Docker卷的权限问题
[英]Permissions issue with Docker volumes
问题描述
I want to start using Docker for my Rails development, so I'm trying to put together a skeleton I can use for all my apps. 
我想开始使用Docker进行我的Rails开发,所以我试图整理一个我可以用于所有应用程序的框架 。
However, I've run into an issue with Docker volumes and permissions. 但是,我遇到了Docker卷和权限的问题。
I want to bind-mount the app's directory into the container, so that any changes get propagated to the container without the need to re-build it. 我想将应用程序的目录绑定到容器中,以便将任何更改传播到容器而无需重新构建它。
But if I define it as a volume in my docker-compose.yml , I can't chown the directory anymore. 但是,如果我把它定义为在我的体积docker-compose.yml ,我不能chown了目录。 I need the directory and all its contents to be owned by the app user in order for Passenger to work correctly. 我需要app用户拥有该目录及其所有内容,以便Passenger正常工作。
I read that it's not possible to chown volumes. 我读到这是不可能chown卷。
Do you know of any workarounds? 你知道任何变通方法吗?
2 个解决方案
解决方案1
4 2015-07-29 17:48:54
You could try to run the chown instead by CMD . 您可以尝试通过CMD运行chown 。 Like: 喜欢:
CMD chown -R app:app /home/app/webapp && /sbin/my_init
RUN statements are only executed during built time of your image. RUN语句仅在映像的构建时间内执行。 But there you do not have mounted volumes, yet. 但是你还没有安装卷。
CMD instead is executed during runtime of the container when the volumes are mounted already. 当卷已经安装时, CMD代替在容器的运行时期间执行。 So that would have the effect that you want. 这样会产生你想要的效果。
解决方案2
3 已采纳 2015-07-29 18:58:11
I use a hacky solution to manage this problem for my development environments. 我使用hacky解决方案来管理我的开发环境中的这个问题。 To use on development environments only ! 仅在开发环境中使用 !
The images I use for development environments contain a script that looks like this: 我用于开发环境的图像包含一个如下所示的脚本:
#!/bin/sh
# In usr/local/bin/change-dev-id
# Change the "dev" user UID and GID
# Retrieve new ids to apply
NEWUID=$1
NEWGID=$1
if [ $# -eq 2 ]
then
NEWGID=$2
elif [ $# -ne 1 ]
then
echo "Usage: change-dev-id NEWUID [NEWGID]"
echo "If NEWGID is not provided, its value will be the same as NEWUID"
exit 1
fi
# Retrieve old ids
OLDUID=`id -u dev`
OLDGID=`id -g dev`
# Change the user ids
usermod -u ${NEWUID} dev
groupmod -g ${NEWGID} dev
# Change the files ownership
find / -not \( -path /proc -prune \) -user ${OLDUID} -exec chown -h ${NEWUID} {} \;
find / -not \( -path /proc -prune \) -group ${OLDGID} -exec chgrp -h ${NEWGID} {} \;
echo "UID and GID changed from ${OLDUID}:${OLDGID} to ${NEWUID}:${NEWGID} for \"dev\""
exit 0
In the Dockerfile of my base image, I add it and make it executable: 在我的基本映像的Dockerfile中,我添加它并使其可执行:
# Add a script to modify the dev user UID / GID
COPY change-dev-id /usr/local/bin/change-dev-id
RUN chmod +x /usr/local/bin/change-dev-id
Then, instead of changing the owner of the mounted folder, I change the ID of the container's user to match the ID of my user on the host machine: 然后,我不是更改已安装文件夹的所有者,而是更改容器用户的ID以匹配主机上用户的ID:
# In the Dockerfile of the project's development environment, change the ID of
# the user that must own the files in the volume so that it match the ID of
# the user on the host
RUN change-dev-id 1234
This is very hacky but it can be very convenient. 这非常hacky但它可以非常方便。 I can own the files of the project on my machine while the user in the container has the correct permissions too. 我可以在我的机器上拥有项目的文件,而容器中的用户也具有正确的权限。
You can update the code of the script to use the username you want (mine is always "dev") or modify it to pass the username as an argument. 您可以更新脚本的代码以使用您想要的用户名(我的总是“dev”)或修改它以将用户名作为参数传递。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.