Re-open root access discussion

[bpgross]

I am building a container for my app server using WAS traditional as a base. Into that I want to install my own product, thus I copy in my install folder.

Once the container is started, I am unable to run my install as the files are all owned by root, and the id running when I bash into the container is was:was. No amount of chowning / chmodding in the dockerfile seems to be able to change the ownership of my copied install folder away from root to was:was.

As an aside, my install is ant based, this happens even if I do not do a "user root" so I can install ant from the dockerfile

Brent.

[arthurdm]

hi @bpgross - if you are using the COPY or ADD instruction to put in your own files into the image please note that it always use root by default. You can change that by using the --chown option, for example:

COPY [--chown=<user>:<group>] <src>... <dest>

ADD [--chown=<user>:<group>] <src>... <dest>

[bpgross]

Thanks for the comment @arthurdm . It does not matter if I use COPY --chown or COPY followed by chown statements, once I am inside the running container, the files are back to being owned by root:

Step 5/6 : COPY --chown=was:was install install Step 6/6 : RUN ls -l /install drwxr-xr-x 3 was was 4096 Mar 19 22:37 applications drwxr-xr-x 4 was was 4096 Apr 3 03:07 bin drwxr-xr-x 2 was was 4096 Apr 3 03:21 cfg $ docker exec -ti .... bash was@....:/$ ls -l /install drwxr-xr-x 3 root root 4096 Mar 19 22:37 applications drwxr-xr-x 4 root root 4096 Apr 3 03:07 bin drwxr-xr-x 2 root root 4096 Apr 3 03:21 cfg

[arthurdm]

@bpgross - can you share your full Dockerfile here? As you can see from the WAS base Dockerfile we set the was:was permissions (https://github.com/WASdev/ci.docker.websphere-traditional/blob/master/developer/install/Dockerfile#L31) and that reflects correctly in the container:

drwxr-xr-x   4 was  was  4096 May 10 12:44 opt
drwxr-xr-x   2 was  was  4096 Mar 26 19:25 work

[arthurdm]

@bpgross - any updates on this?