buildkit icon indicating copy to clipboard operation
buildkit copied to clipboard

Published 20 hours ago verified publisher icon moby

dockerfile: Support `--chmod` with non-octal notation, such as `--chmod=g=u`

Open thernstig opened this issue 4 years ago • 3 comments

https://github.com/moby/buildkit/pull/1492 added support for e.g. --chmod=744 during a COPY command. Here is the original issue for supporting octal notation https://github.com/moby/moby/issues/34819. However, in many situations this is insufficient.

For example, g=u is a way to chmod so that the group gets the same permissions as the user like so: chmod -R g=u dir. This would equal:

COPY --chmod=g=u --from=builder /server/ /server/

This is for example important in OpenShift.

@tobia also added some very valid argumentation for this: https://github.com/moby/moby/issues/34819#issuecomment-724077859:

The usefulness of alpha syntax usually comes from the capital X permission, which means "executable only if the file was previously executable or if it is a directory."

This is because a recursive COPY with --chmod=644 would make all directories non-executable, meaning non-traversable; while a --chmod=755 would make all files executable. Both are inappropriate therefore unuseable 99% of the time.

A recursive COPY with --chmod=u=rwX,go=rX (capital Xes) would set directories to 755 and files to 644, unless a given file already had the executable bit in the source filesystem, in which case it would get 755.

It would be very nice if this support could be added!

thernstig avatar Jan 21 '21 15:01 thernstig

As I currently need this feature I'd love to implement it, if someone can give me a little guidance on it?

manuschillerdev avatar Aug 12 '21 13:08 manuschillerdev

--umask would be nice too, see comment: https://github.com/moby/moby/issues/34819#issuecomment-724077859

rafrafek avatar Nov 21 '22 09:11 rafrafek

I'd love to see this implemented, as I need it too !

The usefulness of alpha syntax usually comes from the capital X permission, which means "executable only if the file was previously executable or if it is a directory."

This is because a recursive COPY with --chmod=644 would make all directories non-executable, meaning non-traversable; while a --chmod=755 would make all files executable. Both are inappropriate therefore unuseable 99% of the time.

A recursive COPY with --chmod=u=rwX,go=rX (capital Xes) would set directories to 755 and files to 644, unless a given file already had the executable bit in the source filesystem, in which case it would get 755.

The capital X is the reason I would like symbolic permissions to be supported. Aslo the g=u syntax.

Any news on this ?

Clovel avatar Aug 22 '24 12:08 Clovel