Open IvanBayan opened 5 years ago
Has you tested what happens when you keep the section that sets permissions (the find and chmod stuff)? I dont think that this should have a big impact on build time.
On the other hand you dont have any other users in the container, so i does not make much sense trying to protect the files against other users...
Yes, I had. It's doubled the size of image and build time. You can read more about it there. Docker was developed with container isolation in mind, so even if you run apache as root it will not so easy to harm docker host, anyway I like idea to grant minimal required permissions. If you want to protect code from modification in case of break in, then better idea to change owner of files to root:root. If you want to protect code against other users (in case of shared hosting for example), chowning to www-data|: will not work. Do you need data dir writable only for saving config file or you use it as upload dir too?
Dockerfile modifications, allow to reduce build time and size.
Files/directories permissions is a topic to discuss.