keytool error: java.io.FileNotFoundException (Permission denied) while calling from docker file

Question

I'm trying to install a certificate in docker image using my docker file

ENV JAVA_HOME /usr/lib/jvm/java-8-openjdk-amd64

COPY app-module/src/main/resources/certificates/A.crt /etc/ssl/certs/
COPY app-module/src/main/resources/certificates/B.crt /etc/ssl/certs/

RUN $JAVA_HOME/bin/keytool -import -keystore $JAVA_HOME/jre/lib/security/cacerts -storepass changeit -noprompt -file /etc/ssl/certs/A.crt -alias A
RUN $JAVA_HOME/bin/keytool -import -keystore $JAVA_HOME/jre/lib/security/cacerts -storepass changeit -noprompt -file /etc/ssl/certs/B.crt -alias B

I get the error

keytool error: java.io.FileNotFoundException: /usr/lib/jvm/java-8-openjdk-amd64/jre/lib/security/cacerts (Permission denied)

Other answers I found suggested running the above command in root/administrator mode. However, I'm running these commands in Dockerfile. How do I get past this error?

Answer 1

The default user in docker is root. I believe it has been set to a user other than root by your organisation for security purposes. You need to change to user root and then change back to whatever user had been set by your organisation.

ENV JAVA_HOME /usr/lib/jvm/java-8-openjdk-amd64

COPY app-module/src/main/resources/certificates/A.crt /etc/ssl/certs/
COPY app-module/src/main/resources/certificates/B.crt /etc/ssl/certs/

#change to user root to install certificates
USER root
RUN $JAVA_HOME/bin/keytool -import -keystore $JAVA_HOME/jre/lib/security/cacerts -storepass changeit -noprompt -file /etc/ssl/certs/A.crt -alias A
RUN $JAVA_HOME/bin/keytool -import -keystore $JAVA_HOME/jre/lib/security/cacerts -storepass changeit -noprompt -file /etc/ssl/certs/B.crt -alias B

#change to user oldUser to comply with organisation standards
USER oldUser