2

I build a docker image based on following Dockerfile on Ubuntu:

FROM openjdk:8-jre-alpine

USER root
RUN echo XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX && ls -ald /
RUN chmod 777 /
RUN echo XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX && ls -ald /

ENTRYPOINT [ "sh", "-c", "echo test" ]

I'm expecting that the root path obtains the set permissions but building the docker image outputs following (consider the output of ls -ald /):

docker build  . -f Dockerfile 

Sending build context to Docker daemon  2.048kB
Step 1/6 : FROM openjdk:8-jre-alpine
 ---> b76bbdb2809f
Step 2/6 : USER root
 ---> Using cache
 ---> 18045a1e2d82
Step 3/6 : RUN echo XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX && ls -ald /
 ---> Running in 2309a8753729
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
drwxr-xr-x    1 root     root          4096 Mar 19 13:50 /
Removing intermediate container 2309a8753729
 ---> 809221ec8f71
Step 4/6 : RUN chmod 777 /
 ---> Running in 81df09ec266c
Removing intermediate container 81df09ec266c
 ---> 9ea5e2282356
Step 5/6 : RUN echo XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX && ls -ald /
 ---> Running in ef91613577da
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
drwxr-xr-x    1 root     root          4096 Mar 19 13:50 /
Removing intermediate container ef91613577da
 ---> cd7914160661
Step 6/6 : ENTRYPOINT [ "sh", "-c", "echo test" ]
 ---> Running in 3d724aca37fe
Removing intermediate container 3d724aca37fe
 ---> 143e46ec55a8
Successfully built 143e46ec55a8

How can I determine the permissions?

UPDATE: I have specific reasons why I'm temporarily forced to set these permissions on root folder: Unfortunately, I'm running a specific application within the container with another user than root and this application writes something directly into /. Currently, this isn't configurable.

If I do it on another folder under root, it works as expected:

...
Step 6/8 : RUN mkdir -p /mytest && chmod 777 /mytest
 ---> Running in 7aa3c7b288fd
Removing intermediate container 7aa3c7b288fd
 ---> 1717229e5ac0
Step 7/8 : RUN echo ZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZ && ls -ald /mytest
 ---> Running in 2238987e1dd6
ZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZ
drwxrwxrwx    2 root     root          4096 Mar 19 14:42 /mytest
...

On execution of container:

drwxrwxrwx    2 root     root          4096 Mar 19 14:42 mytest
PAX
  • 1,056
  • 15
  • 33
  • 1
    the real question why do you want to make `/` with `777` permissions ? even if this is a test, I suggest that you test on a directory after creating it and not to miss with the actual system permissions – Mostafa Hussein Mar 19 '19 at 14:05
  • There are some reasons why I'm temporarily forced to set these permissions on root – PAX Mar 19 '19 at 14:39
  • If you have another problem that you maybe think that is a solution or a temporarily solution for it you can update the question with it so we can guide you to a better solution – Mostafa Hussein Mar 19 '19 at 14:41
  • Could you elaborate on what the specific reasons _are_ though, so we could think about ways to work around them? – AKX Mar 19 '19 at 14:48
  • Okay, thanks! I did right now! – PAX Mar 19 '19 at 14:52
  • Okay, in that case would it maybe be possible to run the app in a `chroot`, so it thinks it's writing into `/` but actually writes somewhere else within the container? :) – AKX Mar 19 '19 at 14:54
  • This sounds promising... Possibly in combination with ``fakeroot`` and ``fakechroot``... https://stackoverflow.com/a/3738779/2138953 – PAX Mar 19 '19 at 16:13
  • I think there is a but in Overlay that prevent your permissions from changing. The best way to do it is using a script inside you Entrypoint. `echo "chmod 777 /; exec yourapp" > entrypoint.sh` https://serverfault.com/q/772227 – Iduoad Jan 10 '21 at 06:46

1 Answers1

0

To check the permission of your root folder bash inside your container, perform following opertations

  • docker exec -it container_id bash
  • cd /
  • ls -ald
bot
  • 1,293
  • 3
  • 17
  • 34
  • The questioner is explicitly running `ls -ald /`. – David Maze Mar 19 '19 at 14:12
  • Yeah, but this is one of the solution to find the permissions of the root folder of your container, which is the original question here. – bot Mar 19 '19 at 14:31
  • I just entered the container and run the command. The permissions are not the one I set: ``/ # ls -ald drwxr-xr-x 1 root root 4096 Mar 19 14:36 .`` – PAX Mar 19 '19 at 14:38
  • May I please ask why are you are doing `chmod 777` on your root folder and expecting `drwxr-wxr-wxr` permission for root user in this folder? This is the root folder, and just like linux it has bin, dev, etc, home, lib, media, mnt, opt, proc, root, run, sbin, srv, sys, tmp, usr and var folder inside your container. If you have a valid reason I would say adding a `sudo` in your chmod command will work but this might give you an error if you do it from the dockerfile. So, you can bash inside your container and run this command. – bot Mar 19 '19 at 14:56