我可以更改安装在 IBM 容器中的卷上的目录的所有者吗? [英] Can I change owner of directory that is mounted on volume in IBM containers?

问题描述

我正在尝试在 IBM 容器中启动 postgres.我刚刚创建了卷:

I'm trying to launch postgres in IBM containers. I have just created volume by:

$ cf ic volume create pgdata

然后挂载它:

$ cf ic run --volume pgdata:/var/pgsql -p 22 registry.ng.bluemix.net/ruimo/pgsql944-cli

通过ssh登录容器后，发现挂载的目录是root拥有的:

After logging into container through ssh, I found the mounted directory is owned by root:

drwxr-xr-x  3 root root   4096 Jul  8 08:20 pgsql

由于 postgres 不允许 root 运行，我想更改此目录的所有者.但我无法更改此目录的所有者:

Since postgres does not permit to run by root, I want to change the owner of this directory. But I cannot change the owner of this directory:

# chown postgres:postgres pgsql
chown: changing ownership of 'pgsql': Permission denied

是否可以更改挂载目录的所有者?

Is it possible to change owner of mounted directory?

推荐答案

在 IBM Containers 中，为 docker 引擎启用了用户命名空间.当启用用户命名空间时，容器内的有效 root 是容器进程外的非 root 用户，并且 NFS 不允许映射的非 root 用户对容器内的卷执行 chown 操作.请注意，卷 pgdata 是一个 NFS，这可以通过在容器中执行 mount -t nfs4 来验证.

In IBM Containers, the user namespace is enabled for docker engine. When, the user namespace is enabled, the effective root inside the container is a non-root user out side the container process and NFS is not allowing the mapped non-root user to perform the chown operation on the volume inside the container. Please note that the volume pgdata is a NFS, this can verified by executing mount -t nfs4 from container.

您可以尝试建议的解决方法如何使用 docker 修复权限在 bluemix 卷上?

You can try the workaround suggested for How can I fix the permissions using docker on a bluemix volume?

在这种情况下，它将是

1. Mount the Volume to `/mnt/pgdata` inside the container

cf ic run --volume pgdata:/mnt/pgdata -p 22 registry.ng.bluemix.net/ruimo/pgsql944-cli

2. Inside the container

2.1 Create "postgres" group and user    
groupadd --gid 1010 postgres
useradd --uid 1010 --gid 1010 -m --shell /bin/bash postgres

2.2 Add the user to group "root"
adduser postgres root
chmod 775 /mnt/pgdata

2.3 Create pgsql directory under bind-mount volume
su -c "mkdir -p /mnt/pgdata/pgsql" postgres
ln -sf /mnt/pgdata/pgsql /var/pgsql

2.2 Remove the user from group "root"
deluser postgres root
chmod 755 /mnt/pgdata

这篇关于我可以更改安装在 IBM 容器中的卷上的目录的所有者吗?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！