buildah icon indicating copy to clipboard operation
buildah copied to clipboard
verified publisher icon containers

make `COPY` copy as the set `USER` when using a Containerfile to build a container

Open jerabaul29 opened this issue 1 year ago • 3 comments

Feature request description

For now, the following:

USER username
COPY file_on_host file_inside_container

results in file_inside_container to be owned by root:root. This feels inconsistent with the fact that USER is set. The workaround is to write:

COPY --chown=username:username file_on_host file_inside_container

which feels quite heavy / more error prone than just having a "context" set by USER.

Suggest potential solution

Would it be possible to consider changing the behavior of COPY, so that it follows the context set by the last preceding USER directive?

I.e. that:

USER username
COPY file_on_host file_inside_container

results in file_inside_container to be owned by username:username

?

Have you considered any alternatives?

For now the solution is:

COPY --chown=username:username file_on_host file_inside_container

but that feels ugly / heavy / error prone when after a USER directive one thinks commands happen as USER.

Additional context

No response

jerabaul29 avatar Dec 04 '24 21:12 jerabaul29

Our build code comes from buildah so moving there.

baude avatar Dec 05 '24 14:12 baude

That's the long-documented behavior, and the COPY instruction provides a --chown flag for overriding that default. I don't expect to change the default.

nalind avatar Dec 06 '24 16:12 nalind

A friendly reminder that this issue had no activity for 30 days.

github-actions[bot] avatar Jan 06 '25 00:01 github-actions[bot]