Would be nice to have an option to use different user and group applied during COPY step. Same effect could be achieved if explicit chown command added, but it will create a new layer.
Why it could be useful. To apply hardening - to make copied files write protected by the user, which will run application (and so that it would not possible to change it by using chmod with the same user).
Currently we apply this via rewriting commands using map/flatMap, which is not really handy.
Proposal - add 2 more settings chownUser and chownGroup both Option[String], and if they are set to Some value, then it will be used and in case of missing value it will fall back to daemonUser and daemonGroup respectively.
We need this applied for multistage docker, but I guess it is better to add the same logic to ChownCopy as well.
Would be nice to have an option to use different user and group applied during
COPYstep. Same effect could be achieved if explicit chown command added, but it will create a new layer.Why it could be useful. To apply hardening - to make copied files write protected by the user, which will run application (and so that it would not possible to change it by using
chmodwith the same user).Currently we apply this via rewriting commands using map/flatMap, which is not really handy.
Proposal - add 2 more settings
chownUserandchownGroupbothOption[String], and if they are set toSomevalue, then it will be used and in case of missing value it will fall back todaemonUseranddaemonGrouprespectively.We need this applied for multistage docker, but I guess it is better to add the same logic to
ChownCopyas well.I will sketch a PR for this.