主机和Docker容器之间的卷和权限
[英]Volumes and permissions between host and docker container
问题描述
I'm trying to dockerize all of the services on my host machine. 
我正在尝试对主机上的所有服务进行docker化。 But I'm running into the following problems with Docker and volume-permissions between host and docker. 但是我遇到了以下有关Docker以及主机与Docker之间的卷权限的问题。
I have a host machine with the following folder-structure: 我有一台具有以下文件夹结构的主机:
- /data/mysql (user: docker-mysql)
- /data/gitlab (user: docker-gitlab)
- /data/backup (user: share-backup)
The /data/mysql:/mnt/mysql folder is getting mounted into the mysql docker container. /data/mysql:/mnt/mysql文件夹已挂载到mysql docker容器中。 The docker mysql container creates backups every 24 hours, but because the docker container runs on user root these backups get created as user root and group root in the /data/mysql folder. docker mysql容器每24小时创建一次备份,但是由于docker容器在root用户上运行,因此这些备份以root用户和group root的身份在/ data / mysql文件夹中创建。
My goal to achieve is that files in the /data/mysql folder will get created as docker-mysql user, not as root user. 我要实现的目标是/ data / mysql文件夹中的文件将以docker-mysql用户而不是root用户创建。
I tried to change the user of the docker container to another user by setting RUN groupadd -r docker-mysql && useradd -r -g docker-mysql docker-mysql and USER docker-mysql , but then the mysql container won't even start anymore, because the docker-mysql user doesn't seem to have root permissions. 我试图通过设置RUN groupadd -r docker-mysql && useradd -r -g docker-mysql docker-mysql和USER docker-mysql将docker容器的用户更改为另一个用户,但是mysql容器甚至无法启动不再,因为docker-mysql用户似乎没有root权限。 I also tried this on the Gitlab-CE docker image, but ran into the same issue that running Gitlab-CE as a different user throws permission errors. 我也在Gitlab-CE docker映像上尝试过此操作,但是遇到了另一个问题,即以不同的用户身份运行Gitlab-CE会引发权限错误。
Any idea how to write files to for example /data/mysql on the host with the correct user? 知道如何使用正确的用户将文件写入主机上的/data/mysql等文件吗?
1 个解决方案
解决方案1
1 已采纳 2019-09-04 23:36:54
Despite of your mysql image, what you need is: every process inside your container must be executed as a non-root user . 尽管有mysql映像,但您需要的是: 容器内的每个进程都必须以非root用户身份执行 。 There is some workarounds for it, but I suggest that you first dive into your mysql base image and see what is happening under the hood. 有一些解决方法,但是我建议您首先深入了解mysql基本映像,看看幕后发生了什么。 One method is redirecting every process to a non-root user . 一种方法是将每个进程重定向到非root用户 。 This can be achieved by: 这可以通过以下方式实现:
On your Dockerfile 在您的Dockerfile上
RUN groupadd -r docker-mysql && useradd -r -g docker-mysql docker-mysql
ENTRYPOINT ["docker-entrypoint.sh"]
CMD ["mysqld"] ##CHECK YOUR IMAGE FIRST
Those two can be translated as 这两个可以翻译成
docker-entrypoint.sh mysqld
Now on your docker-entrypoint.sh, which need to be modified if the image is not the same as this example (it was from a mongodb which uses ubuntu as OS base image ) : 现在在您的docker-entrypoint.sh上,如果映像与此示例不同(它来自使用ubuntu作为操作系统基础映像的mongodb),则需要对其进行修改 :
if [[ “$originalArgOne” == mysql* ]] && [ “$(id -u)” = ‘0’ ]; then
if [ “$originalArgOne” = ‘mysqld’ ];
then chown -R docker-mysql <MYSQL FOLDERS in CONTAINER>
fi
# make sure we can write to stdout and stderr as “mongodb”
# (for our “initdb” code later; see “ — logpath” below)
chown --dereference docker-mysql “/proc/$$/fd/1” “/proc/$$/fd/2” || :
exec gosu docker-mysql “$BASH_SOURCE” “$@”
fi
This answer was just adapted from here (It's a good reading) 这个答案只是从这里改编的(这是一本好书)
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.