Wrong files ownership in Dockerfile COPY

https://github.com/temporalio/docker-builds/blob/aced315717db95f3e79352d107680f68632ee07a/server.Dockerfile#L17-L18 these instructions are changing the `/etc/temporal/config` ownership to `temporal` user.


Afterwards, https://github.com/temporalio/docker-builds/blob/aced315717db95f3e79352d107680f68632ee07a/server.Dockerfile#L31C50-L31C71 are adding some files to `/etc/temporal/config`. Given how COPY works in Dockerfile, the `root` user will be the owner of this file unless explicitly defined with `COPY --chown=temporal:temporal .......`


***How it affects us?***

We are running Temporal in ECS and want to inject some dynamic configs in `/etc/temporal/config/dynamicconfig/docker.yaml` during startup time. 

```json
      "entryPoint": [
        "/bin/bash",
        "-c"
      ],
      "command": [
        "echo \"frontend.keepAliveMaxConnectionAge:\n  - value: 0\n    constraints: {}\" > /etc/temporal/config/dynamicconfig/docker.yaml && /etc/temporal/entrypoint.sh"
      ],
```

Unfortunately this returns Permission Denied unless we run the ECS Task with `root` user, and this is something we want to avoid if possible :) 

***Proposed changes***

Either run the following command [RUN chown -R temporal:temporal /etc/temporal/config](https://github.com/temporalio/docker-builds/blob/aced315717db95f3e79352d107680f68632ee07a/server.Dockerfile#L17) after the COPY commands, or simply do the COPY with the `COPY --chown=temporal:temporal .......`.

What do you think?

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Wrong files ownership in Dockerfile COPY #282

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

	RUN chown -R temporal:temporal /etc/temporal/config
	USER temporal

Wrong files ownership in Dockerfile COPY #282

Description

Metadata

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Issue actions