我可以控制 docker 映像中绑定安装卷的所有者吗? [英] Can I control the owner of a bind-mounted volume in a docker image?
问题描述
我有一个包含日食的 docker 镜像.我在名为 eclipse 的帐户下运行映像中的 eclipse.我想使用我的工作区目录从主机绑定安装到容器中启动图像.不幸的是,容器内已安装卷的所有者不是 eclipse.挂载的卷只保留来自主机的 UID 和 GID.
I have a docker image which contains an eclipse. I run the eclipse in the image under an account named eclipse. I want to start the image with my workspace directory form the host machine bind-mounted into the container. Unfortunately the owner of the mounted volume inside the container is not eclipse. The mounted volume just preserves the UID and GID from the host.
有没有办法控制在哪个 UID 和 GID 下挂载在容器中的卷?
Is there a way to control under which UID and GID is the volume mounted in the container?
推荐答案
我相信目前还没有办法在 docker 中设置 UID 和 GID 作为挂载选项.但至少有两种方法可以解决这个问题:
I believe at this point there is no way to set the UID and GID as a mount option in docker. But there are at least two ways of getting around this:
匹配主机和容器中所有者/用户的 UID 和 GID.在您的情况下,如果主机上的所有者 ID 和 GID 为 1000,请确保容器中拥有用户的 uid/gid 具有相同的 UID 和 GID,在本例中为 1000.
Match UID and GID of the owner/user in the host and container. In your case, if the owner ID and GID on the host is say 1000, make sure the uid/gid of the owning user in the container has the same UID and GID, in this case 1000.
使用文件访问控制列表命令getfacl - 获取容器上工作区目录所有者的uid/gid,并使用setfacl命令授予此权限id 在主机上的读/写权限.您必须在主机上运行 setfacl.这样,acl 权限将传播到容器.我不建议在容器级别进行任何所有权更改,因为这会弄乱主机上的所有权,并且在您下次从映像启动容器时不会保留它.
Use the file access control list command getfacl - get the uid/gid of the workspace directory owner on the container, and use setfacl command to grant this id read/write permission at the host. You have to run setfacl on the host. This way the acl rights will propagate to the container. I would not recommend making any ownership changes at the container level, as that will mess up the owership on the host and it won't be preserved the next time you launch a container from an image.
请记住,当涉及到文件权限时,只有 numeric id 很重要.
Remember, when it comes to file permissions only the numeric id matters.
有用的链接 - 容器内的权限
这篇关于我可以控制 docker 映像中绑定安装卷的所有者吗?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
