Creating a container image using maven plugin:

mvn spring-boot:build-image

When running the image:

  • On Spring-Boot versions up to 3.1 the uid for the user cnb is 1000 and the permissions of the contents of/workspace are set to 1000:1000 as well. This gives the application the ability to create directories and files under /workspace.
  • On Spring-Boot versions from 3.2 the uid for the user cnb is 1002 and the permissions of the contents of/workspace are set to 1001:1000 as well. This introduces permission issues for everything that tries to create directories or files in /workspace.

Example for 3.1:

podman exec -it spring-boot-test2 /bin/bash
cnb@87bb7a858346:/workspace$ id
uid=1000(cnb) gid=1000(cnb) groups=1000(cnb)
cnb@87bb7a858346:/workspace$ ls -l
total 0
drwxr-xr-x. 1 cnb cnb 60 Jan  1  1980 BOOT-INF
drwxr-xr-x. 3 cnb cnb 38 Jan  1  1980 META-INF
drwxr-xr-x. 3 cnb cnb 29 Jan  1  1980 org
cnb@87bb7a858346:/workspace$ cat META-INF/MANIFEST.MF
Manifest-Version: 1.0
Created-By: Maven JAR Plugin 3.3.0
Build-Jdk-Spec: 17
Implementation-Title: spring-boot-test
Implementation-Version: 0.0.1-SNAPSHOT
Main-Class: org.springframework.boot.loader.JarLauncher
Start-Class: com.iqvia.springboottest.SpringBootTestApplication
Spring-Boot-Version: 3.1.1
Spring-Boot-Classes: BOOT-INF/classes/
Spring-Boot-Lib: BOOT-INF/lib/
Spring-Boot-Classpath-Index: BOOT-INF/classpath.idx
Spring-Boot-Layers-Index: BOOT-INF/layers.idx

Example for 3.2 (also reproduced with other minor versions including the current version):

podman exec -it spring-boot-test /bin/bash
cnb@02648059ad49:/workspace$ id
uid=1002(cnb) gid=1000(cnb) groups=1000(cnb)
cnb@02648059ad49:/workspace$ ls -l
total 0
drwxr-xr-x. 1 1001 cnb 60 Jan  1  1980 BOOT-INF
drwxr-xr-x. 4 1001 cnb 54 Jan  1  1980 META-INF
drwxr-xr-x. 3 1001 cnb 29 Jan  1  1980 org
cnb@02648059ad49:/workspace$ cat META-INF/MANIFEST.MF
Manifest-Version: 1.0
Created-By: Maven JAR Plugin 3.3.0
Build-Jdk-Spec: 17
Implementation-Title: spring-boot-test
Implementation-Version: 0.0.1-SNAPSHOT
Main-Class: org.springframework.boot.loader.launch.JarLauncher
Start-Class: com.lexi.springboottest.SpringBootTestApplication
Spring-Boot-Version: 3.2.1
Spring-Boot-Classes: BOOT-INF/classes/
Spring-Boot-Lib: BOOT-INF/lib/
Spring-Boot-Classpath-Index: BOOT-INF/classpath.idx
Spring-Boot-Layers-Index: BOOT-INF/layers.idx

Comment From: wilkinsona

This is out of Spring Boot's control. The ownership and permissions of the /workspace directory are governed by the stack that's used by the builder when creating the image. See https://paketo.io/docs/concepts/stacks/#what-security-and-hardening-features-do-paketo-stacks-offer to learn more. It has changed as buildpacks have moved to a Jammy-based stack.