stackoom
  简体   繁体   中英

Docker Jetty app no permission writing on mounted volume

 原文  2020-02-22 15:39:42       java/ linux/ docker/ permissions/ jetty

Question

sorry for the dumb question, I'm very beginner with Docker. I'm trying to deploy my Java application in the official jetty docker container, everything isworking fine, but, when my application tries to write a file to an mounted volume, it has no permission because the destination folder belong to the root user but the jetty is running as the jetty user. How can I start the jetty server running as root to give my application all the permissions it needs?

2 answers

solution1
 1  2020-02-22 17:27:49

First Approach

Change the owner of the folder you are trying to work on with chown jetty:jetty path

Second Apporach

Add jetty to sudoers so jetty can have access to root folders with usermod -aG sudo jetty

Both approaches requires to be inside of the container since you are not using custom dockerfile. Retrieve your container id from docker ps -a then

docker exec -it container_id bash

and try the 2 methods above I suggest to chown the folder. After you are done restart the container with docker restart container_id

solution2
 1 ACCPTED  2020-02-22 19:05:23

How can I start the jetty server running as root to give my application all the permissions it needs?

Specify the user when you start the container:

docker run -d --user root:root --name jetty -v ... jetty:jdk13

That will work but that is not a good practice because it gives too many rights to the user running the container.
Most of images are by default started by an applicative user with rights on the strict required things to prevent that.

I'm very beginner with Docker.

Beginner or experienced, when you want to "play" with user/volumes on an image that you don't know, the rule of thumb is reading its documentation . If that is not enough you can still dig into its DockerFile.
In the doc, you can read:

By default, this image starts as user root and uses Jetty's setuid module to drop privileges to user jetty after initialization. The JETTY_BASE directory at /var/lib/jetty is owned by jetty:jetty (uid 999, gid 999).

In fact, that is not exhaustive. All directories used by Jetty in the containers are owned by Jetty:

The default Jetty environment in the image is:

JETTY_HOME = /usr/local/jetty

JETTY_BASE = /var/lib/jetty

TMPDIR = /tmp/jetty

While that will work if you mount/bind to that directory, that looks like a hack because these are not designed to store application data.
Here a cleaner approach is customizing the image to add a folder on the image designed to store the application data.
That is not hard.

1) Create a DockerFile for the customized jetty image.
For example my-jetty-DockerFile :

FROM jetty:jdk13
VOLUME my-app-data
RUN mkdir my-app-data
RUN chown jetty:jetty my-app-data

2) Build that image: 

docker build -t jetty-with-data-vol:jdk13 -f my-jetty-DockerFile .

3) Start a container of that image with the mounted volume: 

docker run -d  --name my-jetty -v jetty-vol:/my-app-data jetty-with-data-vol:jdk13

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question Umlaut problems with Spark job writing to an NFSv3 mounted volume Configuring Jetty for high request volume Docker - Run Jetty on HTTPS External storage issue with mounted state and correct permission Deploying Spring app to Jetty How to get pictures from mounted volume in java spring boot How to get Mounted Volume information using nio classes Unable to load config data to springboot application from mounted volume in kubernetes Writing permission on android filesystems Jetty access logs writing to a .tmp file
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM