[英]what user is php-fpm running in docker or without docker?
RUN groupadd -g 1000 www
RUN useradd -u 1000 -ms /bin/bash -g www www
COPY . /var/www
COPY --chown=www:www . /var/www
USER www
In dockerfile, I got this.在 dockerfile 中,我得到了这个。
My question is: how to check which user is running under php-fpm container?我的问题是:如何检查哪个用户在 php-fpm 容器下运行? In nginx, if I want to find that out, I check /etc/nginx/nginx.conf file and there's user written there.
在 nginx 中,如果我想找到它,我会检查 /etc/nginx/nginx.conf 文件,那里写着用户。 but for php-fpm I can't figure out.
但对于 php-fpm 我想不通。 How do I figure out?
我怎么知道? Don't tell me to use whoami or things like that as this is the user that is currently logged in.
不要告诉我使用 whoami 或类似的东西,因为这是当前登录的用户。
The command I showed you above (i don't know how it does) but it makes www user and www group and gives this user and group to all my files and directories.我在上面向您展示的命令(我不知道它是怎么做的)但它使 www 用户和 www 组并将此用户和组分配给我的所有文件和目录。 then sets the USER which will be logged in. but I don't know how 'write' permission works, as folders have
rwxr-xr-x.
然后设置将登录的用户。但我不知道“写”权限是如何工作的,因为文件夹有
rwxr-xr-x.
this means that php-fpm is running under www.这意味着 php-fpm 在 www 下运行。 We never changed which user is running under php-fpm and how does it happen?
我们从未改变在 php-fpm 下运行的用户以及它是如何发生的? Can someone explain that to me?
有人可以向我解释一下吗?
Docker is in isolation technology, but you still can use ps -ef
and so on, so just run Docker是隔离技术,但是你还是可以用
ps -ef
,所以直接运行
docker exec -it ${container} ps -ef
and it will return the list of active processes and their owners.它将返回活动进程及其所有者的列表。
For example simple php:8-fpm
shows:例如简单的
php:8-fpm
显示:
UID PID PPID C STIME TTY TIME CMD
root 1 0 0 05:16 ? 00:00:00 php-fpm: master
process (/usr/local/etc/php-fpm.conf)
www-data 7 1 0 05:16 ? 00:00:00 php-fpm: pool www
www-data 8 1 0 05:16 ? 00:00:00 php-fpm: pool www
Next just find the user in the /etc/passwd
接下来只需在
/etc/passwd
找到用户
docker exec -it ${container} grep 'www-data' /etc/passwd
It will show它会显示
www-data:x:33:33:www-data:/var/www:/usr/sbin/nologin
So it's definitely www-data with uid 33.所以它绝对是带有 uid 33 的 www-data。
If the container doesn't have ps
inside, you have 2 options, you can install it, or find uid manually如果容器里面没有
ps
,你有2个选项,可以安装,或者手动查找uid
For install use this command (example is for php:8-fpm
):对于安装使用此命令(例如
php:8-fpm
):
docker exec -it -u 0 ${container} su -c "apt update -y && apt install procps -y"
For manual search just grep /proc
对于手动搜索,只需 grep
/proc
sudo docker exec -it ${container} ls -ln /proc/
php:8-fpm
as other containers run a forked process as non-root, so the user won't be 0, in this case, 33 php:8-fpm
因为其他容器以非 root 身份运行分叉进程,所以用户不会是 0,在这种情况下是 33
USER www
changes the user the container runs as to www
. USER www
将容器运行的用户更改为www
。 If php-fpm is run as non-root then it will ignore the user
and group
directives for the pool config and run instead as the current user.如果 php-fpm 以非 root 身份运行,那么它将忽略池配置的
user
和group
指令,而是以当前用户身份运行。 Those directives only apply if php-fpm is run as root.这些指令仅适用于以 root 身份运行 php-fpm 的情况。
The standard php-fpm docker container runs as root but has the pool configured to for www-data
.标准的 php-fpm docker 容器以 root 身份运行,但池配置为
www-data
。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.