docker-builds icon indicating copy to clipboard operation
docker-builds copied to clipboard
verified publisher icon temporalio

Wrong files ownership in Dockerfile COPY

Open adriantaut opened this issue 7 months ago • 0 comments

https://github.com/temporalio/docker-builds/blob/aced315717db95f3e79352d107680f68632ee07a/server.Dockerfile#L17-L18 these instructions are changing the /etc/temporal/config ownership to temporal user.

Afterwards, https://github.com/temporalio/docker-builds/blob/aced315717db95f3e79352d107680f68632ee07a/server.Dockerfile#L31C50-L31C71 are adding some files to /etc/temporal/config. Given how COPY works in Dockerfile, the root user will be the owner of this file unless explicitly defined with COPY --chown=temporal:temporal .......

How it affects us?

We are running Temporal in ECS and want to inject some dynamic configs in /etc/temporal/config/dynamicconfig/docker.yaml during startup time.

      "entryPoint": [
        "/bin/bash",
        "-c"
      ],
      "command": [
        "echo \"frontend.keepAliveMaxConnectionAge:\n  - value: 0\n    constraints: {}\" > /etc/temporal/config/dynamicconfig/docker.yaml && /etc/temporal/entrypoint.sh"
      ],

Unfortunately this returns Permission Denied unless we run the ECS Task with root user, and this is something we want to avoid if possible :)

Proposed changes

Either run the following command RUN chown -R temporal:temporal /etc/temporal/config after the COPY commands, or simply do the COPY with the COPY --chown=temporal:temporal ........

What do you think?

adriantaut avatar Jul 07 '25 07:07 adriantaut