Docker COPY command give 777 access to the copied file

About

Asked 24/12, 2015 at 0:11 Answered 26/8, 2021 at 12:6

In my docker file I have below command:

USER gerrit
COPY gerrit-default-config /var/gerrit/etc/gerrit.config

Running the image I see that the file access number is 777. Is it default value? Is there a way to change the access other than running chmod after each COPY?

RUN chmod 600 /var/gerrit/etc/gerrit.config

Sweeny answered 24/12, 2015 at 0:11 Comment(1)

Permission 777 is definitely not the default value. What is the permission of your local file ? ls -l gerrit-default-config – Pyelonephritis 24/12, 2015 at 1:25

The permissions are inherited from your host. If that file is on 777 on your host before copying then you get 777 in the container.

If you don't want 777 here ever, just chmod it to 600 in the host.

Source: https://github.com/docker/docker/issues/6333

Redstone answered 24/12, 2015 at 1:37 Comment(0)

Update 2021: there's now a flag for ADD and COPY.
(Docker Engine >= 20.10, Docker BuildKit enabled, docker/dockerfile >= 1.3)

# syntax=docker/dockerfile:1
FROM debian:buster
COPY --chmod=0644 file /path

Because file usages are written in the Dockerfile (i.e. which serves as documentation), it makes sense to explicit the permissions in the Dockerfile too, rather than in another file hidden in the CICD process.

FTR Git does not store Unix permissions, only the executable flag.

Lindbergh answered 26/8, 2021 at 12:6 Comment(3)

It may require Docker BuildKit. – Cutup 8/9, 2022 at 16:2

Please state which version of Docker is required for the --chmod flag on COPY, I do not see that in the current version's online doc: docs.docker.com/engine/reference/builder/#copy – Ciceronian 9/2, 2023 at 11:33

Updated. As of today the PR to add this flag to the documentation is still pending. – Lindbergh 9/2, 2023 at 12:40

Hot tags

Godot Unity Godot Help Programming Godot 4.X GUI GDScript 3D 2D Physics CSharp Godot 3.X VR XR Projects C++

Recommended topics

Hot tags