Setting umask when using docker agent

I am struggeling to get my docker in Jenkins working to set umask 0.
I have created a script as ENTRYPOINT in order to set umask.

#!/bin/bash
umask 0
exec "$@"

The cmake script is running a tool which needs to executed as root, even though the user that initially starts the docker is a normal user.

Because the build files then is owned by root, Jenkins is unable to clean up after build. It does not have the permission to delete these files.

jenkins.util.io.CompositeIOException: Unable to remove directory
/home/build/jenkins/workspace/package_master with directory contents: 
[/home/build/jenkins/workspace/package_master/CMakeFiles]

However the umask is not 0

docker run -t -d -u 1000:100 nexus.company.com:38380/arm/rasbpi-devel:latest cat
docker top f784fc2efca59e89a1474a6f35ac4b9ef8a9b3be6c0af32d286104f28a005753 -eo pid,comm
docker exec --env ********* f784fc2efca59e89a1474a6f35ac4b9ef8a9b3be6c0af32d286104f28a005753 cmake .
docker exec --env ********* f784fc2efca59e89a1474a6f35ac4b9ef8a9b3be6c0af32d286104f28a005753 cmake --build

Why is Jenkins doing docker this way?
Running docker exec for each step.

The Jenkinsfile

pipeline {
  agent {
    docker {
      alwaysPull true
      args "--privileged -u 0 --net=host ${dockerUtility.getProperties()}"
      image 'nexus.company.com:38380/arm/rasbpi-devel:latest'
      label 'docker-agent'
      registryUrl 'https://nexus.company.com:38380/'
    }
  }
  environment {
    PATH = "$PATH:$HOME/.local/bin"
  }
  stages {
    stage('Build') {
      steps {
        echo 'Running Build Stage'
        cmake arguments: '.', installation: 'InSearchPath'
        cmakeBuild installation: 'InSearchPath', steps: [[withCmake: true]]
      }
    }
  }
  post {
    always {
        deleteDir() /* clean up our workspace */
    }
  }
}

according to Code Yarns – How to set umask for Docker container what you are doing should work but search on the net reveals there are some pitfalls on operating systems like MacOS etc.

Unfortunately this is a Docker question and not a Jenkins one.

The problem is it works fine when running docker manually, but when we run it on Jenkins it does not work.

Checking umask when running in Jenkins, the umask is not 0, but with docker run the we get umask 0 inside the container.

There were some significant difference between your pure docker commands above and what was run under Jenkins.

The docker commands I wrote in my OP are those executed by Jenkins. Though I omitted a few -e variables.
I also forgot --privileged -u 0 --net=host to write here.

Here in its entirety

docker run -t -d -u 1000:100 --privileged -u 0 --net=host -e LANG=en_US.UTF-8 -e TZ=Europe/Oslo -e USER=build -e HOME=/home/build -v /home/build/.ssh:/home/build/.ssh:ro -v /home/build/.gitconfig:/home/build/.gitconfig:ro --shm-size=3g --tmpfs /dev/shm:exec -v /home/build/keystore.p12:/home/build/keystore.p12:ro -v DEFAULT:/ccache:rw -e CCACHE_DIR=/ccache -w /home/build/jenkins/workspace/arm-project-os_master -v /home/build/jenkins/workspace/arm-project-os_master:/home/build/jenkins/workspace/arm-project-os_master:rw,z -v /home/build/jenkins/workspace/arm-project-os_master@tmp:/home/build/jenkins/workspace/arm-project-os_master@tmp:rw,z -e ******** -e ******** -e ******** -e ******** -e ******** -e ******** -e ******** -e ******** -e ******** -e ******** -e ******** -e ******** -e ******** -e ******** -e ******** -e ******** -e ******** -e ******** -e ******** -e ******** -e ******** -e ******** -e ******** -e ******** -e ******** -e ******** -e ******** -e ******** -e ******** -e ******** -e ******** -e ******** -e ******** -e ******** -e ******** -e ******** -e ******** -e ******** -e ******** -e ******** -e ******** -e ******** nexus.company.com:38380/arm/rasbpi-devel:latest cat
$ docker top f784fc2efca59e89a1474a6f35ac4b9ef8a9b3be6c0af32d286104f28a005753 -eo pid,comm
ERROR: The container started but didn't run the expected command. Please double check your ENTRYPOINT does execute the command passed as docker run argument, as required by official docker images (see https://github.com/docker-library/official-images#consistency for entrypoint consistency requirements).
Alternatively you can force image entrypoint to be disabled by adding option `--entrypoint=''`.

What does the Jenkins pipeline say if you add a sh "umask" step after echo?

Does this also happens if you run “cmake” inside of “sh” step? This might be a problem with the way CMake plugin launches your cmake. (I don’t use neither docker plugin nor cmakebuilder so I can’t tell…)