stackoom
  简体   繁体   中英

In Fedora 31 how do I set permissions for nginx running in a Podman container?

 原文  2020-07-15 14:55:45       permissions/ fedora/ selinux/ podman/ slim-4

Question

I am trying to set up a local dev LEMP stack for a Slim-4 project using podman-compose. So far I have containers for PHP and Nginx. Nginx runs but gives a 500 error on trying to access the log directory - permission denied. This directory is outside of the public directory that is served by nginx.

I have selinux set to permissive to eliminate its issues. I have used podman unshare to set ownership to the container's Nginx UID:GID. I tried the setup with only a simple index file - the file is served with no issues. So, nginx/podman has access to the nginx configuration file on the host. The issue must be with write permissions.

Here is my docker-compose file:

version: '3.7'

# Services
services:

# Nginx Service
nginx:
  image: nginx:1.17
  ports:
    - 8090:80
  volumes:
    - .:/var/www/php:z
    - ./.docker/nginx/conf.d:/etc/nginx/conf.d:ro
  depends_on:
    - php

# PHP Service
php:
  image: php:7.4-fpm
  working_dir: /var/www/php
  volumes:
    - .:/var/www/php

What am I missing?

1 answers

solution1
 1 ACCPTED  2020-07-19 11:44:46

The issue was that I incorrectly assumed I needed to set permissions to allow Nginx to have access. Instead I needed to grant the group www-data access permissions.
How I did it:
log into the running Nginx container podman exec -it [container ID] bash
find the www-data GID (Group ID) - from the container command line, cat /etc/passwd | grep www-data cat /etc/passwd | grep www-data
note the GID (in the result you will see something like ...x:33:33... 33:33 is the user:group)
exit the container cli with exit
in your development/host cli, at the root of your project, run podman unshare chown -R 0:[the www-data GID you found above]. (don't miss the '.')

Explanation:
podman unshare puts you in a modified userspace that matches the container
chown changes ownership
-R means recursive
the number to the left of the ':' is the UID (User ID), the number to the right is the GID
the '.' is the current directory.

I hope this helps someone. I spent hours learning the above.

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question How do I determine if a shell script is running with root permissions? How do I set write permissions for a directory from php://input? How do I set file permissions in Maven POM file How do I set user permissions on GIT Repository? How do I set permissions on directory(folder) on IIS 6.0? How do I set permissions for a WCF Windows Service? How do I set permissions on files in an unpacked Eclipse Plugin (not a jar) How do i set permissions for rating a particular content type? How do I set permissions on IIS8 for AWSTATS How to set mounted folder permission in podman
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM