The current USER directive changes the user which every RUN directive executes under. However, file copying instructions such as ADD and COPY are always copied with the owner being root:root. This was originally added in 026aebd, in order to fix #2684 and #3950. However, this results in an inconsistency in the Dockerfile interface, since USER can modify some directives, but not all of them.
I propose that the COPY directive should change the owner of any copied file to be the uid of the current user (as set by the USER directive and found by parsing /etc/shadow in the container -- or failing that, just setting it to nobody [65534]) and the gid should be the primary gid of the current user (as found by parsing the /etc/shadow file in the container -- or failing that, just setting it to nobody [65534]).
NOTE: After discussing this proposal on the IRC, it was decided that ADD should not be modified along the lines of this proposal (since it must be supported and backward compatible until it is deprecated and removed). To this end, I am only proposing that COPY should be modified, due to it's relative newness and since there is nowhere near as many backward compatibility concerns as with ADD.
EDIT: I propose a modification to the above proposal, such that:
- If the
b.Config.User is set to an empty string, then the same method as used in libcontainer is applied -- syscall.Getuid() and syscall.Getgid() are used instead.
- If
b.Config.User does not exist in /etc/passwd, then the builder emits an error.
Does anyone have any objections with the above modification to the proposal?
To assist in the tracking of patchsets and pull requests which are required to implement this proposal:
/ping @shykes and others.
The current
USERdirective changes the user which everyRUNdirective executes under. However, file copying instructions such asADDandCOPYare always copied with the owner beingroot:root. This was originally added in 026aebd, in order to fix #2684 and #3950. However, this results in an inconsistency in theDockerfileinterface, sinceUSERcan modify some directives, but not all of them.I propose that the
COPYdirective should change the owner of any copied file to be the uid of the current user (as set by theUSERdirective and found by parsing/etc/shadowin the container -- or failing that, just setting it to nobody [65534]) and the gid should be the primary gid of the current user (as found by parsing the/etc/shadowfile in the container -- or failing that, just setting it tonobody[65534]).NOTE: After discussing this proposal on the IRC, it was decided that
ADDshould not be modified along the lines of this proposal (since it must be supported and backward compatible until it is deprecated and removed). To this end, I am only proposing thatCOPYshould be modified, due to it's relative newness and since there is nowhere near as many backward compatibility concerns as withADD.EDIT: I propose a modification to the above proposal, such that:
b.Config.Useris set to an empty string, then the same method as used inlibcontaineris applied --syscall.Getuid()andsyscall.Getgid()are used instead.b.Config.Userdoes not exist in/etc/passwd, then the builder emits an error.Does anyone have any objections with the above modification to the proposal?
To assist in the tracking of patchsets and pull requests which are required to implement this proposal:
libcontainer/user. docker-archive/libcontainer#158:libcontainerpatchset to expose internal functions for parsing and filtering/etc/{passwd,group}files (allowing arbitraryio.Readersand thus container/etc/{passwd,group}files to be parsed).libcontainerand update to use newuserinterface. #9023:dockerpatch to use the abovelibcontainerpatch./ping @shykes and others.