Closed5
Dockerでchownしたファイルはイメージをマウントするとrootのものに戻ってしまう
zunda環境
$ lsb_release -d
Description: Ubuntu 22.04.3 LTS
$ docker --version
Docker version 20.10.25, build 20.10.25-0ubuntu1~22.04.1
$ id
uid=1001(zunda) gid=1001(zunda) groups=1001(zunda),139(docker)
下記でDocker版のDockerに更新したら期待どおりのownerになりました。
$ docker --version
Docker version 24.0.5, build ced0996
一般ユーザーとして自分のファイルを読めない
$ cat Dockerfile
FROM ubuntu:22.04
ARG USERNAME=user
ARG GROUPNAME=user
ARG UID=1000
ARG GID=1000
RUN groupadd -g $GID $GROUPNAME && useradd -m -u $UID -g $GID $USERNAME
USER $USERNAME
WORKDIR /home/$USERNAME/
RUN ls -a
$ docker build .
:
Step 1/9 : FROM ubuntu:22.04
---> 5a81c4b8502e
:
Step 6/9 : RUN groupadd -g $GID $GROUPNAME && useradd -m -u $UID -g $GID $USERNAME
---> Running in b07101f99e8a
Removing intermediate container b07101f99e8a
---> 5f248e17dcaf
Step 7/9 : USER $USERNAME
---> Running in 44a2ffac160b
Removing intermediate container 44a2ffac160b
---> b3c1d54f5d9c
Step 8/9 : WORKDIR /home/$USERNAME/
---> Running in 9dc2a9ad4dfe
Removing intermediate container 9dc2a9ad4dfe
---> c8640a4d1a51
Step 9/9 : RUN ls -a
---> Running in c19d00f02e06
ls: cannot open directory '.': Permission denied
The command '/bin/sh -c ls -a' returned a non-zero code: 2
uidとgidをホスト側のユーザーに合わせてもうまくいかない。
$ cat Dockerfile
FROM ubuntu:22.04
ARG USERNAME=user
ARG GROUPNAME=user
ARG UID=1001
ARG GID=1001
RUN groupadd -g $GID $GROUPNAME && useradd -m -u $UID -g $GID $USERNAME
USER $USERNAME
WORKDIR /home/$USERNAME/
RUN ls -a
$ docker build .
:
Step 9/9 : RUN ls -a
---> Running in 94cbd0174a4a
ls: cannot open directory '.': Permission denied
The command '/bin/sh -c ls -a' returned a non-zero code: 2
ユーザー名とグループ名をホスト側のユーザーに合わせてもうまくいかない。
$ cat Dockerfile
FROM ubuntu:22.04
ARG USERNAME=zunda
ARG GROUPNAME=zunda
ARG UID=1001
ARG GID=1001
RUN groupadd -g $GID $GROUPNAME && useradd -m -u $UID -g $GID $USERNAME
USER $USERNAME
WORKDIR /home/$USERNAME/
RUN ls -a
$ docker build .
:
Step 9/9 : RUN ls -a
---> Running in 4a574bfd5120
ls: cannot open directory '.': Permission denied
The command '/bin/sh -c ls -a' returned a non-zero code: 2
Ubuntuのインストール時に最初に作ったユーザーをdockerグループに入れてもうまくいかない。
$ id
uid=1000(system) gid=1000(system) groups=1000(system),4(adm),24(cdrom),27(sudo),30(dip),46(plugdev),122(lpadmin),131(lxd),132(sambashare),139(docker)
$ cat Dockerfile
FROM ubuntu:22.04
ARG USERNAME=user
ARG GROUPNAME=user
ARG UID=1000
ARG GID=1000
RUN groupadd -g $GID $GROUPNAME && useradd -m -u $UID -g $GID $USERNAME
USER $USERNAME
WORKDIR /home/$USERNAME/
RUN ls -a
$ docker build .
:
Step 9/9 : RUN ls -a
---> Running in a02522726f48
ls: cannot open directory '.': Permission denied
The command '/bin/sh -c ls -a' returned a non-zero code: 2
rootの持ち物になっている
$ id
uid=1001(zunda) gid=1001(zunda) groups=1001(zunda),139(docker)
$ cat Dockerfile
FROM ubuntu:22.04
ARG USERNAME=user
ARG GROUPNAME=user
ARG UID=1000
ARG GID=1000
RUN groupadd -g $GID $GROUPNAME && useradd -m -u $UID -g $GID $USERNAME
USER $USERNAME
WORKDIR /home/$USERNAME/
RUN ls -la /home
RUN ls -la
$ docker build .
:
Step 9/10 : RUN ls -la /home
---> Running in 6625059a25d7
total 12
drwxr-xr-x 1 root root 4096 Aug 14 00:05 .
drwxr-xr-x 1 root root 4096 Aug 14 00:35 ..
drwxr-x--- 2 root root 4096 Aug 14 00:05 user
Removing intermediate container 6625059a25d7
---> dba0a921faf1
Step 10/10 : RUN ls -la
---> Running in 62e8acd0b960
ls: cannot open directory '.': Permission denied
The command '/bin/sh -c ls -la' returned a non-zero code: 2
useraddと同じイメージではchownされているように見える。
$ cat Dockerfile
FROM ubuntu:22.04
ARG USERNAME=user
ARG GROUPNAME=user
ARG UID=1000
ARG GID=1000
RUN groupadd -g $GID $GROUPNAME && useradd -m -u $UID -g $GID $USERNAME && ls -la /home
USER $USERNAME
WORKDIR /home/$USERNAME/
RUN ls -la /home
RUN ls -la
$ docker build .
:
Step 6/10 : RUN groupadd -g $GID $GROUPNAME && useradd -m -u $UID -g $GID $USERNAME && ls -la /home
---> Running in d83a7cb8c6ea
total 12
drwxr-xr-x 1 root root 4096 Aug 14 00:37 .
drwxr-xr-x 1 root root 4096 Aug 14 00:36 ..
drwxr-x--- 2 user user 4096 Aug 14 00:37 user
Removing intermediate container d83a7cb8c6ea
---> 1682b8f0e7ec
Step 7/10 : USER $USERNAME
---> Running in 40250bb1971c
Removing intermediate container 40250bb1971c
---> f81e49a46ea9
Step 8/10 : WORKDIR /home/$USERNAME/
---> Running in 7f1ae36f7ae1
Removing intermediate container 7f1ae36f7ae1
---> c554075f3f73
Step 9/10 : RUN ls -la /home
---> Running in 92bb9ea27233
total 12
drwxr-xr-x 1 root root 4096 Aug 14 00:37 .
drwxr-xr-x 1 root root 4096 Aug 14 00:37 ..
drwxr-x--- 2 root root 4096 Aug 14 00:37 user
Removing intermediate container 92bb9ea27233
---> a2ec56e9e3cf
Step 10/10 : RUN ls -la
---> Running in 5122bde9c313
ls: cannot open directory '.': Permission denied
The command '/bin/sh -c ls -la' returned a non-zero code: 2
となりのイメージで既に持ち主がroot.rootに戻っている。
$ cat Dockerfile
FROM ubuntu:22.04
ARG USERNAME=user
ARG GROUPNAME=user
ARG CUID=1000
ARG CGID=1000
RUN groupadd -g $CGID $GROUPNAME && useradd -m -u $CUID -g $CGID $USERNAME && ls -la /home
RUN ls -la /home
$ docker build .
:
Step 6/7 : RUN groupadd -g $CGID $GROUPNAME && useradd -m -u $CUID -g $CGID $USERNAME && ls -la /home
---> Running in d5845e614533
total 12
drwxr-xr-x 1 root root 4096 Aug 14 00:46 .
drwxr-xr-x 1 root root 4096 Aug 14 00:46 ..
drwxr-x--- 2 user user 4096 Aug 14 00:46 user
Removing intermediate container d5845e614533
---> 6b6b793d4066
Step 7/7 : RUN ls -la /home
---> Running in 2a0897e10a0a
total 12
drwxr-xr-x 1 root root 4096 Aug 14 00:46 .
drwxr-xr-x 1 root root 4096 Aug 14 00:46 ..
drwxr-x--- 2 root root 4096 Aug 14 00:46 user
Removing intermediate container 2a0897e10a0a
---> 9d592cb5bb06
Successfully built 9d592cb5bb06
ホスト側には無いuidとgidを使っても期待どおりにはならない。
$ cat Dockerfile
FROM ubuntu:22.04
ARG USERNAME=user
ARG GROUPNAME=user
ARG CUID=10000
ARG CGID=10000
RUN groupadd -g $CGID $GROUPNAME && useradd -m -u $CUID -g $CGID $USERNAME && ls -la /home
RUN ls -la /home
$ docker build .
:
Step 6/7 : RUN groupadd -g $CGID $GROUPNAME && useradd -m -u $CUID -g $CGID $USERNAME && ls -la /home
---> Running in 9343ce481a5b
total 12
drwxr-xr-x 1 root root 4096 Aug 14 00:52 .
drwxr-xr-x 1 root root 4096 Aug 14 00:52 ..
drwxr-x--- 2 user user 4096 Aug 14 00:52 user
Removing intermediate container 9343ce481a5b
---> ffd6d72a1e6b
Step 7/7 : RUN ls -la /home
---> Running in de11d27c7965
total 12
drwxr-xr-x 1 root root 4096 Aug 14 00:52 .
drwxr-xr-x 1 root root 4096 Aug 14 00:52 ..
drwxr-x--- 2 root root 4096 Aug 14 00:52 user
Removing intermediate container de11d27c7965
---> 19922753a8e1
Successfully built 19922753a8e1
Dockerが古いのかもしれない
Docker 24.0.5だと期待通り動いていると知らせていただいた。
手元では、
$ dpkg -S `which docker`
docker.io: /usr/bin/docker
$ dpkg -l docker.io
Desired=Unknown/Install/Remove/Purge/Hold
| Status=Not/Inst/Conf-files/Unpacked/halF-conf/Half-inst/trig-aWait/Trig-pend
|/ Err?=(none)/Reinst-required (Status,Err: uppercase=bad)
||/ Name Version Architecture Description
+++-==============-=========================-============-=================================
ii docker.io 20.10.25-0ubuntu1~22.04.1 amd64 Linux container runtime
https://docs.docker.com/engine/install/ より https://docs.docker.com/engine/install/ubuntu/ に従って、Ubuntu版のDockerを消し、
$ sudo apt remove --purge docker.io
:
Nuking /var/lib/docker ...
(if this is wrong, press Ctrl+C NOW!)
+ sleep 10
:
--purgeするとイメージも消してくれるのかな?
Docker版のDockerを入れる。
$ curl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo gpg --dearmor -o /etc/apt/keyrings/docker.gpg
$ sudo chmod a+r /etc/apt/keyrings/docker.gpg
$ echo \
"deb [arch="$(dpkg --print-architecture)" signed-by=/etc/apt/keyrings/docker.gpg] https://download.docker.com/linux/ubuntu \
"$(. /etc/os-release && echo "$VERSION_CODENAME")" stable" | \
sudo tee /etc/apt/sources.list.d/docker.list > /dev/null
$ sudo apt update
$ sudo apt install docker-ce docker-ce-cli containerd.io docker-buildx-plugin docker-compose-plugin
$ sudo service docker start
$ docker --version
Docker version 24.0.5, build ced0996
Docker 24.0.5で試す
$ cat Dockerfile
FROM ubuntu:22.04
ARG USERNAME=user
ARG GROUPNAME=user
ARG CUID=10000
ARG CGID=10000
RUN groupadd -g $CGID $GROUPNAME && useradd -m -u $CUID -g $CGID $USERNAME
RUN ls -la /home
USER $USERNAME
RUN ls -la /home
RUN ls -la ~
$ docker build --progress=plain .
:
#5 [2/5] RUN groupadd -g 10000 user && useradd -m -u 10000 -g 10000 user
#5 DONE 0.3s
#6 [3/5] RUN ls -la /home
#6 0.399 total 12
#6 0.399 drwxr-xr-x 1 root root 4096 Aug 16 23:42 .
#6 0.399 drwxr-xr-x 1 root root 4096 Aug 16 23:42 ..
#6 0.399 drwxr-x--- 2 user user 4096 Aug 16 23:42 user
#6 DONE 0.5s
#7 [4/5] RUN ls -la /home
#7 0.325 total 12
#7 0.325 drwxr-xr-x 1 root root 4096 Aug 16 23:42 .
#7 0.325 drwxr-xr-x 1 root root 4096 Aug 16 23:42 ..
#7 0.325 drwxr-x--- 2 user user 4096 Aug 16 23:42 user
#7 DONE 0.3s
#8 [5/5] RUN ls -la ~
#8 0.434 total 20
#8 0.434 drwxr-x--- 2 user user 4096 Aug 16 23:42 .
#8 0.434 drwxr-xr-x 1 root root 4096 Aug 16 23:42 ..
#8 0.434 -rw-r--r-- 1 user user 220 Jan 6 2022 .bash_logout
#8 0.434 -rw-r--r-- 1 user user 3771 Jan 6 2022 .bashrc
#8 0.434 -rw-r--r-- 1 user user 807 Jan 6 2022 .profile
#8 DONE 0.5s
#9 exporting to image
#9 exporting layers 0.1s done
#9 writing image sha256:6e6ff2beff589b4c747c211e7f8a1a066c928644c725d2c29bc9e6ccbabab087 done
#9 DONE 0.1s
期待どおりになったようです。
このスクラップは2023/08/17にクローズされました