Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Feature request: allow setting sticky-flag in directoryPermissions #3594

Closed
tnaroska opened this issue Mar 5, 2022 · 1 comment
Closed

Feature request: allow setting sticky-flag in directoryPermissions #3594

tnaroska opened this issue Mar 5, 2022 · 1 comment
Labels
area/jib-core enhancement

Comments

@tnaroska
Copy link

tnaroska commented Mar 5, 2022

Environment:

Jib version: jib.core 0.20.0
Build tool: N/A
OS: N/A

Description of the issue:

Jib only allows directoryPermissions and filePermissions of 3 octal digits. With this limitation it is not possible to set extended attributes like sticky-bit for directories or setuid/setgid for files.
For example, temp directories usually are created with mode 01777, this is not possible with jib.

Expected behavior:

Jib should allow extended file permission bits like sticky-flag in directoryPermissions and filePermissions.

Steps to reproduce:

Scenario is to add a build artifact into a docker image inside /tmp using jib:

layers:
    ...
      files:
        - src: work/artifacts/
          dest: /tmp
          includes:
            - "**/binary.tar.gz"

The directory /tmp exists in the base image with mode 1777. Due to #1270 jib overwrites the pre-existing /tmp with default permissions 755.

Trying to workaround #1270 by explicitly adding /tmp to my jib config:

layers:
    ...
      files:
        - src: jib-placeholder/
          dest: /tmp/
          properties:
            user:  "0"
            group: "0"
            directoryPermissions: "1777"
        - src: work/artifacts/
          dest: /tmp
          includes:
            - "**/binary.tar.gz"

This fails due to jib enforcing directoryPermissions to be 3 octal digits.

Log output: 

[cutycapt] [ERROR] com.fasterxml.jackson.databind.exc.ValueInstantiationException: Cannot construct instance of `com.google.cloud.tools.jib.cli.buildfile.FilePropertiesSpec`, problem: octalPermissions must be a 3-digit octal number (000-777)

Additional Information:
Some code search showed at least two places that would need to change:
@mpeddada1
Copy link
Contributor

mpeddada1 commented Mar 8, 2022
edited
Loading

Hi @tnaroska, thanks for filing the issue and describing your use case! This relates to assigning permissions to directories on the container so we want to be careful about the formats we allow. Looking at previous discussions around implementation, using the 3-digit format seemed like a very intentional change to reduce any ambiguity (sometimes 0777 could mean something different than 777) in interpreting the permissions so I'm a little hesitant about going ahead with this at the moment. We can reopen this and discuss further if there is more interest in this feature from the community.

Additionally, on the topic of temporary directories, you might find this comment on the best practices to be helpful.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
area/jib-core enhancement
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@tnaroska @mpeddada1