composer create-project, the permissions of all directories is 777?

[sh7ning]

as i use this docker image, it works well with composer install and composer update, but i create a composer project, like:

docker run --rm -it -v $(pwd):/app -v $HOME/.composer-php:/tmp composer create-project laravel/laravel

i find that the permissions of all directories except vendor is 777. even command with

--volume /etc/passwd:/etc/passwd:ro \
--volume /etc/group:/etc/group:ro \
--user $(id -u):$(id -g) \

ps,

• uname -a

  Linux hahaha 3.16.0-4-amd64 #1 SMP Debian 3.16.36-1+deb8u2 (2016-10-19) x86_64 GNU/Linux

• umask

  0022

[alcohol]

I can only confirm that some directories have permissions set to 777, not all as you indicate:

rob@macbookpro.local /tmp/docker-test > docker run --rm -it -v $(pwd):/app composer create-project laravel/laravel
Unable to find image 'composer:latest' locally
latest: Pulling from library/composer
Digest: sha256:afc284809f98b188b618da4156b66c7054ec32bd3c343620389ec782cadd9c87
Status: Downloaded newer image for composer:latest
Installing laravel/laravel (v5.5.0)
  - Installing laravel/laravel (v5.5.0): Downloading (100%)
Created project in /app/laravel
> @php -r "file_exists('.env') || copy('.env.example', '.env');"
Loading composer repositories with package information
Updating dependencies (including require-dev)
Package operations: 68 installs, 0 updates, 0 removals
  - Installing vlucas/phpdotenv (v2.4.0): Downloading (100%)
  - Installing symfony/css-selector (v3.3.13): Downloading (100%)
  - Installing tijsverkoyen/css-to-inline-styles (2.2.0): Downloading (100%)
  - Installing symfony/polyfill-mbstring (v1.6.0): Downloading (100%)
  - Installing symfony/var-dumper (v3.3.13): Downloading (100%)
  - Installing symfony/routing (v3.3.13): Downloading (100%)
  - Installing symfony/process (v3.3.13): Downloading (100%)
  - Installing symfony/http-foundation (v3.3.13): Downloading (100%)
  - Installing symfony/event-dispatcher (v3.3.13): Downloading (100%)
  - Installing psr/log (1.0.2): Downloading (100%)
  - Installing symfony/debug (v3.3.13): Downloading (100%)
  - Installing symfony/http-kernel (v3.3.13): Downloading (100%)
  - Installing symfony/finder (v3.3.13): Downloading (100%)
  - Installing symfony/console (v3.3.13): Downloading (100%)
  - Installing doctrine/lexer (v1.0.1): Downloading (100%)
  - Installing egulias/email-validator (2.1.3): Downloading (100%)
  - Installing swiftmailer/swiftmailer (v6.0.2): Downloading (100%)
  - Installing paragonie/random_compat (v2.0.11): Downloading (100%)
  - Installing ramsey/uuid (3.7.1): Downloading (100%)
  - Installing psr/simple-cache (1.0.0): Downloading (100%)
  - Installing psr/container (1.0.0): Downloading (100%)
  - Installing symfony/translation (v3.3.13): Downloading (100%)
  - Installing nesbot/carbon (1.22.1): Downloading (100%)
  - Installing mtdowling/cron-expression (v1.2.1): Downloading (100%)
  - Installing monolog/monolog (1.23.0): Downloading (100%)
  - Installing league/flysystem (1.0.41): Downloading (100%)
  - Installing erusev/parsedown (1.6.4): Downloading (100%)
  - Installing doctrine/inflector (v1.2.0): Downloading (100%)
  - Installing laravel/framework (v5.5.21): Downloading (100%)
  - Installing fideloper/proxy (3.3.4): Downloading (100%)
  - Installing jakub-onderka/php-console-color (0.1): Downloading (100%)
  - Installing jakub-onderka/php-console-highlighter (v0.3.2): Downloading (100%)
  - Installing dnoegel/php-xdg-base-dir (0.1): Downloading (100%)
  - Installing nikic/php-parser (v3.1.2): Downloading (100%)
  - Installing psy/psysh (v0.8.15): Downloading (100%)
  - Installing laravel/tinker (v1.0.2): Downloading (100%)
  - Installing filp/whoops (2.1.13): Downloading (100%)
  - Installing fzaninotto/faker (v1.7.1): Downloading (100%)
  - Installing hamcrest/hamcrest-php (v1.2.2): Downloading (100%)
  - Installing mockery/mockery (0.9.9): Downloading (100%)
  - Installing sebastian/version (2.0.1): Downloading (100%)
  - Installing sebastian/resource-operations (1.0.0): Downloading (100%)
  - Installing sebastian/recursion-context (3.0.0): Downloading (100%)
  - Installing sebastian/object-reflector (1.1.1): Downloading (100%)
  - Installing sebastian/object-enumerator (3.0.3): Downloading (100%)
  - Installing sebastian/global-state (2.0.0): Downloading (100%)
  - Installing sebastian/exporter (3.1.0): Downloading (100%)
  - Installing sebastian/environment (3.1.0): Downloading (100%)
  - Installing sebastian/diff (2.0.1): Downloading (100%)
  - Installing sebastian/comparator (2.1.0): Downloading (100%)
  - Installing doctrine/instantiator (1.1.0): Downloading (100%)
  - Installing phpunit/php-text-template (1.2.1): Downloading (100%)
  - Installing phpunit/phpunit-mock-objects (4.0.4): Downloading (100%)
  - Installing phpunit/php-timer (1.0.9): Downloading (100%)
  - Installing phpunit/php-file-iterator (1.4.2): Downloading (100%)
  - Installing theseer/tokenizer (1.1.0): Downloading (100%)
  - Installing sebastian/code-unit-reverse-lookup (1.0.1): Downloading (100%)
  - Installing phpunit/php-token-stream (2.0.1): Downloading (100%)
  - Installing phpunit/php-code-coverage (5.2.3): Downloading (100%)
  - Installing webmozart/assert (1.2.0): Downloading (100%)
  - Installing phpdocumentor/reflection-common (1.0.1): Downloading (100%)
  - Installing phpdocumentor/type-resolver (0.4.0): Downloading (100%)
  - Installing phpdocumentor/reflection-docblock (4.1.1): Downloading (100%)
  - Installing phpspec/prophecy (v1.7.2): Downloading (100%)
  - Installing phar-io/version (1.0.1): Downloading (100%)
  - Installing phar-io/manifest (1.0.1): Downloading (100%)
  - Installing myclabs/deep-copy (1.7.0): Downloading (100%)
  - Installing phpunit/phpunit (6.4.4): Downloading (100%)
symfony/var-dumper suggests installing ext-symfony_debug ()
symfony/routing suggests installing doctrine/annotations (For using the annotation loader)
symfony/routing suggests installing symfony/config (For using the all-in-one router or any loader)
symfony/routing suggests installing symfony/dependency-injection (For loading routes from a service)
symfony/routing suggests installing symfony/expression-language (For using expression matching)
symfony/routing suggests installing symfony/yaml (For using the YAML loader)
symfony/event-dispatcher suggests installing symfony/dependency-injection ()
symfony/http-kernel suggests installing symfony/browser-kit ()
symfony/http-kernel suggests installing symfony/class-loader ()
symfony/http-kernel suggests installing symfony/config ()
symfony/http-kernel suggests installing symfony/dependency-injection ()
symfony/console suggests installing symfony/filesystem ()
egulias/email-validator suggests installing ext-intl (PHP Internationalization Libraries are required to use the SpoofChecking validation)
paragonie/random_compat suggests installing ext-libsodium (Provides a modern crypto API that can be used to generate random bytes.)
ramsey/uuid suggests installing ircmaxell/random-lib (Provides RandomLib for use with the RandomLibAdapter)
ramsey/uuid suggests installing ext-libsodium (Provides the PECL libsodium extension for use with the SodiumRandomGenerator)
ramsey/uuid suggests installing ext-uuid (Provides the PECL UUID extension for use with the PeclUuidTimeGenerator and PeclUuidRandomGenerator)
ramsey/uuid suggests installing moontoast/math (Provides support for converting UUID to 128-bit integer (in string form).)
ramsey/uuid suggests installing ramsey/uuid-doctrine (Allows the use of Ramsey\Uuid\Uuid as Doctrine field type.)
ramsey/uuid suggests installing ramsey/uuid-console (A console application for generating UUIDs with ramsey/uuid)
symfony/translation suggests installing symfony/config ()
symfony/translation suggests installing symfony/yaml ()
monolog/monolog suggests installing aws/aws-sdk-php (Allow sending log messages to AWS services like DynamoDB)
monolog/monolog suggests installing doctrine/couchdb (Allow sending log messages to a CouchDB server)
monolog/monolog suggests installing ext-amqp (Allow sending log messages to an AMQP server (1.0+ required))
monolog/monolog suggests installing ext-mongo (Allow sending log messages to a MongoDB server)
monolog/monolog suggests installing graylog2/gelf-php (Allow sending log messages to a GrayLog2 server)
monolog/monolog suggests installing mongodb/mongodb (Allow sending log messages to a MongoDB server via PHP Driver)
monolog/monolog suggests installing php-amqplib/php-amqplib (Allow sending log messages to an AMQP server using php-amqplib)
monolog/monolog suggests installing php-console/php-console (Allow sending log messages to Google Chrome)
monolog/monolog suggests installing rollbar/rollbar (Allow sending log messages to Rollbar)
monolog/monolog suggests installing ruflin/elastica (Allow sending log messages to an Elastic Search server)
monolog/monolog suggests installing sentry/sentry (Allow sending log messages to a Sentry server)
league/flysystem suggests installing league/flysystem-aws-s3-v2 (Allows you to use S3 storage with AWS SDK v2)
league/flysystem suggests installing league/flysystem-aws-s3-v3 (Allows you to use S3 storage with AWS SDK v3)
league/flysystem suggests installing league/flysystem-azure (Allows you to use Windows Azure Blob storage)
league/flysystem suggests installing league/flysystem-cached-adapter (Flysystem adapter decorator for metadata caching)
league/flysystem suggests installing league/flysystem-eventable-filesystem (Allows you to use EventableFilesystem)
league/flysystem suggests installing league/flysystem-rackspace (Allows you to use Rackspace Cloud Files)
league/flysystem suggests installing league/flysystem-sftp (Allows you to use SFTP server storage via phpseclib)
league/flysystem suggests installing league/flysystem-webdav (Allows you to use WebDAV storage)
league/flysystem suggests installing league/flysystem-ziparchive (Allows you to use ZipArchive adapter)
league/flysystem suggests installing spatie/flysystem-dropbox (Allows you to use Dropbox storage)
league/flysystem suggests installing srmklive/flysystem-dropbox-v2 (Allows you to use Dropbox storage for PHP 5 applications)
laravel/framework suggests installing aws/aws-sdk-php (Required to use the SQS queue driver and SES mail driver (~3.0).)
laravel/framework suggests installing doctrine/dbal (Required to rename columns and drop SQLite columns (~2.5).)
laravel/framework suggests installing ext-pcntl (Required to use all features of the queue worker.)
laravel/framework suggests installing guzzlehttp/guzzle (Required to use the Mailgun and Mandrill mail drivers and the ping methods on schedules (~6.0).)
laravel/framework suggests installing league/flysystem-aws-s3-v3 (Required to use the Flysystem S3 driver (~1.0).)
laravel/framework suggests installing league/flysystem-rackspace (Required to use the Flysystem Rackspace driver (~1.0).)
laravel/framework suggests installing nexmo/client (Required to use the Nexmo transport (~1.0).)
laravel/framework suggests installing pda/pheanstalk (Required to use the beanstalk queue driver (~3.0).)
laravel/framework suggests installing predis/predis (Required to use the redis cache and queue drivers (~1.0).)
laravel/framework suggests installing pusher/pusher-php-server (Required to use the Pusher broadcast driver (~3.0).)
laravel/framework suggests installing symfony/dom-crawler (Required to use most of the crawler integration testing tools (~3.3).)
laravel/framework suggests installing symfony/psr-http-message-bridge (Required to psr7 bridging features (~1.0).)
psy/psysh suggests installing ext-pcntl (Enabling the PCNTL extension makes PsySH a lot happier :))
psy/psysh suggests installing ext-pdo-sqlite (The doc command requires SQLite to work.)
psy/psysh suggests installing hoa/console (A pure PHP readline implementation. You'll want this if your PHP install doesn't already support readline or libedit.)
filp/whoops suggests installing whoops/soap (Formats errors as SOAP responses)
sebastian/global-state suggests installing ext-uopz (*)
phpunit/phpunit-mock-objects suggests installing ext-soap (*)
phpunit/php-code-coverage suggests installing ext-xdebug (^2.5.5)
phpunit/phpunit suggests installing phpunit/php-invoker (^1.1)
phpunit/phpunit suggests installing ext-xdebug (*)
Writing lock file
Generating autoload files
> Illuminate\Foundation\ComposerScripts::postAutoloadDump
> @php artisan package:discover
Discovered Package: fideloper/proxy
Discovered Package: laravel/tinker
Package manifest generated successfully.
> @php artisan key:generate
Application key [base64:SSOX/erXKXfBwA7EHwz3IouSYuuwTmoT+3uwF8adEdQ=] set successfully.

rob@macbookpro.local /tmp/docker-test > docker run --rm composer /bin/sh -c umask
0022

rob@macbookpro.local /tmp/docker-test > umask
0022

rob@macbookpro.local /tmp/docker-test > find . -maxdepth 3 -type d -exec ls -ld '{}' \;
drwxr-xr-x 3 rob wheel 96 Nov 23 07:49 .
drwxr-xr-x 24 rob wheel 768 Nov 23 07:50 ./laravel
drwxrwxrwx 6 rob wheel 192 Nov 23 07:49 ./laravel/database
drwxrwxrwx 4 rob wheel 128 Nov 23 07:49 ./laravel/database/migrations
drwxrwxrwx 3 rob wheel 96 Nov 23 07:49 ./laravel/database/seeds
drwxrwxrwx 3 rob wheel 96 Nov 23 07:49 ./laravel/database/factories
drwxrwxrwx 4 rob wheel 128 Nov 23 07:49 ./laravel/bootstrap
drwxrwxrwx 5 rob wheel 160 Nov 23 07:51 ./laravel/bootstrap/cache
drwxrwxrwx 7 rob wheel 224 Nov 23 07:49 ./laravel/app
drwxrwxrwx 7 rob wheel 224 Nov 23 07:49 ./laravel/app/Providers
drwxrwxrwx 3 rob wheel 96 Nov 23 07:49 ./laravel/app/Exceptions
drwxrwxrwx 5 rob wheel 160 Nov 23 07:49 ./laravel/app/Http
drwxrwxrwx 3 rob wheel 96 Nov 23 07:49 ./laravel/app/Console
drwxrwxrwx 13 rob wheel 416 Nov 23 07:49 ./laravel/config
drwxrwxrwx 5 rob wheel 160 Nov 23 07:49 ./laravel/resources
drwxrwxrwx 3 rob wheel 96 Nov 23 07:49 ./laravel/resources/lang
drwxrwxrwx 3 rob wheel 96 Nov 23 07:49 ./laravel/resources/views
drwxrwxrwx 4 rob wheel 128 Nov 23 07:49 ./laravel/resources/assets
drwxrwxrwx 6 rob wheel 192 Nov 23 07:49 ./laravel/tests
drwxrwxrwx 3 rob wheel 96 Nov 23 07:49 ./laravel/tests/Unit
drwxrwxrwx 3 rob wheel 96 Nov 23 07:49 ./laravel/tests/Feature
drwxrwxrwx 5 rob wheel 160 Nov 23 07:49 ./laravel/storage
drwxrwxrwx 4 rob wheel 128 Nov 23 07:49 ./laravel/storage/app
drwxrwxrwx 7 rob wheel 224 Nov 23 07:49 ./laravel/storage/framework
drwxrwxrwx 3 rob wheel 96 Nov 23 07:49 ./laravel/storage/logs
drwxrwxrwx 9 rob wheel 288 Nov 23 07:49 ./laravel/public
drwxrwxrwx 3 rob wheel 96 Nov 23 07:49 ./laravel/public/css
drwxrwxrwx 3 rob wheel 96 Nov 23 07:49 ./laravel/public/js
drwxrwxrwx 6 rob wheel 192 Nov 23 07:49 ./laravel/routes
drwxr-xr-x 37 rob wheel 1184 Nov 23 07:51 ./laravel/vendor
drwxr-xr-x 3 rob wheel 96 Nov 23 07:50 ./laravel/vendor/myclabs
drwxr-xr-x 3 rob wheel 96 Nov 23 07:50 ./laravel/vendor/hamcrest
drwxr-xr-x 3 rob wheel 96 Nov 23 07:49 ./laravel/vendor/mtdowling
drwxr-xr-x 3 rob wheel 96 Nov 23 07:49 ./laravel/vendor/egulias
drwxr-xr-x 3 rob wheel 96 Nov 23 07:50 ./laravel/vendor/nikic
drwxr-xr-x 3 rob wheel 96 Nov 23 07:49 ./laravel/vendor/erusev
drwxr-xr-x 3 rob wheel 96 Nov 23 07:50 ./laravel/vendor/filp
drwxr-xr-x 5 rob wheel 160 Nov 23 07:50 ./laravel/vendor/bin
drwxr-xr-x 3 rob wheel 96 Nov 23 07:50 ./laravel/vendor/theseer
drwxr-xr-x 4 rob wheel 128 Nov 23 07:50 ./laravel/vendor/jakub-onderka
drwxr-xr-x 3 rob wheel 96 Nov 23 07:50 ./laravel/vendor/mockery
drwxr-xr-x 11 rob wheel 352 Nov 23 07:51 ./laravel/vendor/composer
drwxr-xr-x 5 rob wheel 160 Nov 23 07:50 ./laravel/vendor/phpdocumentor
drwxr-xr-x 3 rob wheel 96 Nov 23 07:50 ./laravel/vendor/psy
drwxr-xr-x 3 rob wheel 96 Nov 23 07:49 ./laravel/vendor/league
drwxr-xr-x 3 rob wheel 96 Nov 23 07:50 ./laravel/vendor/dnoegel
drwxr-xr-x 3 rob wheel 96 Nov 23 07:49 ./laravel/vendor/swiftmailer
drwxr-xr-x 3 rob wheel 96 Nov 23 07:49 ./laravel/vendor/nesbot
drwxr-xr-x 3 rob wheel 96 Nov 23 07:49 ./laravel/vendor/paragonie
drwxr-xr-x 3 rob wheel 96 Nov 23 07:50 ./laravel/vendor/fzaninotto
drwxr-xr-x 5 rob wheel 160 Nov 23 07:50 ./laravel/vendor/doctrine
drwxr-xr-x 9 rob wheel 288 Nov 23 07:50 ./laravel/vendor/phpunit
drwxr-xr-x 4 rob wheel 128 Nov 23 07:50 ./laravel/vendor/phar-io
drwxr-xr-x 5 rob wheel 160 Nov 23 07:49 ./laravel/vendor/psr
drwxr-xr-x 3 rob wheel 96 Nov 23 07:49 ./laravel/vendor/monolog
drwxr-xr-x 14 rob wheel 448 Nov 23 07:49 ./laravel/vendor/symfony
drwxr-xr-x 3 rob wheel 96 Nov 23 07:49 ./laravel/vendor/ramsey
drwxr-xr-x 3 rob wheel 96 Nov 23 07:50 ./laravel/vendor/webmozart
drwxr-xr-x 3 rob wheel 96 Nov 23 07:50 ./laravel/vendor/phpspec
drwxr-xr-x 3 rob wheel 96 Nov 23 07:50 ./laravel/vendor/fideloper
drwxr-xr-x 3 rob wheel 96 Nov 23 07:49 ./laravel/vendor/vlucas
drwxr-xr-x 3 rob wheel 96 Nov 23 07:49 ./laravel/vendor/tijsverkoyen
drwxr-xr-x 13 rob wheel 416 Nov 23 07:50 ./laravel/vendor/sebastian
drwxr-xr-x 4 rob wheel 128 Nov 23 07:50 ./laravel/vendor/laravel

[alcohol]

I'm not entirely sure (yet) why this happens. If I run composer create-project from my host (without docker), the same behaviour does not occur. I did notice that the permissions on the vendor/ dir are set correctly, but I believe we explicitly set those during the install/update process.

[sh7ning]

this image (https://hub.docker.com/r/composer/composer/) works well on permissions, but i think this is not an offical image and it can't support composer cache, so i submit this issue..

[alcohol]

I had a look at the Dockerfile we used there, but I cannot find any distinct differences that would logically affect permissions in such a manner.

[sandrodz]

I have same issue, composer:composer works fine, but this official container messes with permissions.

composer create-project wordplate/wordplate

same happens with laravel and lumen.

[alcohol]

It seems related to the create-project command specifically. I currently do not have the time to investigate why this particular command behaves in the way it does inside a container.

[sandrodz]

@alcohol did you've a chance to take a look? I had to revert to previous composer container because of this bug.

[alcohol]

No I have not yet had a chance. Among other things, I still need to check if this other image still behaves correctly when I introduce the exact same Composer version into it. Right now I think it is a bit outdated in comparison. They also use a different base image, but debugging if that makes a difference will take a bit more work :-/

[alcohol]

Odd, I've gone over the wordplate install in several ways.

--

host git clone

• public:755
• resources:755

dockerized git clone

• public:755
• resources:755

host untar github tarball

• public:755
• resources:755

dockerized untar github tarball

• public:775
• resources:775

host unzip github zipfile

• public:755
• resources:755

dockerized unzip github zipfile

• public:777
• resources:777

--

So it would seem this happens specifically when composer uses the zipfile archives from github (though tarballs also show a peculiar difference). But only inside our docker container. At least I have something I can debug further now 👍

[sandrodz]

Hi, anything new on this bug?

[alcohol]

No, unfortunately I do not have a lot of free time to spend on open-source. This issue is still on my to-do list, but unfortunately, so are quite a lot of other issues.

[sandrodz]

I see. I will try to poke around, maybe I can help.

[alcohol]

I actually had a hunch right now and did a quick check, and might have found a solution specifically for the zip issue. It seems the default zip command provided on alpine by busybox does not respect permissions (not all zip implementations support this). Installing the unzip package solves this.

[sandrodz]

nice! thanks :)

[alcohol]

Still have to wait for this to be merged, and even then I am not sure if that will update the current tags already available on Docker Hub. Might have to wait for the next release.