[英]Ensure both user name and user id are the same in host and Docker container
I'm trying to run a Docker container with a custom made image, with a given user. 我正在尝试使用给定的用户运行带有定制映像的Docker容器。 I have an
entrypoint.sh
, that can change the running user according to an environment variable provided at the Docker command line, with -e USER=myuser
. 我有一个
entrypoint.sh
,它可以使用-e USER=myuser
根据Docker命令行中提供的环境变量来更改正在运行的用户。
I have the very same user in the host machine. 我在主机上有相同的用户。 This can be done in different host machines, and I can ensure this user exists in any host we use.
这可以在不同的主机上完成,我可以确保此用户存在于我们使用的任何主机中。 But I'm having troubles because I cannot ensure that the numerical id for this user is always the same (say 1001).
但是我遇到了麻烦,因为我无法确保该用户的数字ID始终相同(例如1001)。 At the Docker container execution command line I mount some local folders with
-v <src>:<tgt>
, and the application in the container creates additional folders and files in <tgt>
. 在多克尔容器执行命令行我安装,带一些本地文件夹
-v <src>:<tgt>
和在容器中的应用程序创建的附加文件夹和文件在<tgt>
The problem is that although the user in the host and the container have the same name (say myuser
), the numerical id for it can change (say eg 5000
in the host and 1001
in the container), so I get problems when reading files and folders under the mounted path. 问题是,尽管主机中的用户和容器中的用户具有相同的名称(例如
myuser
),但是其数字标识可以更改(例如,主机中的5000
和容器中的1001
),因此读取文件时出现问题和安装路径下的文件夹。
What is the best solution to ensure that, at execution time, not only the user name but also the user id is the same in the host and in the running container? 确保在执行时,主机和运行容器中的用户名和用户ID均相同的最佳解决方案是什么?
EDIT 编辑
I see I did not explain myself AT ALL, and mixed things. 我看到我并没有完全解释自己,而是混杂在一起。 I will try to explain my problem again:
我将尝试再次解释我的问题:
I did create a Linux-based image, and in this image I: a) installed a set of packages as root
; 我确实创建了一个基于Linux的映像,在该映像中,我:a)以
root
身份安装了一组软件包; b) created a certain user myuser
, and switched to that user with USER <usr>
in the Dockerfile; b)创建一个特定用户
myuser
,并在Dockerfile中使用USER <usr>
切换到该用户; and c) copied my own software and installed in the image, as the user myuser
, and this software must be executed by that user. c)以用户
myuser
身份复制了我自己的软件并安装在映像中,并且该软件必须由该用户执行。
I created the very same user myuser
in another machine 我在另一台机器上创建了相同的用户
myuser
launched a container from this image, in another machine, and shared some folders (owned by the user myuser
) from the host file system with that container. 从另一台计算机上的该映像启动了一个容器,并与该容器共享了主机文件系统中的一些文件夹(由用户
myuser
拥有)。
The problem appeared because the numerical id for the user myuser
was 1001 in the Docker image, and 5000 in the other host, when the container was executed. 出现问题的原因是,执行容器时,用户
myuser
的数字ID在Docker映像中为1001,在其他主机中为5000。
One solution would be to force the numerical id being the same any time the user gets created in any host machine. 一种解决方案是在用户在任何主机上创建用户时,都强制数字ID相同。 The problem is that I cannot be sure this will be always possible in the host that runs the images.
问题是我不确定在运行映像的主机中这是否总是可能的。
You should specify the user in the Dockerfile with command USER
. 您应该使用命令
USER
在Dockerfile中指定USER
。 The options -e USER=myuser
will create a environment variable, but it doesn't change the user by default. 选项
-e USER=myuser
将创建一个环境变量,但默认情况下不会更改用户。
Reference: https://docs.docker.com/engine/reference/builder/#user 参考: https : //docs.docker.com/engine/reference/builder/#user
If you are using linux based image (say ubuntu for example), in your Dockerfile, you will need something like 如果您使用的是基于Linux的映像(例如ubuntu),则在Dockerfile中,您将需要以下内容
sudo addgroup --gid 3000 mygroupname &&
sudo adduser --uid 4000 --gid 3000 --disabled-password --gecos "" myusername
You will have to switch to that user and maybe use that user's home directory as your work directory. 您将不得不切换到该用户,并可能使用该用户的主目录作为您的工作目录。 Lines in Dockerfile would be:
Dockerfile中的行为:
USER myusername
WORKDIR /home/myusername
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.