[英]How to manage permissions for a volume mounted into a docker container?
I'm developing a Wordpress theme, and want to use Docker in my dev setup.我正在开发一个 Wordpress 主题,并希望在我的开发设置中使用 Docker。 What I've done is pretty simple:
我所做的很简单:
database
service running MySQL 5.7database
服务wordpress
service, where I mount my theme folder as a volume into /var/www/html/wp-content/themes
wordpress
服务,我将我的主题文件夹作为一个卷安装到/var/www/html/wp-content/themes
I'm struggling with the volume permissions, however.但是,我正在努力处理音量权限。
I'm working with the following project folder structure:我正在使用以下项目文件夹结构:
.
├── docker-compose.yml
└── my-theme
My docker-compose.yml
file looks like this:我
docker-compose.yml
文件如下所示:
version: '3.2'
services:
database:
image: mysql:5.7
volumes:
- my_data:/var/lib/mysql
restart: always
environment:
MYSQL_ROOT_PASSWORD: root
MYSQL_DATABASE: wordpress
MYSQL_USER: wordpress
MYSQL_PASSWORD: root
wordpress:
depends_on:
- database
image: wordpress:php7.3-apache
ports:
- '8000:80'
restart: always
environment:
WORDPRESS_DB_HOST: database:3306
WORDPRESS_DB_USER: wordpress
WORDPRESS_DB_PASSWORD: root
working_dir: /var/www/html
volumes:
- type: volume
source: ./my-theme
target: /var/www/html/wp-content/themes/my-theme
volumes:
my_data: {}
When I run docker-compose up
, everything works as expected: containers are created, and I can access Wordpress in the browser.当我运行
docker-compose up
,一切都按预期进行:创建了容器,我可以在浏览器中访问 Wordpress。 However, the theme I mounted as a volume doesn't render anything when I activate it.但是,当我激活它时,我作为卷安装的主题不会呈现任何内容。
When I sh
into the wordpress
container ( docker-compose exec wordpress sh
) I can see that the wp-content/themes
folder is owned by root
.当我
sh
到wordpress
容器( docker-compose exec wordpress sh
)我可以看到, wp-content/themes
文件夹是由拥有root
。 So I figured that was the problem.所以我想这就是问题所在。
I verified this being a permissions issue by manually and recursively chown
ing the wp-content
folder in the container:我通过手动和递归
chown
容器中的wp-content
文件夹验证了这是一个权限问题:
chown -R www-data:www-data /var/www/html/wp-content
Once that was done, my theme rendered as expected.完成后,我的主题按预期呈现。 So now I'm looking for a way to avoid this
chown
process (the idea is that any other dev can clone this project, simply run docker-compose up
and start working).所以现在我正在寻找一种方法来避免这个
chown
过程(这个想法是任何其他开发人员都可以克隆这个项目,只需运行docker-compose up
并开始工作)。
The first thing I tried was to make a Dockerfile where I would build a slightly customized Wordpress image:我尝试的第一件事是制作一个Dockerfile ,我将在其中构建一个稍微定制的 Wordpress 图像:
FROM wordpress:php7.3-apache
RUN mkdir -p /var/www/html/wp-content/themes/test-theme \
&& chown -R /var/www/html/wp-content
My reasoning behind this was that by creating the directory and chown
ing it beforehand, the volume would inherit the user:group mapping.我这样做的原因是,通过创建目录并预先
chown
,该卷将继承 user:group 映射。 Alas, no such thing;唉,没有这样的事情; mounting the volume overrides this mapping and sets it back to
root:root
.挂载卷会覆盖此映射并将其设置回
root:root
。
After that, I tried to set the APACHE_RUN_USER
and APACHE_RUN_GROUP
environment variables in my docker-compose.yml
file:之后,我尝试在我
docker-compose.yml
文件中设置APACHE_RUN_USER
和APACHE_RUN_GROUP
环境变量:
version: '3.2'
services:
database:
...
wordpress:
...
environment:
WORDPRESS_DB_HOST: database:3306
WORDPRESS_DB_USER: wordpress
WORDPRESS_DB_PASSWORD: root
APACHE_RUN_USER: '$(id -u)'
APACHE_RUN_GROUP: '$(id -g)'
working_dir: /var/www/html
volumes:
- type: volume
source: ./my-theme
target: /var/www/html/wp-content/themes/my-theme
volumes:
my_data: {}
However, this threw a bunch of apache errors on build.但是,这在构建时引发了一堆 apache 错误。
I'm at a bit of a loss here now.我现在在这里有点不知所措。 Is there any best practice for managing permissions of mounted volumes in Docker?
是否有管理 Docker 中已安装卷权限的最佳实践? I've googled a lot for this, but the solutions I do find go a little bit over my head.
我为此在谷歌上搜索了很多,但我找到的解决方案有点超出我的想象。
You can do this by overwriting the entrypoint for the wordpress image.您可以通过覆盖 wordpress 图像的入口点来做到这一点。
Create a file startup.sh in your project and make is executable:在你的项目中创建一个文件 startup.sh 并且 make 是可执行的:
#!/bin/bash
chown -R www-data:www-data /var/www/html/wp-content
docker-entrypoint.sh apache2-foreground
Then in your docker-compose.yml:然后在你的 docker-compose.yml 中:
...
wordpress:
...
working_dir: /var/www/html
volumes:
- './my-theme:/var/www/html/wp-content/themes/my-theme'
- './startup.sh:/startup.sh'
entrypoint: /startup.sh
This worked for me, let me know if you have problems implementing it.这对我有用,如果您在实施时遇到问题,请告诉我。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.