Docker builds containers via layers. All commands add another layer to the already existing image.
What does that mean for changing file permissions via
Let’s say we build this image:
FROM frolvlad/alpine-miniconda3:python3.7 AS build ## set working directory WORKDIR /usr/src/app ## copy code COPY ./code /code COPY ./notebooks /notebooks ## add non-root user RUN addgroup --system user && \ adduser --system -G user user && \ chown -R user:user /usr/src/app
After copying the code from the host machine to the container, we switch permissions for the working directory from root to user.
chown command adds another layer to the image without deleting the previous layers.
That means, that the final container image contains both layers. Thus, the size of the container adds the size of both folders: the original working directory for the root user, and the second working directory with permissions for the normal user.
Since Docker 17.09.0-ce(2017-09-26) you can add a flag to the copy command:
This flag avoids the extra layer.