I've hit a wall on trying to user the COPY command in a dockerfile. When building with --privileged, it's not a problem, but that switch is not viable from a security standpoint. Here's what's happening:
- List the files on the host -> they all show as user123
- Show user name and uid/gid in the container -> they all correspond to user123
- Issue a COPY inside the container
- List the files inside the container -> they all show as root
For the last item above, I would like the files to show as user123.
I've tried/confirmed the following:
- Create and set the userid/groupid in the dockerfile using groupadd/useradd/USER
- Set USER in docker file by name
- Set USER in docker file by id's
- Pass in uid/gid from host to dockerfile via ARGS
- chown the files after the COPY -> access denied
- Confirmed host user is a member of the docker group
I've also tried COPY --chown in the dockerfile, but that option isn't available because the docker server version is stuck in the stone ages (1.13).
To state the obvious, this is occurring during a docker build.
