Open bonybrown opened 5 years ago
This command as root (run inside the container)
find /var/lang -type d ! -perm -o=r -exec chmod a+rx {} \;
fixes the issue, and allows
runuser -u ec2-user -- bundle -v
to work. Seems all the directories created when bundler is installed have incorrect permissions (ie, only root has read and execute on the directories - the files seem correct).
Perhaps changing the umask
before installing bundler would solve this.
Is there any reason you're trying to use a different user?
Yes - the build process produces artefacts that I don't want to be owned by root
.
Also, it better mimics the runtime environment to be not running as root.
This all worked fine before the installation of bundler in the dockerfile. I've just tried setting umask 022
in the dockerfile and this seems to fix the issue. I"ll raises a PR
Actually, I'll retract that. I cannot reproduce locally, using ruby2.5/build/Dockerfile from master (unmodified)
The built image does not have the same issues as the images pulled from the docker repo lambci/lambda:build-ruby2.5
Can anyone else confirm this is the case?
The installation of bundler as root from #145 has broken bundler functionality for non-root users.
Reproduction: as root:
As non-root:
Could we perhaps install bundler as a non-root user in the dockerfile? (using
runuser
if necessary), or fix the permissions as a secondary step?