我可以控制Docker映像中绑定安装的卷的所有者吗? [英] Can I control the owner of a bind-mounted volume in a docker image?
问题描述
我有一个包含日食的docker映像.我在名为 eclipse 的帐户下运行图像中的Eclipse.我想从主机绑定安装到容器中的工作空间目录启动映像.不幸的是,容器中已安装卷的所有者不是 eclipse .装入的卷仅保留主机的UID和GID.
I have a docker image which contains an eclipse. I run the eclipse in the image under an account named eclipse. I want to start the image with my workspace directory form the host machine bind-mounted into the container. Unfortunately the owner of the mounted volume inside the container is not eclipse. The mounted volume just preserves the UID and GID from the host.
是否有一种方法可以控制容器中安装的卷的UID和GID?
Is there a way to control under which UID and GID is the volume mounted in the container?
推荐答案
我相信目前无法在Docker中将UID和GID设置为安装选项.但是至少有两种方法可以解决此问题:
I believe at this point there is no way to set the UID and GID as a mount option in docker. But there are at least two ways of getting around this:
-
在主机和容器中匹配所有者/用户的UID和GID.在您的情况下,如果主机上的所有者ID和GID为1000,请确保容器中拥有用户的uid/gid具有相同的UID和GID,在这种情况下为1000.
Match UID and GID of the owner/user in the host and container. In your case, if the owner ID and GID on the host is say 1000, make sure the uid/gid of the owning user in the container has the same UID and GID, in this case 1000.
使用文件访问控制列表命令getfacl-获取容器上工作空间目录所有者的uid/gid,并使用setfacl命令在主机上授予此ID读/写权限.您必须在主机上运行setfacl.这样,acl权限将传播到容器.我不建议在容器级别进行任何所有权更改,因为这会破坏主机上的所有权,并且在下次从映像启动容器时将不会保留该所有权.
Use the file access control list command getfacl - get the uid/gid of the workspace directory owner on the container, and use setfacl command to grant this id read/write permission at the host. You have to run setfacl on the host. This way the acl rights will propagate to the container. I would not recommend making any ownership changes at the container level, as that will mess up the owership on the host and it won't be preserved the next time you launch a container from an image.
请记住,关于文件权限,只有numeric id很重要.
Remember, when it comes to file permissions only the numeric id matters.
有用的链接-容器内的许可
这篇关于我可以控制Docker映像中绑定安装的卷的所有者吗?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
