[英]Docker volumes : specifying permissions using mount options
I'm trying to use a named volume mounted in a Docker container, but get a Permission denied
error when trying to create a file in the mounted folder.我正在尝试使用安装在 Docker 容器中的命名卷,但在尝试在安装的文件夹中创建文件时出现
Permission denied
错误。 So I'm trying to use mount
options when creating my volume, but that does not work as I want.所以我在创建卷时尝试使用
mount
选项,但这并不像我想要的那样工作。
I'm totally aware that when mounting a volume (created by docker volume create my_named_volume
) with the option -v my_named_volume:/home/user/test
or --mount type=volume,source=my_named_volume,target=/home/user/test
), the folder inside the container ( /home/user/test
will be owned by root
user, even if /home/user
belongs to an user user
created in my Dockerfile
. If I run :我完全知道在使用选项
-v my_named_volume:/home/user/test
或--mount type=volume,source=my_named_volume,target=/home/user/test
挂载卷(由docker volume create my_named_volume
)时--mount type=volume,source=my_named_volume,target=/home/user/test
),容器内的文件夹( /home/user/test
将由root
用户拥有,即使/home/user
属于在我的Dockerfile
创建的用户user
。如果我运行:
docker run --rm \
--name test_named_volume \
--mount type=volume,source=my_named_volume,target=/home/user/test \
test_named_volume \
su user -c "touch /home/user/test/a"
Then I get :然后我得到:
touch: cannot touch '/home/user/test/a': Permission denied
I'm understanding that.我明白这一点。 That's why I'm trying to use
mount
options when creating my volume.这就是我在创建卷时尝试使用
mount
选项的原因。
mount
options mount
选项I'm specifying an uid
when creating my volume, in order to make my user user
able to create a file in that volume :我在创建卷时指定了一个
uid
,以使我的用户user
能够在该卷中创建一个文件:
docker volume create my_named_volume \
--opt o=uid=1000
1000
is the uid
of the user user
created in my Dockerfile
: 1000
是在我的Dockerfile
创建的用户user
的uid
:
FROM debian:jessie
ENV HOME /home/user
RUN useradd \
--create-home \
--home-dir $HOME \
--uid 1000 \
user \
&& chown -R user:user $HOME
WORKDIR $HOME
But when running my container (with the same command docker run
defined above), I'm getting an error ( missing device in volume options
) :但是在运行我的容器时(使用上面定义的相同命令
docker run
),我收到一个错误( missing device in volume options
):
docker: Error response from daemon: error while mounting volume '/var/lib/docker/volumes/my_named_volume/_data': missing device in volume options.
From the docs , I see that options --device
and --type
are missing from my volume creation :从文档中,我看到我的卷创建中缺少选项
--device
和--type
:
docker volume create my_named_volume \
--opt device=??? \
--opt type=??? \
--opt o=uid=1000
But I cannot see why I must give these options.但我不明白为什么我必须提供这些选项。
device
needs to be a block device, and from what I read, type
should be something like ext4
. device
需要是块设备,从我读到的内容来看, type
应该类似于ext4
。 But what I want is basically just set the uid
option to my volume.但我想要的基本上只是将
uid
选项设置为我的音量。 It looks like creating a block device should work, but it seems too much configuration for a "simple" problem.看起来创建块设备应该可以工作,但对于“简单”问题来说似乎配置太多了。
I have tried to use tmpfs
for device
and type
, that works fine (file /home/user/test/a
is created)... until my container is stopped (the data is not persisted, and that's logical because it's tmpfs
).我尝试将
tmpfs
用于device
和type
,效果很好(文件/home/user/test/a
已创建)...直到我的容器停止(数据未持久化,这是合乎逻辑的,因为它是tmpfs
)。 I want to persist that data written in the volume when the container exits.我想在容器退出时保留写入卷中的数据。
What is the simplest way to specify permissions when mounting a named volume in a container?在容器中安装命名卷时指定权限的最简单方法是什么? I don't want to modify my Dockerfile to use some magic (entrypoint that
chown
and then execute the command for example).我不想修改我的 Dockerfile 以使用一些魔法(例如
chown
然后执行命令的入口点)。 It seems possible using mount
options, I feel like I'm close to the solution, but maybe I'm in the wrong way.似乎可以使用
mount
选项,我觉得我已经接近解决方案了,但也许我走错了路。
Not entirely sure what your issue is, but this worked for me:不完全确定您的问题是什么,但这对我有用:
docker run --name test_named_volume \
--mount type=volume,source=test_vol,target=/home/user \
--user user \
test_named_volume touch /home/user/a
I think where you could have gone wrong is:我认为你可能出错的地方是:
Your mount target is /home/user/test
has not been created yet, since the useradd
command in your Dockerfile only creates $HOME
( /home/user
).您的挂载目标是
/home/user/test
尚未创建,因为 Dockerfile 中的useradd
命令仅创建$HOME
( /home/user
)。 So docker creates the directory within the container with root permissions.因此 docker 会在容器内创建具有 root 权限的目录。
You were not using the --user
flag in docker run to run the container as the specified user.您没有在 docker run 中使用
--user
标志以指定用户身份运行容器。
Just had this issue.刚遇到这个问题。 And contrary to popular belief the mount did NOT pickup the permissions of the host mounted directory, it reset them.
与普遍的看法相反,挂载没有获取主机挂载目录的权限,而是重置了它们。
When I did this, the permissions were changed to 777 inside the container...当我这样做时,容器内的权限更改为 777 ...
volumes:
- ./astro-nginx-php7/logs:/home/webowner/zos/log:rw
The :rw made all the difference for me. :rw 对我来说完全不同。 My image was nginx:latest.
我的图像是 nginx:latest。 Docker compose version 3.3
Docker 撰写版本 3.3
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.