1

I am building a Docker image using the Node:12 base image. I am trying to switch it to use Node:12-alpine instead due to the smaller image size. I have installed bash and shadow in Alpine to be able to run chmod commands.

I am running into an error with one of the RUN commands RUN chmod +755. The error message: chmod: invalid mode '+755'

Note that this works using the Node:12 base image, so I think I just need to install another package in Alpine linux? Thanks!

FROM node:12.8-alpine

# Create working directory
RUN mkdir -p /home/node/app

# Set working directory
WORKDIR /home/node/app

# Install bash and shadow for permissions chmod commands
RUN apk add --no-cache bash && apk add shadow

# Add `/home/node/app/node_modules/.bin` to $PATH
ENV PATH /home/node/app/node_modules/.bin:$PATH

# Copy code
COPY --chown=node . /home/node/app

# Update umask
RUN chmod +755 /home/node/app/entrypoint.sh && \
    echo 'umask 002' >> /home/node/.profile && \
    echo 'umask 002' >> /home/node/.bashrc && \
    npm install

ENTRYPOINT ["./entrypoint.sh"]

CMD [ "npm", "start" ]
pengz
  • 2,279
  • 3
  • 48
  • 91
  • 2
    +755? what does the + represent? I know what the numbers are but that + is a mystery to me – Stefano Aug 26 '19 at 21:34
  • + means add this permission to the other permissions that the file already has. – pengz Aug 26 '19 at 21:37
  • 1
    `+` is used with `w r g u ..` but I don't think that it works with the numbers. Check the [man](https://ss64.com/bash/chmod.html) – Arnaud Claudel Aug 26 '19 at 21:44
  • @ArnaudClaudel Hmm, good to know. I actually didn't write that part of the script, and it does work on the node:12 base image (just not in Alpine). – pengz Aug 26 '19 at 22:01
  • 1
    The Alpine image uses `chmod` from the `busybox` project which is likely different from whichever `chmod` you use on your other image. The `busybox` chmod is very striped down and likely does not process the erroneous syntax of putting a `+` in front of numerical permissions. – GracefulRestart Aug 26 '19 at 23:03

1 Answers1

7

The various Alpine-based Docker images use a minimal toolset called BusyBox, which tends to only implement the functionality required in standard utilities and no more. In particular, the POSIX.1 definition of chmod specifies (emphasis mine):

The mode operand shall be either a symbolic_mode expression or a non-negative octal integer.

So according to the standard, you can either use the +rwx form to add bits, or the octal 0755 form to specify a permission, but not combine the two.

In the context of a Docker image, you're usually dealing with a pretty fixed filesystem layout, and in any case you know what you want the permissions to be; you should be able to run

RUN chmod 0755 /home/node/app/entrypoint.sh

without installing any additional packages.

(Also note that shell dotfiles usually aren't read by Docker, so the modifications to .profile and .bashrc have no effect. Typically you do want your application to be owned by root but executed by a different user, for an additional layer of security to prevent the application files from being unintentionally modified.)

David Maze
  • 130,717
  • 29
  • 175
  • 215