Description
When using configs: to inject a file from within Docker Compose, the file permissions become 440 instead of 444 as expected by the documentation here: https://docs.docker.com/reference/compose-file/services/#configs
Steps To Reproduce
Create a compose file with some container and the following:
configs:
- source: init-mongo.js
target: /docker-entrypoint-initdb.d/init-mongo.js
Observe that the permissions are not "world readable" as per the defaults described in the docs.
docker exec -it my_container bash
root@0104be4681ac:/# ls -la /docker-entrypoint-initdb.d/
total 12
drwxr-xr-x 1 root root 4096 Apr 29 23:08 .
drwxr-xr-x 1 root root 4096 Apr 29 23:08 ..
-r--r----- 1 root root 238 Apr 29 23:08 init-mongo.js
root@0104be4681ac:/#
Explicitly set the file permissions with the 'mode' keyword. Then observe that the permissions are as configured.
configs:
- source: init-mongo.js
target: /docker-entrypoint-initdb.d/init-mongo.js
mode: 0444
docker exec -it my_container bash
root@3f3c2d84cb04:/# ls -la /docker-entrypoint-initdb.d/
total 12
drwxr-xr-x 1 root root 4096 Apr 29 23:11 .
drwxr-xr-x 1 root root 4096 Apr 29 23:11 ..
-r--r--r-- 1 root root 238 Apr 29 23:11 init-mongo.js
root@3f3c2d84cb04:/#
Observed on Docker Compose version v2.34.0 on Ubuntu22
Ran into the issue when with the MongoDB container/service in this compose file (which seems to rely on the default permissions being 0444 as per the documentation): https://github.com/GiuseppeGalilei/Unifi-Network-Application/blob/main/Unifi%20network%20Application%20-%20Generic/docker-compose.yml
Compose Version
Docker Compose version v2.34.0
Docker Environment
Client: Docker Engine - Community
Version: 28.0.4
Context: default
Debug Mode: false
Plugins:
buildx: Docker Buildx (Docker Inc.)
Version: v0.22.0
Path: /usr/libexec/docker/cli-plugins/docker-buildx
compose: Docker Compose (Docker Inc.)
Version: v2.34.0
Path: /usr/libexec/docker/cli-plugins/docker-compose
scan: Docker Scan (Docker Inc.)
Version: v0.23.0
Path: /usr/libexec/docker/cli-plugins/docker-scan
Server:
Containers: 8
Running: 8
Paused: 0
Stopped: 0
Images: 12
Server Version: 28.0.4
Storage Driver: overlay2
Backing Filesystem: extfs
Supports d_type: true
Using metacopy: false
Native Overlay Diff: true
userxattr: false
Logging Driver: json-file
Cgroup Driver: systemd
Cgroup Version: 2
Plugins:
Volume: local
Network: bridge host ipvlan macvlan null overlay
Log: awslogs fluentd gcplogs gelf journald json-file local splunk syslog
Swarm: inactive
Runtimes: io.containerd.runc.v2 runc
Default Runtime: runc
Init Binary: docker-init
containerd version: 753481ec61c7c8955a23d6ff7bc8e4daed455734
runc version: v1.2.5-0-g59923ef
init version: de40ad0
Security Options:
apparmor
seccomp
Profile: builtin
cgroupns
Kernel Version: 5.15.0-135-generic
Operating System: Ubuntu 22.04.5 LTS
OSType: linux
Architecture: x86_64
CPUs: 4
Total Memory: 3.82GiB
Name: ubuntua22
ID: 6Y7Q:D2IL:YIVU:LMJR:ZAAT:TJNV:OPKW:IQXC:GRTJ:JBI2:ZLVS:C3NA
Docker Root Dir: /var/lib/docker
Debug Mode: false
Experimental: true
Insecure Registries:
::1/128
127.0.0.0/8
Live Restore Enabled: false
Anything else?
No response
Description
When using
configs:to inject a file from within Docker Compose, the file permissions become 440 instead of 444 as expected by the documentation here: https://docs.docker.com/reference/compose-file/services/#configsSteps To Reproduce
Create a compose file with some container and the following:
Observe that the permissions are not "world readable" as per the defaults described in the docs.
Explicitly set the file permissions with the 'mode' keyword. Then observe that the permissions are as configured.
Observed on
Docker Compose version v2.34.0on Ubuntu22Ran into the issue when with the MongoDB container/service in this compose file (which seems to rely on the default permissions being 0444 as per the documentation): https://github.com/GiuseppeGalilei/Unifi-Network-Application/blob/main/Unifi%20network%20Application%20-%20Generic/docker-compose.yml
Compose Version
Docker Environment
Anything else?
No response