-
Notifications
You must be signed in to change notification settings - Fork 1.4k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Unnecessary overwrites of directories, resulting changes to owners and permissions #1270
Comments
Hello, Is there any change this bug might end up corrected, despite being low priority ? Or is there any workaround ? |
If you control you base image, maybe you can control this using some sort of symlink? Are you using a standard jboss image? |
Maybe I misunderstood your comment, how would symlinks help with permissions ? I am not using a standard jboss image, but close (we rebuilt it with minor tweaks). A possible workaround would be pushing the exploded war somewhere else (appRoot configuration), and copy it at container start time using a custom entrypoint ; then I would be able to control permissions better. Edit: oh wait, did you mean putting the appRoot somewhere else, and symlinking wildfly deployment to it ? That's a great idea ! I'll try that tomorrow. Thanks @loosebazooka ! |
Yeah either symlinking the directory |
Hello @loosebazooka ,
Yes. I don't know if it's a bug or not, but if I try to configure packaged, JIB gives the following:
|
Don't set And double-check if your issue is really from the ownership problem or the permissions problem. We've seen a lot of people mistakenly jumped into their conclusion without knowing that If 755 doesn't work for you, it probably means that your application is trying to mutate |
Hello @chanseokoh,
So, that means that WAR can only be in exploded mode ?
Good idea, I will check that ASAP.
My application is effectively mutating the parent of the |
What are the cousins folders and what is the purpose of creating them? Are they for temporary files? It depends on why you are creating them, but maybe you'd want to mount volumes for the cousins folders if you have to write. |
Forgot to answer this. Yes, |
FTR: #1257 is resolved using a Jib extension. This issue is documented as one of the known limitations of the extension, where there is a workaround. |
Just came across this problem with the jetty:9-jre11-slim image on Docker Hub. I'm using that rather than Distroless for multi-arch (ARM64) support, and for some reason the default entrypoint shell script tries to create a directory in /var/lib/jetty on startup. Here's the properties I add to get everything working:
Hope it's useful to somebody. :) |
I just ran into this myself. I have to copy some files into an image that are then modified. As a result the modified outputs are saved to new files with a suffix appended to their respective original filenames. The directory gets all the neccessary permissions to be writable by the user in the base image, but copying files to this location changes the entire directory path to root ownership. I also tried to explicitly set the permissions via |
@Marty another option is to use the Onwership extension (#1270 (comment)), which will allow you to change onwership of those directories. |
Hello,
image built by jib on top of above base image
|
Any updates on this issue, facing same thing, even with https://github.com/GoogleContainerTools/jib-extensions/tree/master/first-party/jib-ownership-extension-gradle |
@yazimpact if the ownership extension doesn't seem to work for you, check out the known limitations and the workaround.
|
The way we took to fix #727 and #523 was to add TAR archive entries to enumerate all parent directories of any given file and explicitly set permissions for those parent directories: PR #891. The consequence is that owner:group is always reset to
root:root
and the permission mode 755 for all the directories involved.So, let's say I have a base Tomcat image where the owner:group and the permission of
/usr
are 12345:54321 and 750:Now, if Jib builds an image where
/usr
is one of the parent directories of my<appRoot>
,the owner and the permission are reset (to the values we chose).
It will be ideal to not touch the owners and permissions of existing directories.
Also note that
<appRoot>
and its parent directories will always beroot:root
and 755.The text was updated successfully, but these errors were encountered: