java.io.File.setReadable(false) has no effect inside docker

The documentation of File.canRead() contains a note that its result may be confusing:

public boolean canRead()

Tests whether the application can read the file denoted by this abstract pathname. On some platforms it may be possible to start the Java virtual machine with special privileges that allow it to read files that are marked as unreadable. Consequently this method may return true even though the file does not have read permissions.

Under docker processes usually run as root giving them privileges unseen by regular users.

Proof that root can read files lacking read permission:

$ echo abcd > somefile
$ ls -l somefile 
-rw-rw-r-- 1 leon leon 5 Aug 26 21:43 somefile

$ cat somefile
abcd

$ chmod a-rw somefile 
$ ls -l somefile 
---------- 1 leon leon 5 Aug 26 21:43 somefile

$ cat somefile
cat: somefile: Permission denied

$ sudo cat somefile
abcd

I've seen similar results. Files.getPosixFilePermissions will return the expected values, but Files.isReadable and File canRead will return true when false is "expected"

Adding the userID to the docker command line fixes it for me. Possibly it;s the default user of root that's the issue