docker · ndeloof · Oct 20, 2025 · Oct 20, 2025
@@ -22,7 +22,6 @@ import (
 	"context"
 	"fmt"
 	"strconv"
-	"strings"
 	"time"
 
 	"github.com/compose-spec/compose-go/v2/types"
@@ -46,7 +45,6 @@ func (s *composeService) injectConfigs(ctx context.Context, project *types.Proje
 
 func (s *composeService) injectFileReferences(ctx context.Context, project *types.Project, service types.ServiceConfig, id string, mountType mountType) error {
 	mounts, sources := s.getFilesAndMap(project, service, mountType)
-	var ctrConfig *container.Config
 
 	for _, mount := range mounts {
 		content, err := s.resolveFileContent(project, sources[mount.Source], mountType)
@@ -63,11 +61,6 @@ func (s *composeService) injectFileReferences(ctx context.Context, project *type
 
 		s.setDefaultTarget(&mount, mountType)
 
-		ctrConfig, err = s.setFileOwnership(ctx, id, &mount, ctrConfig)
-		if err != nil {
-			return err
-		}
-
 		if err := s.copyFileToContainer(ctx, id, content, mount); err != nil {
 			return err
 		}
@@ -129,38 +122,14 @@ func (s *composeService) setDefaultTarget(file *types.FileReferenceConfig, mount
 	}
 }
 
-func (s *composeService) setFileOwnership(ctx context.Context, id string, file *types.FileReferenceConfig, ctrConfig *container.Config) (*container.Config, error) {
-	if file.UID != "" || file.GID != "" {
-		return ctrConfig, nil
-	}
-
-	if ctrConfig == nil {
-		ctr, err := s.apiClient().ContainerInspect(ctx, id)
-		if err != nil {
-			return nil, err
-		}
-		ctrConfig = ctr.Config
-	}
-
-	parts := strings.Split(ctrConfig.User, ":")
-	if len(parts) > 0 {
-		file.UID = parts[0]
-	}
-	if len(parts) > 1 {
-		file.GID = parts[1]
-	}
-
-	return ctrConfig, nil
-}
-
 func (s *composeService) copyFileToContainer(ctx context.Context, id, content string, file types.FileReferenceConfig) error {
 	b, err := createTar(content, file)
 	if err != nil {
 		return err
 	}
 
 	return s.apiClient().CopyToContainer(ctx, id, "/", &b, container.CopyToContainerOptions{
-		CopyUIDGID: true,
+		CopyUIDGID: file.UID != "" || file.GID != "",
 	})
 }
 

@@ -14,23 +14,6 @@ services:
         mode: 0440
     command: cat /run/secrets/bar
 
-  bar:
-    image: alpine
-    user: "1005"
-    secrets:
-      - source: secret
-        target: bar
-    command: cat /run/secrets/bar
-
-  zot:
-    image: alpine
-    user: "1005:1005"
-    secrets:
-      - source: secret
-        target: bar
-    command: cat /run/secrets/bar
-
-
 secrets:
   secret:
     environment: SECRET

@@ -17,7 +17,6 @@
 package e2e
 
 import (
-	"strings"
 	"testing"
 
 	"gotest.tools/v3/icmd"
@@ -41,28 +40,6 @@ func TestSecretFromEnv(t *testing.T) {
 			})
 		res.Assert(t, icmd.Expected{Out: "-r--r-----    1 1005     1005"})
 	})
-	t.Run("secret uid from user", func(t *testing.T) {
-		res := c.RunDockerCmd(t, "version", "--format", "{{ .Server.Version }}")
-		if strings.HasPrefix(res.Stdout(), "27.") {
-			t.Skip("USER uid:gid is not supported")
-		}
-		res = icmd.RunCmd(c.NewDockerComposeCmd(t, "-f", "./fixtures/env-secret/compose.yaml", "run", "bar", "ls", "-al", "/var/run/secrets/bar"),
-			func(cmd *icmd.Cmd) {
-				cmd.Env = append(cmd.Env, "SECRET=BAR")
-			})
-		res.Assert(t, icmd.Expected{Out: "-r--r--r--    1 1005     root"})
-	})
-	t.Run("secret uid:gid from user", func(t *testing.T) {
-		res := c.RunDockerCmd(t, "version", "--format", "{{ .Server.Version }}")
-		if strings.HasPrefix(res.Stdout(), "27.") {
-			t.Skip("USER uid:gid is not supported")
-		}
-		res = icmd.RunCmd(c.NewDockerComposeCmd(t, "-f", "./fixtures/env-secret/compose.yaml", "run", "zot", "ls", "-al", "/var/run/secrets/bar"),
-			func(cmd *icmd.Cmd) {
-				cmd.Env = append(cmd.Env, "SECRET=BAR")
-			})
-		res.Assert(t, icmd.Expected{Out: "-r--r--r--    1 1005     1005"})
-	})
 }
 
 func TestSecretFromInclude(t *testing.T) {