我可以更改安装在IBM容器中的卷上的目录的所有者吗？ [英] Can I change owner of directory that is mounted on volume in IBM containers?

问题描述

我正在尝试在IBM容器中启动postgres。我刚刚通过以下方式创建了卷：

  $ cf ic卷create pgdata 
  

然后将其安装：

  $ cf ic run-卷pgdata：/ var / pgsql -p 22 Registry.ng.bluemix.net/ruimo/pgsql944-cli 
  

通过ssh登录到容器后，我发现挂载的目录归root所有：

  drwxr-xr-x 3 root root 4096 Jul 8 08:20 pgsql 
  

由于postgres不允许由root运行，我想更改此目录的所有者。但是我无法更改此目录的所有者：

 ＃chown postgres：postgres pgsql 
 chown：更改 pgsql'：权限被拒绝
  

是否可以更改已安装目录的所有者？

解决方案

在IBM Containers中，为Docker引擎启用了用户名称空间。启用用户名称空间后，容器内的有效根是容器进程之外的非根用户，并且NFS不允许映射的非根用户对容器内的卷执行chown操作。请注意，卷 pgdata 是一个NFS，可以通过从容器执行 mount -t nfs4 来验证。 p>

您可以尝试为
建议的解决方法如何使用docker在bluemix卷上修复权限？

在此

  1。将卷安装到容器
 
内的`/ mnt / pgdata`上ic运行--volume pgdata：/ mnt / pgdata -p 22 Registry.ng.bluemix.net/ruimo/pgsql944-cli 
 
 2.在容器内
 
 2.1创建 postgres组并使用
 groupadd --gid 1010 postgres 
 useradd --uid 1010 --gid 1010 -m --shell / bin / bash postgres 
 
 2.2将用户添加到组 root 
 adduser postgres root 
 chmod 775 / mnt / pgdata 
 
 2.3在绑定装入卷
中创建pgsql目录su -c mkdir -p / mnt / pgdata / pgsql postgres 
 ln -sf / mnt / pgdata / pgsql / var / pgsql 
 
 2.2从组 root中删除用户
 deluser postgres root 
 chmod 755 / mnt / pgdata 
  

I'm trying to launch postgres in IBM containers. I have just created volume by:

$ cf ic volume create pgdata

Then mount it:

$ cf ic run --volume pgdata:/var/pgsql -p 22 registry.ng.bluemix.net/ruimo/pgsql944-cli

After logging into container through ssh, I found the mounted directory is owned by root:

drwxr-xr-x  3 root root   4096 Jul  8 08:20 pgsql

Since postgres does not permit to run by root, I want to change the owner of this directory. But I cannot change the owner of this directory:

# chown postgres:postgres pgsql
chown: changing ownership of 'pgsql': Permission denied

Is it possible to change owner of mounted directory?

解决方案

In IBM Containers, the user namespace is enabled for docker engine. When, the user namespace is enabled, the effective root inside the container is a non-root user out side the container process and NFS is not allowing the mapped non-root user to perform the chown operation on the volume inside the container. Please note that the volume pgdata is a NFS, this can verified by executing mount -t nfs4 from container.

You can try the workaround suggested for How can I fix the permissions using docker on a bluemix volume?

In this scenario it will be

1. Mount the Volume to `/mnt/pgdata` inside the container

cf ic run --volume pgdata:/mnt/pgdata -p 22 registry.ng.bluemix.net/ruimo/pgsql944-cli

2. Inside the container

2.1 Create "postgres" group and user    
groupadd --gid 1010 postgres
useradd --uid 1010 --gid 1010 -m --shell /bin/bash postgres

2.2 Add the user to group "root"
adduser postgres root
chmod 775 /mnt/pgdata

2.3 Create pgsql directory under bind-mount volume
su -c "mkdir -p /mnt/pgdata/pgsql" postgres
ln -sf /mnt/pgdata/pgsql /var/pgsql

2.2 Remove the user from group "root"
deluser postgres root
chmod 755 /mnt/pgdata

这篇关于我可以更改安装在IBM容器中的卷上的目录的所有者吗？的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！