无法将Docker卷的写权限授予Docker Compose中的非root用户 [英] Unable to give write permissions to Docker volume to non-root user in Docker Compose

问题描述

我正在运行一个Docker Compose环境，在其中可以执行一系列Selenium测试.为此，我使用了 Selenium提供的图像.我运行两个容器:一个为 Selenium HUB ，另一个为 Selenium Firefox Node .我有第三个容器，定义了谁负责测试的执行(我们称其为 Tests Node ).

I'm running a Docker Compose environment in which to execute a bunch of Selenium tests. In order to do that, I'm using the images Selenium provides. I run two containers: one as the Selenium HUB and another as a Selenium Firefox Node. I have a third container defined who is in charge of the tests execution (let's call it Tests Node).

我创建了一个 Selenium Firefox节点和测试节点使用的Docker卷，以便它们可以共享某些文件.我将其称为 selenium_volume 卷，并且已将其同时安装在/selenium_tests 上.

I created a Docker volume used by the Selenium Firefox Node and the Tests Node so certain files can be shared by them both. I called the volume selenium_volume and it's mounted for both on /selenium_tests.

我很快就遇到了一个问题，即在两个系统中都为用户 root 创建了该文件夹，但是 Selenium Firefox Node 默认使用的用户是 seluser .它具有读取但没有写入权限，这是我所需要的.

I soon faced a problem for that folder is created in both systems for user root, but the user the Selenium Firefox Node uses by default is seluser. It has read but not write permissions, which I need.

我试图将以下内容用作容器 entrypoint ，因此我将 seluser 设置为目录的所有者: bash -c'sudo chown -R seluser:seluser/selenium_tests&&/opt/bin/entry_point.sh'，但无法正常工作.

I tried to use the following as the container entrypoint, so I make seluser the owner of the directory: bash -c 'sudo chown -R seluser:seluser /selenium_tests && /opt/bin/entry_point.sh', but it's not working.

启动容器后，我连接到容器( docker exec -ti selenium-firefox bash )时，我看到该文件夹​​仍属于 root .如果然后连接，请运行命令 sudo chown -R seluser:seluser/selenium_tests&&/opt/bin/entry_point.sh'，文件夹权限已更改，我们达到了我期望的水平.

When I connect to the container after it's launched (docker exec -ti selenium-firefox bash), I see the folder still belongs to root. If I then once connected run the command sudo chown -R seluser:seluser /selenium_tests && /opt/bin/entry_point.sh', the folder permissions are changed and we reach to the point I was expecting.

我想知道为什么当我手动运行命令时它可以工作，但是在容器的入口点脚本之前通过 entrypoint 运行时却无法运行.

I would like to know why it's working when I run the command manually but it's not when running through the entrypoint before the entrypoint script of the container.

当前，我的 docker-compose.yml 类似于以下内容:

Currently my docker-compose.yml looks similar to the following:

    version: '3.8'
    
    services:
      tests-node:
        build: .
        depends_on:
         - selenium-hub
         - selenium-firefox
        # the wait-for-it.sh command makes the container wait until the Selenium containers are ready to work
        entrypoint: ["./wait-for-it.sh", "-t", "15", "selenium-firefox:5555", "--"]
        command: ["execute_tests.sh"]
        volumes:
          - ./remote_reports/:/selenium_tests/reports/
          - type: volume
            source: selenium_volume
            target: /selenium_tests
        networks:
          selenium_net: {}
    
      selenium-hub:
        image: selenium/hub:3.141.59
        ports:
          - "4444:4444"
        networks:
          selenium_net: {}
    
      selenium-firefox:
        image: selenium/node-firefox:3.141.59
        depends_on:
          - selenium-hub
        entrypoint: bash -c 'sudo chown -R seluser:seluser /selenium_tests && /opt/bin/entry_point.sh'
        volumes:
          - /dev/shm:/dev/shm
          - type: volume
            source: selenium_volume
            target: /selenium_tests
        environment:
          - HUB_HOST=selenium-hub
          - HUB_PORT=4444
        networks:
          selenium_net: {}
        expose:
          - 5555
    
    volumes:
      selenium_volume:
    
    networks:
      selenium_net:
        driver: bridge

我试图在 entrypoint 之后将chown命令作为 command 运行，但是我认为它永远都无法实现，因为在 entrypoint 一直在前台运行.

I tried to run the chown command as command after the entrypoint but it never reaches I think because the script that is launched during the entrypoint keeps running in foreground.

我想直接在docker-compose.yml上做所有事情，并避免创建任何Dockerfile，但是我不知道这是否可能.

I would like to do all the things directly on the docker-compose.yml and avoiding to create any Dockerfile, but I don't know if this is possible at this point.

推荐答案

最简单的方法是在开始执行以下操作之前，将 chmod -R 777/selenium_tests 添加到 execute_tests.sh 中.测试.在这种情况下，@ aorestr，您无需更改 selenium-firefox 容器的 entrypoint .

The simplest way is to add chmod -R 777 /selenium_tests to execute_tests.sh before starting the tests. In this case, @aorestr, you don't need to change entrypoint of the selenium-firefox container.

这篇关于无法将Docker卷的写权限授予Docker Compose中的非root用户的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！