruction lets us copy a file (or files) from the host system into the image.

Will Docker copy overwrite?

When copying a single file to an existing LOCALPATH, the docker cp command will either overwrite the contents of LOCALPATH if it is a file or place it into LOCALPATH if it is a directory, overwriting an existing file of the same name if one exists. For example, this command: $ docker cp sharp_ptolemy:/tmp/foo/myfile.

How do I copy a file from a Docker container?

To summarize, follow these steps to copy a file from a Docker container to a host machine: Obtain the name or id of the Docker container. Issue the docker cp command and reference the container name or id. The first parameter of the docker copy command is the path to the file inside the container.

How do I copy a file from one Docker container to another?

You can use the docker cp command to copy the file. The first path (Source) is the path in the Docker Container and the second one is the path inside your Local System (Destination).

1 Answers

The default file permission is whatever the file permission is in your build context from where you copy the file. If you control the source, then it's best to fix the permissions there to avoid a copy-on-write operation. Otherwise, if you cannot guarantee the system building the image will have the execute bit set on the files, a chmod after the copy operation will fix the permission. E.g.

COPY entrypoint.sh .
RUN chmod +x entrypoint.sh

A better option with newer versions of docker (and which didn't exist when this answer was first posted) is to use the --chmod flag (the permissions must be specified in octal at last check):

COPY --chmod=0755 entrypoint.sh .

You do not need to know who will run the container. The user inside the container is typically configured by the image creator (using USER) and doesn't depend on the user running the container from the docker host. When the user runs the container, they send a request to the docker API which does not track the calling user id.

The only time I've seen the host user matter is if you have a host volume and want to avoid permission issues. If that's your scenario, I often start the entrypoint as root, run a script called fix-perms to align the container uid with the host volume uid, and then run gosu to switch from root back to the container user.

like image 128
BMitch Avatar answered Sep 23 '22 02:09

BMitch
Sign in to Comment

Related questions

Docker run container on different port
Recover docker container's run arguments
Docker for windows - Internal server error
docker: Error response from daemon: grpc: the connection is unavailable
initdb: could not change permissions of directory on Postgresql container
Why doesn't "service cron start" work within the Docker file?
Recommendation to improve wp-admin panel performance
How to access webserver running in docker container from browser?
Do Docker containers on the same host machine share the same page cache?
Alpine Linux How to install x86 packages on x86_64 architecture
trouble debugging error with exit code 3221225781 (missing libraries) in windows docker container
Can I change the enviroment setting without re building the docker image?
docker-compose mysql import failed - the input device is not a TTY
SparkLauncher. java.lang.NoSuchMethodError: org.yaml.snakeyaml.Yaml.<init>
How to run git clone from docker file requiring SSL certificate
docker run --name vs --hostname difference as command line option (ping: bad address)
Nuget package Microsoft.TypeScript.MSBuild fails in Dockerfile
Docker compose: meaning of {} in volume definition
How to cache local Maven repository using Docker with Pipelines?
What's the difference between docker restart_policy on-failure vs any

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!