profile
viewpoint

Ask questionsOccasionally the file permission is not expected in the container where the image has the command `RUN chown`

<!-- If you are reporting a new issue, make sure that we do not have any duplicates already open. You can ensure this by searching the issue list for this repository. If there is a duplicate, please close your issue and add a comment to the existing issue instead.

If you suspect your issue is a bug, please edit your issue description to include the BUG REPORT INFORMATION shown below. If you fail to provide this information within 7 days, we cannot debug your issue and will close it. We will, however, reopen it if you later provide the information.

For more information about reporting issues, see https://github.com/moby/moby/blob/master/CONTRIBUTING.md#reporting-other-issues


GENERAL SUPPORT INFORMATION

The GitHub issue tracker is for bug reports and feature requests. General support for docker can be found at the following locations:

  • Docker Support Forums - https://forums.docker.com
  • Slack - community.docker.com #general channel
  • Post a question on StackOverflow, using the Docker tag

General support for moby can be found at the following locations:

  • Moby Project Forums - https://forums.mobyproject.org
  • Slack - community.docker.com #moby-project channel
  • Post a question on StackOverflow, using the Moby tag

BUG REPORT INFORMATION

Use the commands below to provide key information from your environment: You do NOT have to include this information if this is a FEATURE REQUEST -->

Description

<!-- Briefly describe the problem you are having in a few paragraphs. --> there is the command RUN chown in the Dockerfile. after the docker images is built, the file permission is not expected when container is being spinned up

Steps to reproduce the issue: below is the content of my Dockerfile

# Pull base image.
FROM python:2.7-slim


WORKDIR /app

#have to execute https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=863199
RUN mkdir -p /usr/share/man/man1

RUN apt-get update \
    && apt-get install -y --no-install-recommends openssl ca-certificates-java\
    && rm -rf /var/lib/apt/lists/*

RUN mkdir -p ./warehouse
RUN groupadd --gid 10000 jenkins \
  && useradd --uid 10000 --gid jenkins --shell /bin/bash --create-home jenkins
RUN chown -R 10000:10000 ./warehouse

Describe the results you received:

root@53110115eb35:/app# ls -lrta
drwxr-xr-x 1 root root 4096 Mar 19  2019 warehouse
drwxr-xr-x 1 root root 4096 Mar 19  2019 .
drwxr-xr-x 1 root root 4096 Nov  5 05:24 ..

Describe the results you expected:

root@53110115eb35:/app# ls -lrta
drwxr-xr-x 1 jenkins jenkins 4096 Mar 19  2019 warehouse
drwxr-xr-x 1 root root 4096 Mar 19  2019 .
drwxr-xr-x 1 root root 4096 Nov  5 05:24 ..

Additional information you deem important (e.g. issue happens only occasionally): issue happens only occasionally

Output of docker version:

Client:
 Version:           18.06.2-ce
 API version:       1.38
 Go version:        go1.10.3
 Git commit:        6d37f41
 Built:             Sun Feb 10 03:47:56 2019
 OS/Arch:           linux/amd64
 Experimental:      false

Server:
 Engine:
  Version:          18.06.2-ce
  API version:      1.38 (minimum version 1.12)
  Go version:       go1.10.3
  Git commit:       6d37f41
  Built:            Sun Feb 10 03:46:20 2019
  OS/Arch:          linux/amd64
  Experimental:     false

Output of docker info:

Containers: 34
 Running: 19
 Paused: 0
 Stopped: 15
Images: 29
Server Version: 18.06.2-ce
Storage Driver: overlay2
 Backing Filesystem: extfs
 Supports d_type: true
 Native Overlay Diff: false
Logging Driver: json-file
Cgroup Driver: cgroupfs
Plugins:
 Volume: local
 Network: bridge host macvlan null overlay
 Log: awslogs fluentd gcplogs gelf journald json-file logentries splunk syslog
Swarm: inactive
Runtimes: runc
Default Runtime: runc
Init Binary: docker-init
containerd version: 468a545b9edcd5932818eb9de8e72413e616e86e
runc version: a592beb5bc4c4092b1b1bac971afed27687340c5 (expected: 69663f0bd4b60df09991c08812a60108003fa340)
init version: fec3683
Security Options:
 apparmor
 seccomp
  Profile: default
Kernel Version: 4.18.0-1024-azure
Operating System: Ubuntu 18.04.2 LTS
OSType: linux
Architecture: x86_64
CPUs: 2
Total Memory: 7.766GiB
Name: azwusdbotpr02
ID: ZRXR:44FE:MW53:PCXH:QS23:HIBJ:WT2H:DE2P:WCQN:44SX:P6SU:SNJL
Docker Root Dir: /data/docker
Debug Mode (client): false
Debug Mode (server): false
Registry: https://index.docker.io/v1/
Labels:
Experimental: false
Insecure Registries:
 127.0.0.0/8
Live Restore Enabled: false

WARNING: No swap limit support
WARNING: IPv4 forwarding is disabled

Additional environment details (AWS, VirtualBox, physical, etc.): uname -a

Linux my-hostname 4.18.0-1024-azure #25~18.04.1-Ubuntu SMP Fri Jun 28 23:27:46 UTC 2019 x86_64 x86_64 x86_64 GNU/Linux

lsb_release -a

No LSB modules are available.
Distributor ID:	Ubuntu
Description:	Ubuntu 18.04.2 LTS
Release:	18.04
Codename:	bionic
moby/moby

Answer questions thaJeztah

Be sure to check if you're not using a volume or bind mount when running the container, as that could explain the permissions / ownership

Related questions

start container failed with "failed to umount /var/lib/docker/containers/.../shm: no such file or directory" hot 39
upgrade docker-18.09.2-ce , shim.sock: bind: address already in use: unknown hot 20
Windows Server 2019 publish ports in swarm not working hot 11
start container failed with "failed to umount /var/lib/docker/containers/.../shm: no such file or directory" hot 11
OCI runtime exec failed: exec failed: cannot exec a container that has stopped: unknown hot 8
runc regression - EPERM running containers from selinux hot 8
Swarm restarts all containers hot 8
integration: "error reading the kernel parameter" errors during CI hot 7
hcsshim::PrepareLayer failed in Win32: The parameter is incorrect hot 7
Error response from daemon: rpc error: code = DeadlineExceeded desc = context deadline exceeded hot 6
Containers on overlay network cannot reach other containers hot 6
"docker stack deploy">"rpc error: code = 3 desc = name must be valid as a DNS name component" hot 6
write unix /var/run/docker.sock->@: write: broken pipe hot 6
windowsRS1 and windowsRS5-process are failing due to "Unable to delete '\gopath\src\github.com\docker\docker" hot 4
no matching manifest for linux/arm64/unknown hot 4
Github User Rank List