由docker容器写入已装入卷的文件的所有权
[英]ownership of files that are written by the docker container to mounted volume
问题描述
I'm using non-root user on a secured env to run stock DB docker container (elasticsearch). 
我在安全的env上使用非root用户来运行stock DB docker container(elasticsearch)。 Of course - I want the data to be mounted so I won't lose it when the container is destroyed. 当然 - 我希望安装数据,这样当容器被销毁时我不会丢失它。
The problem is that this container writes to that volume with root ownership, and then the host doesn't have permissions to move/rm them. 问题是此容器使用root所有权写入该卷,然后主机无权移动它们。
I know that most docker images use root user from inside, but how can I control the file ownership of the hosting machine? 我知道大多数docker镜像从内部使用root用户,但是如何控制托管机器的文件所有权?
2 个解决方案
解决方案1
2 2015-09-02 08:07:27
You can create a data container docker create -v /usr/share/elasticsearch/data --name esdata elasticsearch /bin/true , then use it in your container docker run -d --volumes-from esdata --name some-elasticsearch elasticsearch . 你可以创建一个数据容器docker create -v /usr/share/elasticsearch/data --name esdata elasticsearch /bin/true ,然后在你的容器docker run -d --volumes-from esdata --name some-elasticsearch elasticsearch 。
This is a prefer data pattern for docker, you can find out more in this docker page. 这是docker的首选数据模式,您可以在此 docker页面中找到更多信息。
解决方案2
0 2015-10-13 16:03:27
To answer you question use "docker run --user '$(id -u)' ..." it will run program within container with current user id, then you might have the same question as I did. 要回答你的问题,请使用“docker run --user'$(id -u)'...”它将使用当前用户ID在容器中运行程序,然后你可能会遇到与我相同的问题。
I answered it in some way I hope it might be useful. 我以某种方式回答它,希望它可能有用。 Docker with '--user' can not write to volume with different ownership 具有“--user”的Docker无法写入具有不同所有权的卷
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.