在Docker容器中以非root身份运行nginx会给出权限被拒绝错误
[英]Running nginx as non-root in Docker container gives permission denied error
问题描述
I have the following Dockerfile 
我有以下Dockerfile
FROM ubuntu:14.04
EXPOSE 8000
# Install nginx
RUN apt-get update -q \
&& apt-get install --no-install-recommends --no-install-suggests -y -q \
nginx \
&& rm -rf /var/lib/apt/lists/*
COPY ./nginx.conf /etc/nginx/
COPY ./index.html /usr/share/nginx/test/
RUN groupadd -r webgroup \
&& useradd -r -m -g webgroup webuser \
&& touch /run/nginx.pid \
&& chown -R webuser:webgroup /var/log/nginx /var/lib/nginx /run/nginx.pid
USER webuser
CMD nginx
When I run it I get Permission denied on /var/log/nginx : 当我运行它时,我在/var/log/nginx上获得Permission拒绝 :
mikhails-mbp:test-docker-nginx mkuleshov$ docker run -p 8000:8000 mytest
nginx: [alert] could not open error log file: open() "/var/log/nginx/error.log" failed (13: Permission denied)
2016/10/02 17:02:51 [emerg] 5#0: open() "/var/log/nginx/access.log" failed (13: Permission denied)
If I get into the container with bash I see: 如果我用bash进入容器,我看到:
webuser@d190146a0e8d:/var/log/nginx$ ls -la
total 8
drwxr-x--- 2 webuser webgroup 4096 Jun 2 15:16 .
drwxrwxr-x 8 root syslog 4096 Oct 2 17:02 ..
How is it possible? 这怎么可能? During the above session I also cannot create files under that user. 在上述会话期间,我也无法在该用户下创建文件。
Thing that helped : Removing the /var/log/nginx and recreating it again. 有帮助的东西 :删除/var/log/nginx并重新创建它。 But I have no idea why this happens. 但我不知道为什么会这样。
There is no SELinux. 没有SELinux。
Has anyone encountered anything like that or is there anything I'm doing wrong? 有没有人遇到过这样的事情,或者有什么我做错了吗?
PS Here is docker info if it can help PS如果能提供帮助,这里有docker info
mikhails-mbp:test-docker-nginx mkuleshov$ docker info
Containers: 179
Running: 0
Paused: 0
Stopped: 179
Images: 901
Server Version: 1.11.2
Storage Driver: aufs
Root Dir: /mnt/sda1/var/lib/docker/aufs
Backing Filesystem: extfs
Dirs: 1109
Dirperm1 Supported: true
Logging Driver: json-file
Cgroup Driver: cgroupfs
Plugins:
Volume: local
Network: bridge null host
Kernel Version: 4.4.12-boot2docker
Operating System: Boot2Docker 1.11.2 (TCL 7.1); HEAD : a6645c3 - Wed Jun 1 22:59:51 UTC 2016
OSType: linux
Architecture: x86_64
CPUs: 1
Total Memory: 1.955 GiB
Name: default
ID: 3K5S:3QBN:BXGY:FASS:VG6P:D4CS:UXRK:GYXB:HJQG:SIQH:F6KQ:N4BN
Docker Root Dir: /mnt/sda1/var/lib/docker
Debug mode (client): false
Debug mode (server): true
File Descriptors: 15
Goroutines: 32
System Time: 2016-10-02T17:08:51.355144074Z
EventsListeners: 0
Username: mkuleshov
Registry: https://index.docker.io/v1/
Labels:
provider=virtualbox
PPS Here is a test repo with configs for that case: https://github.com/aides/test-docker-nginx PPS这是一个针对该案例配置的测试回购: https : //github.com/aides/test-docker-nginx
1 个解决方案
解决方案1
3 已采纳 2016-10-03 11:19:14
Most likely adding your user into adm group will solve your issue. 最有可能将您的用户添加到adm组中将解决您的问题。
Try sudo usermod -aG adm webuser 试试sudo usermod -aG adm webuser
More details: https://askubuntu.com/questions/421684/cant-access-apache-error-logs 更多细节: https : //askubuntu.com/questions/421684/cant-access-apache-error-logs
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.