在主机上 chown docker 卷(可能通过 docker-compose) [英] chown docker volumes on host (possibly through docker-compose)
问题描述
我有下面的例子
version: '2'
services:
proxy:
container_name: proxy
hostname: proxy
image: nginx
ports:
- 80:80
- 443:443
volumes:
- proxy_conf:/etc/nginx
- proxy_htdocs:/usr/share/nginx/html
volumes:
proxy_conf: {}
proxy_htdocs: {}
效果很好.当我运行 docker-compose up 时,它会在 /var/lib/docker/volumes 中创建那些命名卷,一切都很好.但是,在主机上,我只能以 root 身份访问 /var/lib/docker,因为它是 root:root(有道理).我想知道是否有一种方法可以将主机的目录 chown 更改为更合理/更安全的内容(例如,我用来在主机上做大多数事情的相对非特权用户),或者我是否只有吸收它并手动chown它们.我已经开始有一些脚本来解决其他问题,所以多加几行不会有太大问题,但我真的很想让我自己编写的自动化最小化,如果我可以——减少犯愚蠢错误的机会.
which works fine. When I run docker-compose up it creates those named volumes in /var/lib/docker/volumes and all is good. However, from the host, I can only access /var/lib/docker as root, because it's root:root (makes sense). I was wondering if there is a way of chowning the host's directories to something more sensible/safe (like, my relatively unprivileged user that I use to do most things on the host) or if I just have to suck it up and chown them manually. I'm starting to have a number of scripts already to work around other issues, so having an extra couple of lines won't be much of a problem, but I'd really like to keep my self-written automation minimal, if I can -- fewer chances for stupid mistakes.
顺便说一下,不:如果我挂载主机目录而不是创建卷,它们会被覆盖,这意味着如果它们开始为空,它们将保持为空,并且我不会从内部获得默认配置(或其他)容器.
By the way, no: if I mount host directories instead of creating volumes, they get overlaid, meaning that if they start empty, they stay empty, and I don't get the default configuration (or whatever) from inside the container.
加分项:我可以将卷移动到更方便的位置吗?比如说,/home/myuser/myserverstuff/volumes?
Extra points: can I just move the volumes to a more convenient location? Say, /home/myuser/myserverstuff/volumes?
推荐答案
最好不要尝试直接访问 /var/lib/docker 中的文件.这些目录是由 docker 守护进程管理的,不能被弄乱.
It's best to not try to access files inside /var/lib/docker directly. Those directories are meant to be managed by the docker daemon, and not to be messed with.
要访问卷内的数据,有多种选择;
To access the data inside a volume, there's a number of options;
- 使用绑定安装目录(您考虑过,但不适合您的用例).
- 使用使用相同卷并使其可通过该容器访问的服务"容器,例如运行
ssh(使用scp)或 SAMBA 的容器容器(例如 svendowideit/samba) - 使用 volume-driver 插件.周围有各种插件可以提供各种选项.例如,本地持久插件是一个非常简单的插件,它允许您指定在哪里 docker 应该存储体积数据(所以在
/var/lib/docker之外)
- use a bind-mounted directory (you considered that, but didn't fit your use case).
- use a "service" container that uses the same volume and makes it accessible through that container, for example a container running
ssh(to usescp) or a SAMBA container (such as svendowideit/samba) - use a volume-driver plugin. there's various plugins around that offer all kind of options. For example, the local persist plugin is a really simple plug-in that allows you to specify where docker should store the volume data (so outside of
/var/lib/docker)
这篇关于在主机上 chown docker 卷(可能通过 docker-compose)的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
