1

VMware Workstation: 16.2.5/17.0.2

Ubuntu: 20.04.6/22.04.3

Dockerfile:

FROM debian:12.1-slim

WORKDIR /root

RUN groupadd -f ernie-1001 -g 1001 \
    && groupadd -f ernie-1000 -g 1000 \
    && useradd -ms /bin/bash ernie -g 1001 -G 1000 \
    && printf "ernie:ernie" | chpasswd \
    && adduser ernie sudo \
    && printf "ernie ALL= NOPASSWD: ALL\\n" >> /etc/sudoers

On a fresh new Ubuntu 22.04.3 installation we run the following sequence of commands and expect exactly this output:

$ sudo apt install docker-compose
$ sudo docker build . -t strange:1.0
$ sudo docker run -it --name strangebase strange:1.0
root@d031fe5152e4:~# su ernie
ernie@d031fe5152e4:/root$ cd
ernie@d031fe5152e4:~$ ls -all
total 20
drwxr-xr-x 2 ernie ernie-1001 4096 Aug 19 04:16 .
drwxr-xr-x 1 root  root       4096 Aug 19 04:16 ..
-rw-r--r-- 1 ernie ernie-1001  220 Apr 23 21:23 .bash_logout
-rw-r--r-- 1 ernie ernie-1001 3526 Apr 23 21:23 .bashrc
-rw-r--r-- 1 ernie ernie-1001  807 Apr 23 21:23 .profile
ernie@d031fe5152e4:~$

What we get instead:

$ sudo apt install docker-compose
$ sudo docker build . -t strange:1.0
$ sudo docker run -it --name strangebase strange:1.0
root@d031fe5152e4:~# su ernie
ernie@d031fe5152e4:/root$ cd
ernie@d031fe5152e4:~$ ls -all
total 20
drwxr-xr-x 2 root  root 4096 Aug 19 04:16 .
drwxr-xr-x 1 root  root       4096 Aug 19 04:16 ..
-rw-r--r-- 1 root  root  220 Apr 23 21:23 .bash_logout
-rw-r--r-- 1 root  root 3526 Apr 23 21:23 .bashrc
-rw-r--r-- 1 root  root  807 Apr 23 21:23 .profile
ernie@d031fe5152e4:~$

The ernie home directory (i.e. /home/ernie) is still owned by root for some reason, which should not be the case, should it?

I have tried it on a couple of machines with the same result. Strangely enough previously installed ubuntu_22.04 VMs work as expected.

I also tried throwing RUN chown -R ernie:ernie /home/ernie into the Dockerfile for good measure, but to no avail.

Am I doing something terribly wrong here? Has someone experienced anything similar as of recent?

Thanks.

Improve this question

1 Answer 1

Reset to default
0

There seems to be a particular bug, whereby a tar archive created by a docker export command is missing ownership information (all files are owned by root). If this archive is then used to recreate a filesystem for unprivileged processes (like via docker import or just unpacking it and chrooting), they can fail with a permission denied error or in some other ways.

This bug happens when a package is built with Go older than 1.19: this version of Go introduced a unix build tag that is used by upstream to determine if it should add UNIX-specific attributes into an archive. Older Go versions silently ignore this source code, and the result is missing UIDs and GIDs in tar archives.

https://bugs.launchpad.net/ubuntu/+source/docker.io-app/+bug/2029523.

Improve this answer
0

You must log in to answer this question.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.