I am building a Podman image for Openshift, and have an issue with permissions.
Following this guide, and because Openshift assigns a random UID and a GID "0" when running containers, I try to chmod the /etc/passwd to be writable by its group and add my Openshift user in it at runtime; but it seems that I can't always chmod that /etc/passwd file.
Minimal Dockerfile:
FROM ubuntu:20.04
USER root
RUN ls -l /etc/passwd
RUN chmod g+w /etc/passwd
RUN ls -l /etc/passwd
When building (sudo podman build . -t test-image), I see the correct rights on /etc/passwd:
STEP 1: FROM ubuntu:20.04
STEP 2: USER root
--> Using cache 2cb48e4f8eed907e057017011e20ddc47ec8f152bb7afe34ecf6be23413cd08b
STEP 3: RUN ls -l /etc/passwd
-rw-r--r--. 1 root root 926 Sep 21 16:48 /etc/passwd
^
^
^
79f60398d64ece1b413fd904681ad5fd0725bae4b283abce7b7a9ea017d4ebe7
STEP 4: RUN chmod g+w /etc/passwd
6ed13401ab693dbc362ec90b9c3767c1cd2244074ca4e92bd1b31b72b3e80868
STEP 5: RUN ls -l /etc/passwd
-rw-rw-r--. 1 root root 926 Sep 21 16:48 /etc/passwd
^
^
^
STEP 6: COMMIT test
d667b2c05818b5af3c9db85a5e7179c8e7b1c21281e31c34a871e97268716f39
When I run my container with root user, no issue:
[user@server]$ sudo podman run -it test-image /bin/bash
root@295ab7b72a4d:/# ls -l /etc/passwd
-rw-rw-r--. 1 root root 926 Sep 21 16:48 /etc/passwd
^
^
^
But when I run with a random user, /etc/passwd rights aren't changed anymore...
[user@server]$ sudo podman run -it -u 1000701200:0 test-image /bin/bash
1000701200@a63d9bf9f53a:/$ ls -l /etc/passwd
-rw-r--r--. 1 root root 977 Oct 19 08:51 /etc/passwd
^
^
^
Why do the rights on /etc/passwd depend on the user who run the container?
Thanks in advance.
EDIT 1: This is not the case with a random file I create, it works as expected. So there is something special about the /etc/passwd file.
The podman version was at cause - updating to 3.x version solved the issue.