Closed MarcelWaldvogel closed 3 years ago
COPY
command supports --chown
argument. But --chmod
is only release very recently.
For time time being, I think we should do it in Dockerfile.
Being slightly larger in image size isn't really a concern to me. But I don't want it to depend on user's filesystem (what if they use Windows🤷♂️)
I put a chmod in dockerfile now.
While looking at log rotation for #262, I noticed the following message in
/var/log/nginx/logrotate.log
:In my image,
/etc/logrotate.d/nginx
had mode 0664; after changing to 0644, the error message was gone. (It still did not do a rotation, because it only recently had rotated).Your official image has the right permissions.
However, images generated by someone with
umask 002
or having done achmod
to this (and maybe) other files in./fs_overlay
might result in an image with subtle bugs, such as not rotating logs.So, before or after the
COPY ./fs_overlay /
, permissions should be normalized:RUN chmod a+x /bin/*
just after).I think we also need a
RUN chmod -R u=rwX,go=rX /etc
(and maybe others) or similar. What do you think?