I am looking that during the docker build of my docker image the jar packages downloaded can't be used by the defined USER since these have root proprietary
The weird thing is that I put USER before to download all jars file, so I thought that this command was performed as USER 65534 than root.
FROM myimage:1.0
USER 65534
ADD [ \
"https://repo1.maven.org/maven2/org/scala-lang/scala-library/2.13.1/scala-library-2.13.1.jar", \
"https://repo1.maven.org/maven2/com/typesafe/akka/akka-actor_2.13/2.6.5/akka-actor_2.13-2.6.5.jar", \
"https://repo1.maven.org/maven2/com/typesafe/akka/akka-osgi_2.13/2.6.5/akka-osgi_2.13-2.6.5.jar", \
"https://repo1.maven.org/maven2/com/typesafe/akka/akka-slf4j_2.13/2.6.5/akka-slf4j_2.13-2.6.5.jar", \
"https://repo1.maven.org/maven2/com/typesafe/akka/akka-stream_2.13/2.6.5/akka-stream_2.13-2.6.5.jar", \"
/tmp/myfolder/lib/" ]
Then looking inside the container I can see that these packages are root and not usable from the defined USER.
ls -alt
-rw------- 1 root root 2433561 Apr 30 09:09 akka-remote_2.13-2.6.5.jar
-rw------- 1 root root 4665057 Apr 30 09:06 akka-stream_2.13-2.6.5.jar
-rw------- 1 root root 17078 Apr 30 09:05 akka-slf4j_2.13-2.6.5.jar
-rw------- 1 root root 25253 Apr 30 09:04 akka-osgi_2.13-2.6.5.jar
-rw------- 1 root root 3598880 Apr 30 09:02 akka-actor_2.13-2.6.5.jar
what could be the issue?
USER does not affect ADD or COPY, so Docker added chown flags to these commands. You have more info here https://docs.docker.com/engine/reference/builder/#add.
So you can do something like this to change the ownership during ADD or COPY.
ADD [--chown=<user>:<group>] <src>... <dest>
ADD [--chown=<user>:<group>] ["<src>",... "<dest>"]
Also from the docs of USER https://docs.docker.com/engine/reference/builder/#user:
The USER instruction sets the user name (or UID) and optionally the user group (or GID) to use when running the image and for any RUN, CMD and ENTRYPOINT instructions that follow it in the Dockerfile.
So USER is limited to RUN, CMD and ENTRYPOINT instructions.