ubuntudockerfileuid

Can't cp or write or install in ubuntu docker container

Team, how can i make jenkins a privilege user?

I wrote a dockerfile and successfully built an image but after running a container and I exec in, I cannot run any write command and get Permission denied. so does it imply the user that i added in end jenkins is lacking permissions? if yes, how would I give it proper write permissions? I want jenkins user to be able to have write permissions.

Dockerfile

FROM ubuntu:20.04
USER root
ENV DEBIAN_FRONTEND=noninteractive
RUN apt-get update && apt-get install -y --no-install-recommends \
  adduser \
  build-essential \
  ca-certificates \
  curl \
  dnsutils \
  g++ \
  gcc \
  git \
  openjdk-11-jdk-headless \
  python \
  python-dev \
  python-pkg-resources \
  python-setuptools \
  python3 \
  python3-dev \
  python3-pip \
  python3-pkg-resources \
  python3-setuptools \
  software-properties-common \
  unzip \
  wget \
  zip \
  zlib1g-dev \
  && rm -rf /var/lib/apt/lists/* && apt-get clean
RUN addgroup --gid 99 fss
RUN adduser --uid 99 --gid 99 fss
RUN useradd -ms /bin/bash jenkins
WORKDIR /home/jenkins

shell

#!/bin/bash
set -v -e -o pipefail
whoami
cp src/jenkins/ci/sonar-scanner.properties /opt/sonar-scanner/conf/sonar-scanner.properties

container log when I ran above script inside container that started with jenkins.

+whoami
jenkins
+cp src/jenkins/ci/sonar-scanner.properties /opt/sonar-scanner/conf/sonar-scanner.properties
cp: cannot create regular file '/opt/sonar-scanner/conf/sonar-scanner.properties': Permission denied
Solution

  • You dont have a "CMD", so to run the container you are specifying that with docker run or in your docker-compose.yaml. Maybe also the current user in your container.

    Your error is a permission problem.

    Execute:

    whoami

    inside the container.

    See which user is running. Maybe you are setting somewhere "jenkins" as user and this has not the sufficient permissions on the folder.

    Update:

    To perform operations in the Dockerfile you can do like so:

    FROM ....
....
USER root
apt update
apt install xxx yyy -y
# if you dont need root access anymore put user jenkins again

USER jenkins

CMD ......

    Dont run the container as root in production