I am using Docker 1.4.1 on Ubuntu 14.04.1 LTS with kernel 3.13.0-4.
Consider the following Dockerfile
FROM debian:wheezy
VOLUME /var/myvol
ADD foo /var/myvol/foo
RUN useradd nonroot \
&& chown -R nonroot:nonroot /var/myvol/ \
&& ls -al /var/myvol
USER nonroot
RUN ls -al /var/myvol && rm /var/myvol/foo && ls -al /var/myvol
and build it with
touch foo
docker build -t test .
then the resulting result
Step 0 : FROM debian:wheezy
---> c90d655b99b2
Step 1 : VOLUME /var/myvol
---> Running in d3bc83df9451
---> b860e18186d8
Removing intermediate container d3bc83df9451
Step 2 : ADD foo /var/myvol/foo
---> aded36dba841
Removing intermediate container db5dd1b08958
Step 3 : RUN useradd nonroot && chown -R nonroot:nonroot /var/myvol/ && ls -al /var/myvol
---> Running in 148941cb7858
total 8
drwxr-xr-x 2 nonroot nonroot 4096 Feb 6 09:55 .
drwxr-xr-x 13 root root 4096 Feb 6 09:55 ..
-rw-rw-r-- 1 nonroot nonroot 0 Feb 6 09:30 foo
---> 144e4ff90439
Removing intermediate container 148941cb7858
Step 4 : USER nonroot
---> Running in 924f317b6718
---> 345c1586c69f
Removing intermediate container 924f317b6718
Step 5 : RUN ls -al /var/myvol && rm /var/myvol/foo && ls -al /var/myvol
---> Running in 16c8c2349f27
total 8
drwxr-xr-x 2 root root 4096 Feb 6 09:55 .
drwxr-xr-x 13 root root 4096 Feb 6 09:55 ..
-rw-rw-r-- 1 root root 0 Feb 6 09:30 foo
rm: cannot remove `/var/myvol/foo': Permission denied
INFO[0000] The command [/bin/sh -c ls -al /var/myvol && rm /var/myvol/foo && ls -al /var/myvol] returned a non-zero code: 1
If I replaced the VOLUME line with the comments below, it works fine. What is really strange is the conclusion ls -al: while the first says that the owner was an enemy, the second displays the owner as root, so the command chownseems to be somehow dropped or permissions are reset after switching to a new user.
I understand the exact volumes of Docker? Is only root allowed to work with them, or could it be a bug that I should report?
[change]
. root ( root), , .