-
Notifications
You must be signed in to change notification settings - Fork 211
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
fixing permission bits for 'ADD root /' #136
Labels
Comments
This was referenced Sep 6, 2016
Some parts might have been already fixed by the accidental use of Will need to revisit properly, but low priority for now |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
I recently set 'umask 0077' on my box. This causes that 'git clone' results in lot of files
and directories with at most
rwx------
permissions, which is desired (for me, as Iconsider this to be rather safe default on multi-user box while I also need to have 'o+x'
on my home directory).
When the image is then build on such box, Dockerfile instruction
ADD root /
causesthat (for example)
/usr
directory hasdrwx------ root root
permissions and, for allusers except for root, we are unable to
execve()
any file within/usr/bin/..
. Thatresults in magic error messages for any command executed after
USER 26
instruction.This shouldn't be an immediate issue, but ATM the permissions under
root
are rathernot precisely defined. And I'm thinking about writing pull request for hack/build.sh
or fix-permissions explicitly ensuring that (some important) files/directories under
root
git directories have explicit permissions, others have 755 (directories) and 644 (regular
files without execute bit held by git) and 755 (for executable files).
Also, it could be considered good policy to re-install filesystem package right before
the
yum clean all
call, that re-sets the permissions for some important system directoriesaccording to defaults.
WDYT?
The text was updated successfully, but these errors were encountered: