更改Windows主机上Docker容器内已安装文件夹中的文件权限 [英] Change file permissions in mounted folder inside docker container on Windows Host
问题描述
免责声明/编辑2
几年后,对于每个阅读此问题的人来说-如果您使用的是Windows,并且想将docker与linux容器一起使用,我强烈建议完全不将docker用于Windows,而是完全在VM内部启动整个docker环境. Ext3 NTFS的这一问题将在许多不同级别上使您不知所措,以至于安装docker-machine甚至都不值得.
Some years later, for everyone reading this question - If you are on Windows and want to use docker with linux containers, I highly recommend not using docker for windows at all and instead starting the entire docker environment inside a VM altogether. This Ext3 NTFS issue will break your neck on so many different levels that installing docker-machine might not even be worth the effort.
我正在使用 docker-machine 来启动Virtualbox VM内的boot2docker实例,/c/Users上的共享文件夹,您可以从中将卷装载到容器中.所述卷的权限就是问题所在.虚拟机存储在/c/Users/tom/.docker/
I am using docker-machine which starts a boot2docker instance inside a Virtualbox VM with a shared folder on /c/Users from which you can mount volumes into your containers. The permissions of said volumes are the ones the question is about. The VMs are stored under /c/Users/tom/.docker/
我选择在Hyper-V上使用docker-machine Virtualbox工作流程,因为我的日常工作流程中需要VBox,并且由于不同的Hypervisor之间的不兼容,无法在一个系统上同时运行Hyper-V和Virtualbox.
I chose to use the docker-machine Virtualbox workflow over Hyper-V because I need VBox in my daily workflow and running Hyper-V and Virtualbox together on one system is not possible due to incompabilities between different Hypervisors.
原始问题
我目前正在尝试在Windows上的容器中设置PHPMyAdmin,但无法更改config.inc.php文件的权限.
I am currently trying to set up PHPMyAdmin in a container on windows but I can't change the permissions of the config.inc.php file.
我发现:无法在Docker容器内调用chown(Docker (对于Windows),并认为这可能有些相关,但似乎仅适用于MongoDB.
I found: Cannot call chown inside Docker container (Docker for Windows) and thought this might be somewhat related but it appears to apply only to MongoDB.
这是我的docker-compose.yml
This is my docker-compose.yml
version: "3"
services:
pma:
image: (secrect company registry)/phpmyadmin
ports:
- 9090:80
volumes:
- /c/Users/tom/projects/myproject/data/var/www/public/config.inc.php:/var/www/public/config.inc.php
现在,当我docker exec -it [container] bash并更改已挂载的目录时,我尝试在config.inc.php上运行chmod,但是由于某种原因,它会无提示地失败.
now, when I docker exec -it [container] bash and change in the mounted directory, I try to run chmod on the config.inc.php but for some reason, it fails silently.
root@22a4bag43245: ls -la config.inc.php
-rw------- 1 root root 0 Aug 11 15:11 config.inc.php
root@22a4bag43245: chmod 655 config.inc.php
root@22a4bag43245: ls -la config.inc.php
-rw------- 1 root root 0 Aug 11 15:11 config.inc.php
考虑到链接的答案,我想我可以将卷移出Userhome,但是vbox根本不会挂载该文件夹.
Considering the linked answer, I thought I could just move the volume out of my Userhome but then vbox doesn't mount the folder at all.
如何持久更改/var/www/public/config.inc.php的文件权限?
How do I change the file permissions of /var/www/public/config.inc.php persistently?
推荐答案
即使在使用chown之后,我仍然无法更改所有权.当我研究时,这是因为正在使用NTFS卷安装在ext文件系统中.所以我用了另一种方法.
I had the same problem of not being able to change ownership even after using chown. And as I researched, it was because of NTFS volumes being mounted inside ext filesystem. So I used another approach.
docker内部的卷没有这些问题.因此,您可以将文件安装在内部docker卷上,然后在所需的本地文件夹中创建指向该文件的硬符号链接:
The volumes internal to docker are free from these problems. So you can mount your file on internal docker volume and then create a hard symlink to that file inside your local folder wherever you want:
sudo ln $(docker volume inspect --format '{{ .Mountpoint }}' <project_name>_<volume_name>) <absolute_path_of_destination>
通过这种方式,您可以将文件放置在docker中的所需位置,而没有任何权限问题,并且由于硬符号链接,您将能够像正常卷安装中一样修改文件的内容.
This way you can have your files in desired place, inside docker and without any permission issues, and you will be able to modify the contents of file as in the normal volume mount due to hard symlink.
此处是该过程的有效实现,该过程将并链接目录.如果您想了解详细信息,请参见问题possible fix部分>.
Here is a working implementation of this process which mounts and links a directory. In case you wanna know about the details, see possible fix section in issue.
编辑
实施此方法的步骤:
- 在内部docker-volume(也称为
named volumes)中挂载相关文件. -
在进行硬链接之前,请确保其中存在卷和相关文件.为了确保这一点,您应该在运行容器之前至少运行一次,或者如果要自动执行此文件创建,则可以包含一个docker run来创建所需的文件并退出.
- Mount the concerned file in internal docker-volume(also known as
named volumes). Before making hardlink, make sure volumes and concerned file are present there. To ensure this, you should have run your container at least once before or if you want to automate this file creation, you can include a docker run which creates the required files and exits.
docker run --rm -itd \
-v "<Project_name>_<volume_name>:/absolute/path" \
<image> bash -c "touch /absolute/path/<my_file>"
docker run --rm -itd \
-v "<Project_name>_<volume_name>:/absolute/path" \
<image> bash -c "touch /absolute/path/<my_file>"
此docker run将创建卷和所需文件.在这里,container是我的项目名称,默认情况下,它是项目所在的文件夹的名称,而<volume_name>与我们要在原始容器中使用的文件夹相同. <image>可以与原始容器中已经使用的相同.
This docker run will create volumes and required files. Here, container is my project name, by default, it is the name of the folder in which project is present and <volume_name> is the same as one which we want to use in our original container. <image> can be the same one which is already being used in your original containers.
- 在操作系统中创建到系统上实际文件位置的硬链接.您可以使用
docker volume inspect --format '{{ .Mountpoint }}' <project_name>_<volume_name>/<my_file>找到文件位置. Linux用户可以在终端中使用ln,而Windows用户可以在命令提示符中使用mklink.
- Create a hardlink in your OS to the actual file location on your system. You can find the file location using
docker volume inspect --format '{{ .Mountpoint }}' <project_name>_<volume_name>/<my_file>. Linux users can uselnin terminal and windows users can usemklinkin command prompt.
在第3步中,由于<volume_name>已经引用了该位置,因此我们没有使用/absolute/path,我们只需要引用该文件即可.
In step 3 we have not used /absolute/path since the <volume_name> refers to that location already, and we just need to refer to the file.
这篇关于更改Windows主机上Docker容器内已安装文件夹中的文件权限的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
