My Dockerfile creates a directory, chown's it, and then lists the directory afterwards. The directory is still owned by root. Why is that?
Here is the Dockerfile:
FROM ubuntu:precise
RUN useradd -d /home/testuser -m -s /bin/bash testuser
RUN mkdir -p /var/local/testrunner/logs
VOLUME ["/var/local/testrunner/logs"]
RUN grep testuser /etc/passwd
RUN grep root /etc/passwd
RUN chown -R testuser:testuser /var/local/testrunner/logs
RUN ls -ld /var/local/testrunner/logs
Here is the output from "docker build":
Sending build context to Docker daemon 10.24 kB
Sending build context to Docker daemon
Step 0 : FROM ubuntu:precise
---> ab8e2728644c
Step 1 : RUN useradd -d /home/testuser -m -s /bin/bash testuser
---> Using cache
---> 640f12671c86
Step 2 : RUN mkdir -p /var/local/testrunner/logs
---> Using cache
---> bf7756fd5b1f
Step 3 : VOLUME ["/var/local/testrunner/logs"]
---> Using cache
---> 65c73ee76c20
Step 4 : RUN grep testuser /etc/passwd
---> Using cache
---> db72fff0b965
Step 5 : RUN grep root /etc/passwd
---> Running in ebff78df7a9a
root:x:0:0:root:/root:/bin/bash
---> ead0ff704a59
Removing intermediate container ebff78df7a9a
Step 6 : RUN chown -R testuser:testuser /var/local/testrunner/logs
---> Running in c925f67b2ab4
---> 253132be935e
Removing intermediate container c925f67b2ab4
Step 7 : RUN ls -ld /var/local/testrunner/logs
---> Running in 978bc66aa47e
drwxr-xr-x 2 root staff 4096 Oct 1 15:15 /var/local/testrunner/logs
Docker version 1.2.0, build fa7b24f
The host runs Ubuntu 12.04, but with a 3.13.0-36-generic kernel.
Answering my own question: it's declared to be a volume. If you take out the VOLUME instruction, the chown takes effect.
What's more, if you declare the volume after running chown, the chown settings remain in effect.
This blog http://container42.com/2014/11/03/docker-indepth-volumes/ explains this behaviour in detail.
Each instruction in the Dockerfile creates a new container. The instruction make some changes to this container and becomes a new layer. The changes made to "/var/local/testrunner/logs" before VOLUME instruction were made to the actual container filesystem. However, after VOLUME instruction, the directory "/var/local/testrunner/logs" is the mounted directory. The changes made to this directory after VOLUME instruction will apply on the mounted directory and not the actual container filesystem.
In my experience, chown does not work when mounting to root (VOLUME /test). Use a non-root location (VOLUME /var/test).
来源:https://stackoverflow.com/questions/26145351/why-doesnt-chown-work-in-dockerfile