Domino on Linux/Unix, Troubleshooting, Best Practices, Tips and more ...

 
alt

Daniel Nashed

 

Docker cp with permissions and owner change

Daniel Nashed  11 October 2022 08:39:22

By the default the ownership of a file copied into a running container is the owner from the host.
If you are copying a file owned by root, this might not be what you want and you have to be careful when copying files.

Depending on how you want to use the copied file, this ownership isn't what you want.

You can't pass user/group or permissions to the docker cp command.


Changing the owner or mode would need root permissions inside the container.

Containers usually run with an unprivileged application user. For Domino this is
notes:notes with 1000:1000.

You would need to run another command via "docker exec -u 0 ..." to change the file ownership or permissions.

But there is a more convenient way with one command...


Docker copy with tar


There is one additional option for the docker cp command:


You can stream data in tar format into the container ( if the container contains the tar program).

Docker automatically extracts the contents of the file streamed.

This can be helpful specially in test environments where you want to automatically copy data into a just started container.


Below is a sample command line. The interesting part is the dash. The dash for tar means write into stdout.

The dash in the docker command means get the tar data from stdin.


This isn't just a convenient way to copy a single file. It's also helpful for more data you package up via tar.


This example copies a server.id into the server's data directory and sets the required permissions and owner:


tar -cf - server.id --mode u=rw,g=,o= --owner 1000 --group 1000 | docker cp - domino-container:/local/notesdata


The command also works with podman (tested with Podman 4.2.0 and Docker 20.10.18).



Comments
No Comments Found

Links

    Archives


    • [IBM Lotus Domino]
    • [Domino on Linux]
    • [Nash!Com]
    • [Daniel Nashed]