19

In my docker file I have below command:

USER gerrit
COPY gerrit-default-config /var/gerrit/etc/gerrit.config

Running the image I see that the file access number is 777. Is it default value? Is there a way to change the access other than running chmod after each COPY?

RUN chmod 600 /var/gerrit/etc/gerrit.config
Sara
  • 2,308
  • 11
  • 50
  • 76
  • Permission `777` is definitely not the default value. What is the permission of your local file ? `ls -l gerrit-default-config` – vikas027 Dec 24 '15 at 01:25

2 Answers2

24

The permissions are inherited from your host. If that file is on 777 on your host before copying then you get 777 in the container.

If you don't want 777 here ever, just chmod it to 600 in the host.

Source: https://github.com/docker/docker/issues/6333

Armin Braun
  • 3,645
  • 1
  • 17
  • 33
8

Update 2021: there's now a flag for ADD and COPY.
(Docker Engine >= 20.10, Docker BuildKit enabled, docker/dockerfile >= 1.3)

# syntax=docker/dockerfile:1
FROM debian:buster
COPY --chmod=0644 file /path

Because file usages are written in the Dockerfile (i.e. which serves as documentation), it makes sense to explicit the permissions in the Dockerfile too, rather than in another file hidden in the CICD process.

FTR Git does not store Unix permissions, only the executable flag.

Jonathan Giroux
  • 377
  • 3
  • 5
  • 2
    It may require Docker BuildKit. – Artfaith Sep 08 '22 at 16:02
  • Please state which version of Docker is required for the `--chmod` flag on `COPY`, I do not see that in the current version's online doc: https://docs.docker.com/engine/reference/builder/#copy – chrisinmtown Feb 09 '23 at 11:33
  • Updated. As of today [the PR to add this flag to the documentation](https://github.com/docker/cli/issues/2941) is still pending. – Jonathan Giroux Feb 09 '23 at 12:40