[英]docker volumes and apache permissions
I'm using docker for serving huge website with php. 我正在使用docker为php提供大型网站服务。 Issue is that when I'm linking my host volume to container I get permission errors.
问题是,当我将主机卷链接到容器时,我得到权限错误。 I know that I could run
chmod -R 777 /var/www
but isn't it little bit dangerous? 我知道我可以运行
chmod -R 777 /var/www
但不是有点危险吗?
My Dockerfile 我的Dockerfile
FROM php:7.0.3-apache
RUN docker-php-ext-install mysqli
RUN a2enmod rewrite
RUN a2enmod headers
RUN docker-php-ext-install pdo_mysql
RUN apt-get update -y && apt-get install -y sendmail libpng-dev
RUN apt-get update && \
apt-get install -y \
zlib1g-dev
RUN apt-get update && apt-get install -y \
libfreetype6-dev \
libjpeg62-turbo-dev \
libpng-dev \
&& docker-php-ext-install -j$(nproc) iconv \
&& docker-php-ext-configure gd --with-freetype-dir=/usr/include/ --with-jpeg-dir=/usr/include/ \
&& docker-php-ext-install -j$(nproc) gd
RUN docker-php-ext-install mbstring
RUN docker-php-ext-install zip
RUN docker-php-ext-install gd
My Docker-Compose.yml 我的Docker-Compose.yml
version: "2"
services:
www:
build: .
ports:
- "80:80"
volumes:
- ./test.com:/var/www/
links:
- db
networks:
- default
db:
image: mysql:5.7
ports:
- "3306:3306"
environment:
MYSQL_DATABASE: test
MYSQL_USER: test
MYSQL_PASSWORD: test
MYSQL_ROOT_PASSWORD: test
volumes:
- ./mysql:/var/lib/mysql
networks:
- default
Any ideas how to handle host volume permissions? 任何想法如何处理主机卷权限?
It is definitely not a good idea to chmod
with 777
, as you already suspected. 正如您所怀疑的那样,使用
777
chmod
绝对不是一个好主意。 You will need to chown the folders and files to the apache group with: chown -R <current_user>:www-data /test.com
and change the permissions to 755
. 您需要使用以下命令将文件夹和文件chown到apache组:
chown -R <current_user>:www-data /test.com
并将权限更改为755
。
I hope this helps you 我希望这可以帮助你
You can set uid for docker container's user is equal with host user's uid. 您可以为docker容器设置uid,用户与主机用户的uid相同。 It should help.
它应该有所帮助。
I spent sometime looking for the best solution for this case. 我花了一些时间寻找这种情况的最佳解决方案。 The cleanest way I found was setting the permission to the user 33 at the host machine.
我发现最干净的方法是在主机上为用户33设置权限。
Options I've tried: 我试过的选项:
Define a different user ID in Docker composer file : May work many times, but may cause errors when Apache trying to use internal files (eg ssh keys) 在Docker composer文件中定义不同的用户ID :可能多次工作,但在Apache尝试使用内部文件时可能会导致错误(例如ssh密钥)
Passing the local UID as an env variable and adding www-data to the same group/id : You must do that during the building process as part of the Docker file instructions, so it also creates another sketchy scenario when you create a image with permissions from your host machine. 将本地UID作为env变量传递并将www-data添加到同一组/ id :您必须在构建过程中将其作为Docker文件指令的一部分执行此操作,因此当您使用权限创建图像时,它还会创建另一个粗略方案从您的主机。
The less messy way I found is giving permissions to your local files to the user 33. Note that you do not have to create the user. 我找到的不那么混乱的方法是向用户提供本地文件的权限33.注意,您不必创建用户。
setfacl -R -mu:33:rwx /path/to/your/files setfacl -R -mu:33:rwx / path / to / your / files
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.