Last active
February 18, 2020 18:19
-
-
Save pcewing/cadaf22b7f6803c8f4afec9439e2719b to your computer and use it in GitHub Desktop.
Demonstration of: https://github.com/moby/moby/issues/40539
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
[container_demo] docker image build -t myapp . | |
Sending build context to Docker daemon 2.048kB | |
Step 1/3 : FROM centos:latest | |
---> 470671670cac | |
Step 2/3 : RUN groupadd -r -g 1001 john && groupadd -r -g 1050 myapp && useradd -rM -g john -G myapp -u 1001 john && mkdir -p /var/john && chown -R john:john /var/john | |
---> Using cache | |
---> a889fe7bf9cb | |
Step 3/3 : USER john:john | |
---> Using cache | |
---> 4ce8cad43e73 | |
Successfully built 4ce8cad43e73 | |
Successfully tagged myapp:latest | |
[container_demo] docker container run -it myapp /bin/bash | |
bash-4.4$ whoami | |
john | |
bash-4.4$ id john | |
uid=1001(john) gid=1001(john) groups=1001(john),1050(myapp) | |
bash-4.4$ ls -l /var | grep john | |
drwxr-xr-x 2 john john 4096 Feb 14 02:13 john | |
bash-4.4$ touch /var/john/test.txt | |
bash-4.4$ ls -l /var/john/test.txt | |
-rw-r--r-- 1 john john 0 Feb 14 02:33 /var/john/test.txt | |
bash-4.4$ chown john:myapp /var/john/test.txt | |
chown: changing ownership of '/var/john/test.txt': Operation not permitted | |
bash-4.4$ lsattr /var/john | |
--------------e---- /var/john/test.txt | |
bash-4.4$ lsattr /var/john/test.txt | |
--------------e---- /var/john/test.txt | |
bash-4.4$ ls -lna /var/john | |
total 12 | |
drwxr-xr-x 1 1001 1001 4096 Feb 18 17:13 . | |
drwxr-xr-x 1 0 0 4096 Feb 14 02:13 .. | |
-rw-rw-r-- 1 1001 1001 0 Feb 18 17:13 test.txt |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
FROM centos:latest | |
RUN groupadd -r -g 1001 john && \ | |
groupadd -r -g 1050 myapp && \ | |
useradd -rM -g john -G myapp -u 1001 john && \ | |
mkdir -p /var/john && \ | |
chown -R john:john /var/john | |
USER john:john |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
run interactively:
run via "build"