[英]Dockerfile mkdir permission denied
I am trying to build the image with:我正在尝试使用以下方法构建图像:
docker build -t db-demo .
But i get但我明白了
RUN mkdir -p /usr/src/app: #5 0.512 mkdir: cannot create directory '/usr/src/app': Permission denied
RUN mkdir -p /usr/src/app: #5 0.512 mkdir: 无法创建目录 '/usr/src/app': 权限被拒绝
The Dockerfile Dockerfile
FROM mcr.microsoft.com/mssql/server
RUN mkdir -p /usr/src/app
WORKDIR /usr/src/app
COPY . /usr/src/app
RUN chmod +x /usr/src/app/run-initialization.sh
ENV SA_PASSWORD bpassword
ENV ACCEPT_EULA Y
ENV MSSQL_PID Express
EXPOSE 1433
CMD /bin/bash ./entrypoint.sh
The OS is Windows.How to fix this?操作系统是 Windows。如何解决这个问题?
If we start the mssql
container with an interactive shell:如果我们使用交互式 shell 启动
mssql
容器:
docker run -it --rm mcr.microsoft.com/mssql/server /bin/bash
and then look at the active user within the container:然后查看容器内的活动用户:
mssql@ed73727870bb:/$ whoami
mssql
we see, that the active user is mssql
.我们看到,活动用户是
mssql
。 Furthermore, if we look at the permissions for /usr/src
inside the container:此外,如果我们查看容器内
/usr/src
的权限:
mssql@ed73727870bb:/$ ls -lisa /usr | grep -i src
163853 4 drwxr-xr-x 2 root root 4096 Apr 15 2020 src
we see that only root
has write-access to directory /usr/src
.我们看到只有
root
具有对目录/usr/src
写访问权限。
Thus, if we want to create a directory /usr/src/app
, so that user mssql
can write to it, we will have to set it up as root
and grant the appropriate permissions to mssql
.因此,如果我们想创建一个目录
/usr/src/app
,以便用户mssql
可以写入它,我们必须将其设置为root
并授予mssql
适当的权限。 This leads to the following Dockerfile
:这导致以下
Dockerfile
:
FROM mcr.microsoft.com/mssql/server
# change active user to root
USER root
# create the app directory
RUN mkdir -p /usr/src/app
# set mssql as owner of the app directory
RUN chown mssql /usr/src/app
# change back to user mssql
USER mssql
WORKDIR /usr/src/app
# sanity check: try to write a file
RUN echo "Hello from user mssql" > hello.txt
if we build and run this Dockerfile
:如果我们构建并运行这个
Dockerfile
:
docker build -t turing85/my-mssql -f Dockerfile .
docker run -it --rm turing85/my-mssql /bin/bash
We can now see that:我们现在可以看到:
the active user is still mssql
:活动用户仍然是
mssql
:
mssql@85e401ccc3f9:/usr/src/app$ whoami mssql
a file /usr/src/app/hello.txt
has been created, and user mssql
has read-access:文件
/usr/src/app/hello.txt
已创建,用户mssql
具有读取权限:
mssql@85e401ccc3f9:/usr/src/app$ cat hello.txt Hello from user mssql
user mssql
has write-access to /usr/src/app
:用户
mssql
具有对/usr/src/app
写访问权限:
mssql@85e401ccc3f9:/usr/src/app$ touch test.txt && ls -lisa total 16 171538 4 drwxr-xr-x 1 mssql root 4096 Nov 6 20:13 . 171537 8 drwxr-xr-x 1 root root 4096 Nov 6 20:02 .. 171539 4 -rw-r--r-- 1 mssql root 17 Nov 6 20:02 hello.txt 171604 0 -rw-r--r-- 1 mssql root 0 Nov 6 20:13 test.txt
user mssql
has no write-access to /usr/src
:用户
mssql
对/usr/src
没有写访问权限:
mssql@85e401ccc3f9:/usr/src/app$ touch ../test2.txt touch: cannot touch '../test2.txt': Permission denied
A comment on the Dockerfile
in the post:帖子中对
Dockerfile
的评论:
It seems that we try to copy an application into the mssql
container.似乎我们尝试将应用程序复制到
mssql
容器中。 I assume this is done to start said application within the same container.我假设这样做是为了在同一个容器中启动所述应用程序。 While this is possible (with some configuration), I strongly advice against this approach.
虽然这是可能的(通过一些配置),但我强烈建议不要使用这种方法。 We could instead define two containers (one for the database, one for the application), eg through a
docker-compose
file .我们可以改为定义两个容器(一个用于数据库,一个用于应用程序),例如通过
docker-compose
文件。
WORKDIR
creates the named directory if it doesn't exist.如果命名目录不存在,
WORKDIR
创建该目录。 If your only permission problem is while trying to create the directory, you can remove the RUN mkdir
line and let Docker create the directory for you.如果您唯一的权限问题是在尝试创建目录时,您可以删除
RUN mkdir
行并让 Docker 为您创建目录。
FROM any-base-image
# Docker creates the directory if it does not exist
# You do not need to explicitly RUN mkdir
WORKDIR /usr/src/app
...
Looking further at this example, the RUN chmod ...
line might also fail if the base image has a non-root user that can't access a root-owned directory.进一步查看此示例,如果基本映像具有无法访问 root 拥有的目录的非 root 用户,则
RUN chmod ...
行也可能会失败。 COPY
will also copy the permissions from the host, so if the file is executable in the host environment you would not need to explicitly chmod +x
it after it is COPY
ed in. That would let you delete all of the RUN
lines; COPY
也会从主机复制权限,所以如果文件在主机环境中是可执行的,你不需要在它被COPY
后显式chmod +x
它。这会让你删除所有的RUN
行; you'd be left with COPY
and ENV
instructions and runtime metadata, none of which should encounter permission problems.你会留下
COPY
和ENV
指令以及运行时元数据,它们都不会遇到权限问题。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.