Docker容器内和主机中的不同文件所有者 [英] Different file owner inside Docker container and in host machine

问题描述

我正面临与Docker用户相关的问题。
我使用以下命令以 gitlab-runner 的身份运行容器：

I am facing a issue related to Docker users. I run my container as gitlab-runner using the following command:

docker run --name testes_cashlink --hostname testes_cashlink --user gitlab-runner --privileged -t -v $DIR_TESTES:/cashlink_host -v $DIR_BATS:/bats -v $DIR_PROJETO:/cashlink_war docker-cashlink-ci /bats/run.sh

在Docker容器内创建的文件显示所有者 gitlab-runner ，但是，与所有者 roggerfernandes 相同的文件在我的主机中显示。 gitlab-runner 必须是在Docker容器以及主机中创建的文件的所有者。

The files created inside the docker container show owner gitlab-runner, however, the same files show in my host machine as owner roggerfernandes. gitlab-runner must be the owner of files created inside Docker container as well as host machine.

推荐答案

文件系统，至少在类似Unix和Linux的系统（包括macOS）中，文件所有者是一个数字，而不是名称。为了方便起见，诸如 ls 之类的各种工具会将数字转换为名称，但它仍然只是数字。容器中的用户 gitlab-runner 和主机系统上的用户 roggerfernandes 具有相同的UID。您可以通过运行 id 命令找到数字ID。

Filesystems, at least in Unix- and Linux-like systems (including macOS), file owners are a number, not a name. Various tools such as ls will translate the number into a name for convenience, but it is still just a number. Your user gitlab-runner in the container, and the user roggerfernandes on the host system, have the same UID. You can find the numeric ID by running the id command.

此处位于我的笔记本电脑上（重新格式化了一下）可读性）：

Here it is on my laptop (reformatted a bit for readability):

$ id
uid=501(dan) gid=20(staff) groups=20(staff),12(everyone),61(localaccounts),
  79(_appserverusr),80(admin),81(_appserveradm),98(_lpadmin),501(access_bpf),
  33(_appstore),100(_lpoperator),204(_developer),395(com.apple.access_ftp),
  398(com.apple.access_screensharing),399(com.apple.access_ssh)

在开始时，您会看到我的UID是501。

Here you see at the beginning my UID is 501.

您还可以运行该命令带有用户名，例如 id gitlab-runner 放在容器中。

You can also run this command with a username, e.g. id gitlab-runner inside the container.

docker exec testes_cashlink id gitlab-runner

因此，当容器中的用户拥有文件时，该文件将作为数字ID存储（很可能是1000，这是常见的默认设置）。当您查看主机系统时，将数字转换为用户名的机制与在容器中看到的结果只是具有不同的用户名。

So when the user in the container owns a file, it is stored as a numeric ID (quite likely 1000, a common default). When you look on your host system, the mechanism that translates the number into a username just has a different username in its result than you would see inside the container.

如果需要在容器内使用特定的用户ID，则需要修改Dockerfile，以便在创建用户时指定其uid。例如：

If you need a specific user ID inside the container, you need to modify your Dockerfile so that when creating the user, you specify its uid. For example:

RUN useradd -u 1005 <other options> gitlab-runner

这篇关于Docker容器内和主机中的不同文件所有者的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！