Search code examples

Why does chown increase size of docker image?

I can't understand why the 'chown' command should increase the size of my docker image?

The following Dockerfile creates an image of size 5.3MB:

FROM alpine:edge
RUN adduser example -D -h /example -s /bin/sh

This example however creates an image of size 8.7MB:

FROM alpine:edge
RUN adduser example -D -h /example -s /bin/sh && \
    chown -R example.example /lib


Note: My actual dockerfile is of course much longer than this example and therefore the increase in image size is also quite larger. That's why I even care..


  • Every step in a Dockerfile generates a new intermediate image, or "layer", consisting of anything that changed on the filesystem from the previous layer. A docker image consists of a collection of layers that are applied one on top of another to create the final filesystem.

    If you have:

    RUN adduser example -D -h /example -s /bin/sh

    Then you are probably changing nothing other than a few files in /etc (/etc/passwd, /etc/group, and their shadow equivalents).

    If you have:

    RUN adduser example -D -h /example -s /bin/sh && \
        chown -R example.example /lib

    Then the list of things that have changed includes, recursively, everything in /lib, which is potentially larger. In fact, in my alpine:edge container, it looks like the contents of /lib is 3.4MB:

    / # du -sh /lib
    3.4M    /lib

    Which exactly accounts for the change in image size in your example.


    Using your actual Dockerfile, with the npm install ... line commented out, I don't see any difference in the final image size whether or not the adduser and chown commands are run. Given:

    RUN echo "" > /etc/apk/repositories && \
        echo "" >> /etc/apk/repositories && \
        apk add -U wget iojs && \
        apk upgrade && \
        wget -q --no-check-certificate -O /tmp/ && \
        unzip -q /tmp/ -d /ghost && \
        cd /ghost && \
    #    npm install --production && \
        sed 's/' /ghost/config.example.js > /ghost/config.js && \
        sed -i 's/"iojs": "~1.2.0"/"iojs": "~1.6.4"/' package.json && \
    #   adduser ghost -D -h /ghost -s /bin/sh && \
    #   chown -R ghost.ghost * && \
        npm cache clean && \
        rm -rf /var/cache/apk/* /tmp/*

    I get:

    $ docker build -t sotest .
    Successfully built 058d9f41988a
    $ docker inspect -f '{{.VirtualSize}}' 058d9f41988a

    Whereas given:

    RUN echo "" > /etc/apk/repositories && \
        echo "" >> /etc/apk/repositories && \
        apk add -U wget iojs && \
        apk upgrade && \
        wget -q --no-check-certificate -O /tmp/ && \
        unzip -q /tmp/ -d /ghost && \
        cd /ghost && \
    #    npm install --production && \
        sed 's/' /ghost/config.example.js > /ghost/config.js && \
        sed -i 's/"iojs": "~1.2.0"/"iojs": "~1.6.4"/' package.json && \
        adduser ghost -D -h /ghost -s /bin/sh && \
        chown -R ghost.ghost * && \
        npm cache clean && \
        rm -rf /var/cache/apk/* /tmp/*

    I get:

    $ docker build -t sotest .
    Successfully built 696b481c5790
    $ docker inspect -f '{{.VirtualSize}}' 696b481c5790

    That is, the two images are approximately the same size (the difference is around 5 Kb).

    I would of course expect the resulting image to be larger if the npm install command could run successfully (because that would install additional files).