什么用户是在 docker 中运行的 php-fpm 还是没有 docker?
[英]what user is php-fpm running in docker or without docker?
问题描述
RUN groupadd -g 1000 www
RUN useradd -u 1000 -ms /bin/bash -g www www
COPY . /var/www
COPY --chown=www:www . /var/www
USER www
In dockerfile, I got this.
在 dockerfile 中,我得到了这个。
My question is: how to check which user is running under php-fpm container?我的问题是:如何检查哪个用户在 php-fpm 容器下运行? In nginx, if I want to find that out, I check /etc/nginx/nginx.conf file and there's user written there.在 nginx 中,如果我想找到它,我会检查 /etc/nginx/nginx.conf 文件,那里写着用户。 but for php-fpm I can't figure out.但对于 php-fpm 我想不通。 How do I figure out?我怎么知道? Don't tell me to use whoami or things like that as this is the user that is currently logged in.不要告诉我使用 whoami 或类似的东西,因为这是当前登录的用户。
The command I showed you above (i don't know how it does) but it makes www user and www group and gives this user and group to all my files and directories.我在上面向您展示的命令(我不知道它是怎么做的)但它使 www 用户和 www 组并将此用户和组分配给我的所有文件和目录。 then sets the USER which will be logged in. but I don't know how 'write' permission works, as folders have rwxr-xr-x.然后设置将登录的用户。但我不知道“写”权限是如何工作的,因为文件夹有rwxr-xr-x. this means that php-fpm is running under www.这意味着 php-fpm 在 www 下运行。 We never changed which user is running under php-fpm and how does it happen?我们从未改变在 php-fpm 下运行的用户以及它是如何发生的? Can someone explain that to me?有人可以向我解释一下吗?
2 个解决方案
解决方案1
1 已采纳 2019-03-15 15:44:52
Docker is in isolation technology, but you still can use ps -ef and so on, so just run Docker是隔离技术,但是你还是可以用ps -ef ,所以直接运行
docker exec -it ${container} ps -ef
and it will return the list of active processes and their owners.它将返回活动进程及其所有者的列表。
For example simple php:8-fpm shows:例如简单的php:8-fpm显示:
UID PID PPID C STIME TTY TIME CMD
root 1 0 0 05:16 ? 00:00:00 php-fpm: master
process (/usr/local/etc/php-fpm.conf)
www-data 7 1 0 05:16 ? 00:00:00 php-fpm: pool www
www-data 8 1 0 05:16 ? 00:00:00 php-fpm: pool www
Next just find the user in the /etc/passwd接下来只需在/etc/passwd找到用户
docker exec -it ${container} grep 'www-data' /etc/passwd
It will show它会显示
www-data:x:33:33:www-data:/var/www:/usr/sbin/nologin
So it's definitely www-data with uid 33.所以它绝对是带有 uid 33 的 www-data。
If the container doesn't have ps inside, you have 2 options, you can install it, or find uid manually如果容器里面没有ps ,你有2个选项,可以安装,或者手动查找uid
For install use this command (example is for php:8-fpm ):对于安装使用此命令(例如php:8-fpm ):
docker exec -it -u 0 ${container} su -c "apt update -y && apt install procps -y"
For manual search just grep /proc对于手动搜索,只需 grep /proc
sudo docker exec -it ${container} ls -ln /proc/
php:8-fpm as other containers run a forked process as non-root, so the user won't be 0, in this case, 33 php:8-fpm因为其他容器以非 root 身份运行分叉进程,所以用户不会是 0,在这种情况下是 33
解决方案2
0 2021-08-11 05:24:48
USER www changes the user the container runs as to www . USER www将容器运行的用户更改为www 。 If php-fpm is run as non-root then it will ignore the user and group directives for the pool config and run instead as the current user.如果 php-fpm 以非 root 身份运行,那么它将忽略池配置的user和group指令,而是以当前用户身份运行。 Those directives only apply if php-fpm is run as root.这些指令仅适用于以 root 身份运行 php-fpm 的情况。
The standard php-fpm docker container runs as root but has the pool configured to for www-data .标准的 php-fpm docker 容器以 root 身份运行,但池配置为www-data 。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.