Dockerfile 将主机用户 UID 和 GID 复制到镜像 [英] Dockerfile replicate the host user UID and GID to the image
问题描述
类似于 关于从主机复制容器中的 UID/GID 的帖子,但是如何使用具有复制 UID 和 GID 的用户?最好,你如何使用 dockerfile 来做这件事?
Similar to the SO post about replicating UID/GID in container from host but how do you build the image with a user with replicate UID and GID? Preferably, how do you do it with a dockerfile?
我可以使用 bash 脚本来完成:
I can do it with a bash script:
#!/bin/bash
# current uid and gid
curr_uid=`id -u`
curr_gid=`id -g`
# create bb.dockerfile:
cat << EOF1 > bb.dockerfile
FROM ubuntu:xenial-20170214
ARG UNAME=testuser
EOF1
echo ARG UID=${curr_uid} >> bb.dockerfile
echo ARG GID=${curr_gid} >> bb.dockerfile
cat << EOF2 >> bb.dockerfile
RUN groupadd -g $GID $UNAME
RUN useradd -m -u $UID -g $GID -s /bin/bash $UNAME
USER $UNAME
CMD /bin/bash
EOF2
docker build -f bb.dockerfile -t testimg .
这个 bash 将生成一个如下所示的 docker 文件并在其上构建.
This bash will generate a docker file as the following and build on it.
FROM ubuntu:xenial-20170214
ARG UNAME=testuser
ARG UID=1982
ARG GID=1982
RUN groupadd -g $GID $UNAME
RUN useradd -m -u $UID -g $GID -s /bin/bash $UNAME
USER $UNAME
CMD /bin/bash
我要的是从 dockerfile 中删除硬编码的主机 UID 1982 和 GID 1982.
What I'm asking for, is to remove the hardcoded host UID 1982 and GID 1982 from the dockerfile.
推荐答案
您可以将其作为构建参数传递.你的 Dockerfile 可以是静态的:
You can pass it as a build arg. Your Dockerfile can be static:
FROM ubuntu:xenial-20170214
ARG UNAME=testuser
ARG UID=1000
ARG GID=1000
RUN groupadd -g $GID -o $UNAME
RUN useradd -m -u $UID -g $GID -o -s /bin/bash $UNAME
USER $UNAME
CMD /bin/bash
然后您将在构建命令中传递选项:
Then you'd pass the options on your build command:
docker build --build-arg UID=$(id -u) --build-arg GID=$(id -g)
-f bb.dockerfile -t testimg .
<小时>
请注意,我已经以不同的方式解决了与此类似的问题,方法是以 root 身份运行一个入口点,该入口点查看主机卷挂载的文件/目录权限,并调整容器内用户的 uid/gid 以匹配卷 uid/gid.进行该更改后,它会放弃从 root 用户到修改后的 uid/gid 用户的访问权限,并运行原始命令/入口点.结果是图像可以在任何开发人员机器上不加改变地运行.这方面的一个例子可以在我的 jenkins-docker 仓库中找到:
Note that I've solved similar problems to this a different way, by running an entrypoint as root that looks a file/directory permissions of the host volume mount, and adjust the uid/gid of the users inside the container to match the volume uid/gid. After making that change, it drops access from the root user to the modified uid/gid user and runs the original command/entrypoint. The result is the image can be run unchanged on any developer machine. An example of this can be found in my jenkins-docker repo:
https://github.com/sudo-bmitch/jenkins-docker
这篇关于Dockerfile 将主机用户 UID 和 GID 复制到镜像的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!