File permissions and long startup time
Based on !5 (closed). This MR has been opened to fix review feedback while maintaining the commit authorship to the original contributer.
There are two fixes here. The first sets USER
for herokuish build
so that the files it generates are under the correct user. Otherwise the files are owned by a randomly generated unprivileged user:
Step 5/11 : RUN ls -la /app
---> Running in 8e53243e29bd
total 84
drwxr-xr-x 10 u16271 u16271 4096 May 1 00:46 .
drwxr-xr-x 1 root root 4096 May 1 00:46 ..
-rw-r--r-- 1 u16271 u16271 315 May 1 00:45 Dockerfile
-rw-r--r-- 1 u16271 u16271 52 May 1 00:45 Gemfile
-rw-r--r-- 1 u16271 u16271 150 May 1 00:45 Gemfile.lock
-rw-r--r-- 1 root root 91 May 1 00:46 Procfile
-rw-r--r-- 1 u16271 u16271 79 May 1 00:45 Rakefile
drwxr-xr-x 2 u16271 u16271 4096 May 1 00:46 bin
-rwxr-xr-x 1 u16271 u16271 1085 May 1 00:45 build.sh
drwxr-xr-x 3 u16271 u16271 4096 May 1 00:45 chart
-rw-r--r-- 1 u16271 u16271 121 May 1 00:45 config.ru
drwxr-xr-x 2 u16271 u16271 4096 May 1 00:46 tmp
drwxr-xr-x 5 u16271 u16271 4096 May 1 00:46 vendor
This is probably enough to fix startup times on its own, but it does leave a few files owned by root, Procfile
for example. So for belt and braces when the built files are copied to the final image they are also chown
'd.
Fixes #4 (closed)