Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

ADD --chown does not chown the created folders #2415

Closed
QuentinN42 opened this issue Mar 4, 2023 · 2 comments · Fixed by #2795
Closed

ADD --chown does not chown the created folders #2415

QuentinN42 opened this issue Mar 4, 2023 · 2 comments · Fixed by #2795
Labels
area/dockerfile-command For all bugs related to dockerfile file commands area/permissions categorized cmd/add differs-from-docker issue/chown needs-follow-up ok-to-close? possible-dupe priority/p1 Basic need feature compatibility with docker build. we should be working on this next. works-with-docker

Comments

@QuentinN42
Copy link

Actual behavior

Running ADD with chwon within a context with USER does not create the dir with the right perms

Expected behavior

Creating a directory needs to allow the user to edit it.

In docker, I get :

 => => # uid=1000(1000) gid=1000(1000) groups=1000(1000)                                                                                                                                                                                                                                             
 => => # total 12                                                                                                                                                                                                                                                                                    
 => => # drwxr-xr-x 2 1000 1000 4096 Mar  4 21:08 .                                                                                                                                                                                                                                                  
 => => # drwxr-xr-x 3 1000 1000 4096 Mar  4 21:08 ..                                                                                                                                                                                                                                                 
 => => # -rw-r--r-- 1 1000 1000  155 Mar  4 21:08 Dockerfile

In kaniko, I get :

uid=1000(1000) gid=1000(1000) groups=1000(1000)
total 12
drwxr-xr-x 2 root root 4096 Mar  4 21:06 .
drwxr-xr-x 3 root root 4096 Mar  4 21:06 ..
-rw-r--r-- 1 1000 1000  144 Mar  4 21:06 Dockerfile

To Reproduce
Steps to reproduce the behavior:

  1. FROM any image
  2. Create a user (RUN useradd ...)
  3. ADD with --chown a file with a target folder that does not exist
  4. Try to create another dir in it with a RUN command

Additional Information
Dockerfile (this is the only context)

FROM debian:bullseye-20220801-slim

RUN useradd 1000
USER 1000

ADD --chown=1000:1000 Dockerfile /path/to/Dockerfile

RUN id ; ls -la /path/to/

The command I run :

> docker run -it --rm -v `pwd`:/work gcr.io/kaniko-project/executor:debug --context /work --dockerfile /work/Dockerfile --no-push
INFO[0000] Retrieving image manifest debian:bullseye-20220801-slim 
INFO[0000] Retrieving image debian:bullseye-20220801-slim from registry index.docker.io 
INFO[0001] Built cross stage deps: map[]                
INFO[0001] Retrieving image manifest debian:bullseye-20220801-slim 
INFO[0001] Returning cached image manifest              
INFO[0001] Executing 0 build triggers                   
INFO[0001] Building stage 'debian:bullseye-20220801-slim' [idx: '0', base-idx: '-1'] 
INFO[0001] Unpacking rootfs as cmd RUN useradd 1000 requires it. 
INFO[0003] RUN useradd 1000                             
INFO[0003] Initializing snapshotter ...                 
INFO[0003] Taking snapshot of full filesystem...        
INFO[0003] Cmd: /bin/sh                                 
INFO[0003] Args: [-c useradd 1000]                      
INFO[0003] Running: [/bin/sh -c useradd 1000]           
INFO[0003] Taking snapshot of full filesystem...        
INFO[0003] USER 1000                                    
INFO[0003] Cmd: USER                                    
INFO[0003] Using files from context: [/work/Dockerfile] 
INFO[0003] ADD --chown=1000:1000 Dockerfile /path/to/Dockerfile 
INFO[0003] Taking snapshot of files...                  
INFO[0003] RUN id ; ls -la /path/to/                    
INFO[0003] Cmd: /bin/sh                                 
INFO[0003] Args: [-c id ; ls -la /path/to/]             
INFO[0003] Util.Lookup returned: &{Uid:1000 Gid:1000 Username:1000 Name: HomeDir:/home/1000} 
INFO[0003] Performing slow lookup of group ids for 1000 
INFO[0003] Running: [/bin/sh -c id ; ls -la /path/to/]  
uid=1000(1000) gid=1000(1000) groups=1000(1000)
total 12
drwxr-xr-x 2 root root 4096 Mar  4 21:06 .
drwxr-xr-x 3 root root 4096 Mar  4 21:06 ..
-rw-r--r-- 1 1000 1000  144 Mar  4 21:06 Dockerfile
INFO[0003] Taking snapshot of full filesystem...        
INFO[0003] No files were changed, appending empty layer to config. No layer added to image. 
INFO[0003] Skipping push to container registry due to --no-push flag

Build sha : sha256:ac169723b2076f9d5804f4bc05c98397e286da6fdcdd5a09fdc179f06ccb3be1

Triage Notes for the Maintainers

Description Yes/No
Please check if this a new feature you are proposing
Please check if the build works in docker but not in kaniko
Please check if this error is seen when you use --cache flag
Please check if your dockerfile is a multistage dockerfile
@QuentinN42
Copy link
Author

If you tell me where I need to code, I can open a MR to solve the Issue.

@aaron-prindle aaron-prindle added area/permissions cmd/add area/dockerfile-command For all bugs related to dockerfile file commands priority/p1 Basic need feature compatibility with docker build. we should be working on this next. differs-from-docker works-with-docker needs-follow-up issue/chown categorized labels Jun 21, 2023
@aaron-prindle aaron-prindle changed the title ADD --chown does not chwon the created folders ADD --chown does not chown the created folders Jul 5, 2023
@jochenberger
Copy link

Duplicate of #1524?

@rhaps0dy rhaps0dy mentioned this issue Oct 13, 2023
Merged
4 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
area/dockerfile-command For all bugs related to dockerfile file commands area/permissions categorized cmd/add differs-from-docker issue/chown needs-follow-up ok-to-close? possible-dupe priority/p1 Basic need feature compatibility with docker build. we should be working on this next. works-with-docker
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Create intermediate directories in COPY with correct uid and gid rhaps0dy/kaniko
3 participants
@jochenberger @aaron-prindle @QuentinN42