search

hashicorp / packer-plugin-docker

Packer plugin for Docker Builder
https://www.packer.io/docs/builders/docker
Mozilla Public License 2.0
30 stars 26 forks source link

Shell provisioner with docker builder sets wrong UID:GID when run as non-root user - permission denied on execution #7

Open ghost opened 3 years ago

ghost commented 3 years ago

This issue was originally opened by @rbellamy as hashicorp/packer#9230. It was migrated here as a result of the Packer plugin split. The original body of the issue is below.

Overview of the Issue

Shell provisioner with docker builder sets wrong UID:GID for script.

  1. Packer is run by UID:GID of 1001:1001.
  2. Packer shell provisioner script in Docker is mode 0600 and UID:GID of 1001:1001.
  3. Packer Docker builder uses exec_command of 1000:1000.

Error is permission denied when provisioner attempts to execute script.

When the UID:GID of the user running packer is the same as that set for the exec_command there are no permission denied errors.

Container tmp permisions
runner@ip-10-1-1-28:~/work/github-runner/github-runner/docker-1804$ docker exec -it trusting_chaum /bin/bash
root@166711faee62:/# ls -alh /tmp/
total 36K
drwxrwxrwt 8 root root 4.0K May 14 17:05 .
drwxr-xr-x 1 root root 4.0K May 14 17:05 ..
drwxrwxrwt 2 root root 4.0K May 14 17:04 .ICE-unix
drwxrwxrwt 2 root root 4.0K May 14 17:04 .Test-unix
drwxrwxrwt 2 root root 4.0K May 14 17:04 .X11-unix
drwxrwxrwt 2 root root 4.0K May 14 17:04 .XIM-unix
drwxrwxrwt 2 root root 4.0K May 14 17:04 .font-unix
-rw------- 1 1001 1001  333 May 14 17:05 script_9721.sh
drwx------ 3 root root 4.0K May 14 17:04 systemd-private-c9c189ce8e5e439e994028992152f7ad-systemd-resolved.service-vn7nkf
Container exec user UID:GID
root@166711faee62:/# id runner
uid=1000(runner) gid=1000(runner) groups=1000(runner),27(sudo)
Packer build user UID:GID
runner@ip-10-1-1-28:~/work/github-runner/github-runner/docker-1804$ id
uid=1001(runner) gid=1001(runner) groups=1001(runner),27(sudo),999(docker)

Reproduction Steps

  1. Run packer as UID:GID of 1001:1001.
  2. Set exec_command to UID:GID of 1000:1000.

Packer version

Packer version: 1.5.6 [go1.14.2 linux amd64]

Simplified Packer Buildfile

https://github.com/terradatum/github-runner/blob/master/docker-ubuntu1804.json

Operating system and Environment details

Host OS: Ubuntu 18.04 Docker version 19.03.8, build afacb8b7f0 Docker container OS: Ubuntu 18.04

Log Fragments and crash.log files

https://github.com/terradatum/github-runner/runs/675100587