来自php:5.6-apache的Docker容器作为根 [英] Docker Container from php:5.6-apache as root
问题描述
这将与 Docker php相关:5.6-Apache开发环境缺少卷装载权限
我已经尝试了几乎所有方法以使挂载的卷可以被 www-data 读取,我当前的解决方案是尝试通过脚本将应用程序所需的文件夹移动到/var ,并赋予适当的权限以使其可由 www-data 写入,但这种情况将变得难以维护.
I have tried pretty much everything to make the mounted volume be readable by www-data, my current solution is trying to move by scripts the folders needed by the application to /var and giving the proper permissions to be writable by www-data but that is becoming hard to maintain.
考虑到这是一个开发环境,我不介意存在安全漏洞,因此我想以 root 身份运行 apache ,然后得到
Giving the fact that it's a development environment I don't mind being a security hole so I would like to run apache as root and I get
错误:Apache尚未设计为以以下方式运行时提供网页:根.有已知的竞赛条件,将允许任何本地用户读取系统上的任何文件.如果您仍然希望将网页作为根目录,然后将-DBIG_SECURITY_HOLE添加到您的CFLAGS行中src/配置文件并重建服务器.强烈建议您改为在您的用户中修改User指令httpd.conf文件以列出非root用户.
Error: Apache has not been designed to serve pages while running as root. There are known race conditions that will allow any local user to read any file on the system. If you still desire to serve pages as root then add -DBIG_SECURITY_HOLE to the CFLAGS line in your src/Configuration file and rebuild the server. It is strongly suggested that you instead modify the User directive in your httpd.conf file to list a non-root user.
有什么简单的方法可以使用docker image php:5.6-apache 完成此操作吗?
Is there any easy way I can accomplish this using the docker image php:5.6-apache?
这是我的 docker-compose.yml
version: '2'
services:
api:
container_name: api
privileged: true
build:
context: .
dockerfile: apigility/Dockerfile
ports:
- "2020:80"
volumes:
- /ft/code/api:/var/www:rw
这是我的 Dockerfile :
FROM php:5.6-apache
USER root
RUN apt-get update \
&& apt-get install -y sudo openjdk-7-jdk \
&& echo "www-data ALL=NOPASSWD: ALL" >> /etc/sudoers
RUN apt-get install -y git zlib1g-dev libmcrypt-dev nano vim --no-install-recommends \
&& apt-get clean \
&& rm -r /var/lib/apt/lists/* \
&& docker-php-ext-install mcrypt zip \
&& curl -sS https://getcomposer.org/installer \
| php -- --install-dir=/usr/local/bin --filename=composer \
&& a2enmod rewrite \
&& sed -i 's!/var/www/html!/var/www/public!g' /etc/apache2/apache2.conf \
&& echo "AllowEncodedSlashes On" >> /etc/apache2/apache2.conf \
&& cp /usr/src/php/php.ini-production /usr/local/etc/php/php.ini \
&& printf '[Date]\ndate.timezone=UTC' > /usr/local/etc/php/conf.d/timezone.ini
WORKDIR /var/www
推荐答案
为什么不完全按照您所提到的问题说呢?
Why not to do exactly what it says in the question you referred to?
RUN usermod -u 1000 www-data
RUN groupmod -g 1000 www-data
这不是黑客.这是解决开发环境中问题的适当解决方案.
This is not a hack. It's a proper solution to the problem you have in the development environment.
这篇关于来自php:5.6-apache的Docker容器作为根的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
