如何以非root用户身份运行docker镜像?
[英]How to run docker image as a non-root user?
问题描述
I'm new to docker.
我是码头工人的新手。 When I run a docker images like ubuntu image by using the command,当我使用命令运行像 ubuntu 镜像这样的 docker 镜像时,
sudo docker run -i -t ubuntu:14.04
By default, it is entering into the container as root like this.默认情况下,它像这样以 root 身份进入容器。
I searched regarding this, but I couldn't get any of how to start a docker image as a non root user as I'm completely a starter for this topic.我对此进行了搜索,但我无法以非 root 用户身份启动 docker 映像,因为我完全是该主题的初学者。
It would be great if someone explains with an example of how to run a docker image as a non root user.如果有人举例说明如何以非 root 用户身份运行 docker 镜像,那就太好了。
4 个解决方案
解决方案1
22 已采纳 2015-04-27 09:27:25
the docker run command has the -u parameter to allow you to specify a different user. docker run命令具有-u参数,允许您指定不同的用户。 In your case, and assuming you have a user named foo in your docker image , you could run:在您的情况下,假设您的 docker image 中有一个名为foo的用户,您可以运行:
sudo docker run -i -t -u foo ubuntu:14.04 /bin/bash
NOTE: The -u parameter is the equivalent of the USER instruction for Dockerfile.注意: -u参数等效于 Dockerfile 的USER指令。
解决方案2
1 2017-10-17 20:42:42
This is admittedly hacky, but good for those quick little containers you start just to test something quickly:这无疑是 hacky,但对于那些你开始只是为了快速测试一些东西的快速小容器有好处:
#!/bin/bash
set -eu
NAME=$1
IMG=$2
#UID=$(id -u)
USER=$(id -un)
GID=$(id -g)
GROUP=$(id -gn)
docker run -d -v /tmp:/tmp -v "/home/$USER:/home/$USER" -h "$NAME" --name "$NAME" "$IMG" /bin/bash
docker exec "$NAME" /bin/bash -c "groupadd -g $GID $GROUP && useradd -M -s /bin/bash -g $GID -u $UID $USER"
Full version of the script I use here:我在这里使用的脚本的完整版本:
https://github.com/ericcurtin/staging/blob/master/d-run https://github.com/ericcurtin/staging/blob/master/d-run
解决方案3
1 2021-01-14 12:42:23
udocker is a basic variant of docker which runs in user space: udocker是docker的一个基本变体,它在用户空间运行:
udocker is a basic user tool to execute simple docker containers in user space without requiring root privileges.
解决方案4
-1 2016-05-31 13:29:33
It is not advisable to allow running docker without sudo as Docker has no auditing or logging built in, while sudo does.不建议在没有 sudo 的情况下运行 docker,因为 Docker 没有内置的审计或日志记录,而 sudo 有。 If you want to give docker access to non-root users Red Hat recommends setting up sudo.如果您想为非 root 用户授予 docker 访问权限,Red Hat 建议设置 sudo。 Add an entry like the following to /etc/sudoers.将如下所示的条目添加到 /etc/sudoers.conf 中。
dwalsh ALL=(ALL) NOPASSWD: /usr/bin/docker
Now, set up an alias in ~/.bashrc for running the docker command:现在,在 ~/.bashrc 中设置一个别名来运行 docker 命令:
alias docker="sudo /usr/bin/docker"
Now when the user executes the docker command as non-root it will be allowed and get proper logging.现在,当用户以非 root 身份执行 docker 命令时,它将被允许并获得正确的日志记录。
docker run -ti --privileged -v /:/host fedora chroot /host
Look at the journal or /var/log/messages.查看日志或 /var/log/messages。
journalctl -b | grep docker.*privileged
Aug 04 09:02:56 dhcp-10-19-62-196.boston.devel.redhat.com sudo[23422]: dwalsh : TTY=pts/3 ; PWD=/home/dwalsh/docker/src/github.com/docker/docker ; USER=root ; COMMAND=/usr/bin/docker run -ti --privileged -v /:/host fedora chroot /host
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.