Docker 撰写文件所有权
Docker compose file ownership
我用 Docker Compose 创建了 Django 项目:
Docker文件
FROM python:2.7
ENV PYTHONUNBUFFERED 1
RUN mkdir /code
WORKDIR /code
ADD . /code/
RUN pip install -r requirements.txt
WORKDIR /code/example
ENTRYPOINT ["python", "manage.py"]
docker-compose.yml
postgres:
image: postgres
ports:
- '5432:5432'
django-project:
build: .
command: runserver 0.0.0.0:8000
volumes:
- .:/code
ports:
- '8000:8000'
links:
- postgres
效果很好。
但是通过容器 'django-project' 创建的所有新文件都有 root 所有者和组。
我尝试在容器 django-project 的 Compose 配置中添加 user: user。
但是出现异常 User user not found.
我尝试在容器中添加 user,代码为:
ENV HOME_USER user
ENV HOME_PASS password
RUN useradd -m -s /bin/bash ${HOME_USER} && \
echo "${HOME_USER}:${HOME_PASS}"|chpasswd && \
adduser ${HOME_USER} sudo && \
echo ${HOME_USER}' ALL=(ALL) NOPASSWD: ALL' >> /etc/sudoers
但异常仍然存在。
我如何为将通过 docker 容器创建的所有新文件应用非 root 所有权?
如果您的 useradd 有效,那么最后一块拼图是在构建容器时切换到 Dockerfile 中的该用户以 运行 特定命令:
https://docs.docker.com/engine/reference/builder/#user
请注意,在 docker-compose.yml 中指定 user: user 只会影响启动容器时的最终进程 运行(即 ENTRYPOINT 或 CMD)
https://docs.docker.com/engine/reference/run/#user
所以你需要:
FROM python:2.7
ENV PYTHONUNBUFFERED 1
ENV HOME_USER user
ENV HOME_PASS password
RUN useradd -m -s /bin/bash ${HOME_USER} && \
echo "${HOME_USER}:${HOME_PASS}"|chpasswd && \
adduser ${HOME_USER} sudo && \
echo ${HOME_USER}' ALL=(ALL) NOPASSWD: ALL' >> /etc/sudoers
USER user
RUN mkdir /code
WORKDIR /code
ADD . /code/
RUN pip install -r requirements.txt
WORKDIR /code/example
ENTRYPOINT ["python", "manage.py"]
或者,您可以 运行 作为 root 用户的所有内容,但 chown 所有文件作为 Dockerfile 中的 RUN 步骤:
FROM python:2.7
ENV PYTHONUNBUFFERED 1
ENV HOME_USER user
ENV HOME_PASS password
RUN useradd -m -s /bin/bash ${HOME_USER} && \
echo "${HOME_USER}:${HOME_PASS}"|chpasswd && \
adduser ${HOME_USER} sudo && \
echo ${HOME_USER}' ALL=(ALL) NOPASSWD: ALL' >> /etc/sudoers
RUN mkdir /code
WORKDIR /code
ADD . /code/
RUN chown -R user /code
RUN pip install -r requirements.txt
WORKDIR /code/example
ENTRYPOINT ["python", "manage.py"]
我用 Docker Compose 创建了 Django 项目:
Docker文件
FROM python:2.7
ENV PYTHONUNBUFFERED 1
RUN mkdir /code
WORKDIR /code
ADD . /code/
RUN pip install -r requirements.txt
WORKDIR /code/example
ENTRYPOINT ["python", "manage.py"]
docker-compose.yml
postgres:
image: postgres
ports:
- '5432:5432'
django-project:
build: .
command: runserver 0.0.0.0:8000
volumes:
- .:/code
ports:
- '8000:8000'
links:
- postgres
效果很好。 但是通过容器 'django-project' 创建的所有新文件都有 root 所有者和组。
我尝试在容器 django-project 的 Compose 配置中添加 user: user。
但是出现异常 User user not found.
我尝试在容器中添加 user,代码为:
ENV HOME_USER user
ENV HOME_PASS password
RUN useradd -m -s /bin/bash ${HOME_USER} && \
echo "${HOME_USER}:${HOME_PASS}"|chpasswd && \
adduser ${HOME_USER} sudo && \
echo ${HOME_USER}' ALL=(ALL) NOPASSWD: ALL' >> /etc/sudoers
但异常仍然存在。
我如何为将通过 docker 容器创建的所有新文件应用非 root 所有权?
如果您的 useradd 有效,那么最后一块拼图是在构建容器时切换到 Dockerfile 中的该用户以 运行 特定命令:
https://docs.docker.com/engine/reference/builder/#user
请注意,在 docker-compose.yml 中指定 user: user 只会影响启动容器时的最终进程 运行(即 ENTRYPOINT 或 CMD)
https://docs.docker.com/engine/reference/run/#user
所以你需要:
FROM python:2.7
ENV PYTHONUNBUFFERED 1
ENV HOME_USER user
ENV HOME_PASS password
RUN useradd -m -s /bin/bash ${HOME_USER} && \
echo "${HOME_USER}:${HOME_PASS}"|chpasswd && \
adduser ${HOME_USER} sudo && \
echo ${HOME_USER}' ALL=(ALL) NOPASSWD: ALL' >> /etc/sudoers
USER user
RUN mkdir /code
WORKDIR /code
ADD . /code/
RUN pip install -r requirements.txt
WORKDIR /code/example
ENTRYPOINT ["python", "manage.py"]
或者,您可以 运行 作为 root 用户的所有内容,但 chown 所有文件作为 Dockerfile 中的 RUN 步骤:
FROM python:2.7
ENV PYTHONUNBUFFERED 1
ENV HOME_USER user
ENV HOME_PASS password
RUN useradd -m -s /bin/bash ${HOME_USER} && \
echo "${HOME_USER}:${HOME_PASS}"|chpasswd && \
adduser ${HOME_USER} sudo && \
echo ${HOME_USER}' ALL=(ALL) NOPASSWD: ALL' >> /etc/sudoers
RUN mkdir /code
WORKDIR /code
ADD . /code/
RUN chown -R user /code
RUN pip install -r requirements.txt
WORKDIR /code/example
ENTRYPOINT ["python", "manage.py"]