1

I am trying to create/permission to folders using a non-root user using an image from ubi8/ubi-minimal redhat.

Here are two questions:

  1. Make a folder: Another way to give non-user permission to create folders and give permission to folders. I have searched a bit. Could be possible under the RUN command after it installs all package with microdnf?
  2. Give access: Will RUN chmod -R 777 /app is not best practice and best to do RUN chown -R $USER:$USER /app?

Here is my Dockerfile which I repeat chown a bit for permission.

FROM registry.access.redhat.com/ubi8/ubi-minimal

ENV USER=appuser

RUN microdnf update -y \
    && rm -rf /var/cache/yum \
    && microdnf install gcc wget tar gzip make zlib-devel findutils bzip2-devel openssl-devel ncurses-devel \
       sqlite-devel libffi-devel xz-devel which shadow-utils \
    && microdnf clean all ;\
    useradd -m $USER

RUN chown -R $USER:$USER /opt

RUN mkdir -p /app
RUN chown $USER /app
USER $USER
WORKDIR /app
COPY  . /app/

RUN chown -R $USER:$USER /app
Mark Rotteveel
  • 100,966
  • 191
  • 140
  • 197
Bebe
  • 77
  • 1
  • 14
  • 1
    I wrote up a recipe in [Permissions best-practices when using docker exec](https://stackoverflow.com/questions/69652433/permissions-best-practices-when-using-docker-exec); does this help you? You should only need write permissions on a dedicated data directory and not your entire application, and if that directory is going to be a host-directory bind mount, you won't know the user owner during the image build. – David Maze Jan 14 '22 at 20:31
  • @Mark Rotteveel thank you for your link, I saw that link too, is this also applies for ```microdnf```? because I only use ```useradd``` command and not ```adduser``` – Bebe Jan 14 '22 at 20:40
  • I think you meant to notify @DavidMaze, because I didn't provide a link. – Mark Rotteveel Jan 15 '22 at 06:48
  • @Mark Rotteveel, my bet yeah sorry about that but @David Maze your link help how things should flow but I am using `microdnf` to `adduser`. – Bebe Jan 15 '22 at 16:19

0 Answers0