将用户添加到Docker Container [英] Add User to Docker Container
问题描述
我尝试添加 RUN adduser uwsgi 和 RUN adduser celery 到我的Dockerfile,但这是导致问题,因为这些命令提示输入(我已经发布了从下面的构建的响应)。
将用户添加到Docker容器中以便为在容器中运行的工作人员设置权限的最佳方式是什么?
/ p>我的Docker图像是从官方Ubuntu14.04基础构建的。
下面是运行adduser命令时Dockerfile的输出:
添加用户`uwsgi'...
添加新组`uwsgi'(1000)...
添加新的用户`uwsgi'(1000)与组`uwsgi'...
创建主目录`/ home / uwsgi'...
从`/ etc / skel'复制文件...
[91m输入新的UNIX密码:重新输入新的UNIX密码:[0m
[91mpasswd:验证令牌操纵错误
passwd:密码不变
[0m
[91m使用未初始化值$ answer在/ usr / sbin / adduser行563中。
[0m
[91m使用未初始化值$ answer在模式匹配(m //)在/ usr / sbin / adduser行564
[0m
再试一次? [y / N]
更改uwsgi
的用户信息输入新值,或按ENTER键输入默认值
全名[]:
房间号码[]:工作电话[]:家庭电话[]:其他[]:
[91m使用未初始化的值$ answer在/ usr / sbin / adduser行589.
[0m
[91m使用未初始化的值$ / / usr / sbin / adduser行590中的模式匹配(m //)
[0m
信息是否正确? [Y / n]
---> 258f2f2f13df
删除中间容器59948863162a
步骤5:运行adduser芹菜
--->运行在be06f1e20f64
添加用户`芹菜'...
添加新组`芹菜'(1001)...
添加新的用户`芹菜'(1001)与组`芹菜'。 ..
创建主目录`/ home / celery'...
从`/ etc / skel'复制文件...
[91m输入新的UNIX密码:重新输入新的UNIX密码:[ 0m
[91mpasswd:身份验证令牌操纵错误
passwd:密码不变
[0m
[91m使用未初始化的值$回复/ usr / sbin / adduser行563.
[0m
[91m使用未初始化值$ answer在模式匹配(m //)在/ usr / sbin / adduser行564.
[0m
再试一次? [y / N]
更改芹菜的用户信息
输入新值,或按ENTER键输入默认值
全名[]:房间号码[]:工作电话[]:
家庭电话[]:其他[]:
[91m使用未初始化的值$回答/ usr / sbin / adduser行589.
[0m
[91m使用未初始化的值$ / / usr / sbin / adduser行590中的模式匹配(m //)
[0m
信息是否正确? [Y / n]
code> useradd 而不是其交互式包装器 adduser 。
我通常创建用户:
运行useradd -ms / bin / bash newuser
为用户创建一个主目录,并确保bash是默认的shell。
然后您可以添加:
USER newuser
对您的docker文件,WORKDIR / home / newuser
每个命令随后以及交互式会话将以用户 newuser 执行:
docker运行-t -i image
newuser @ 131b7ad86360:〜$
你可能必须在调用用户命令之前给出 newuser 执行您要运行的程序的权限。
使用非 - 出于安全原因,容器内的特权用户是一个好主意。它也有一些缺点。最重要的是,从图像中导出图像的人将不得不切换回root,然后才能使用超级用户权限执行命令。
I have a docker container with some processes (uwsgi and celery) running inside. I want to create a celery user and a uwsgi user for these processes as well as a worker group that they will both belong to, in order to assign permissions.
I tried adding RUN adduser uwsgi and RUN adduser celery to my Dockerfile, but this is causing problems, since these commands prompt for input (I've posted the responses from the build below).
What is the best way to add users to a Docker container so as to set permissions for workers running in the container?
My Docker image is built from the official Ubuntu14.04 base.
Here is the output from the Dockerfile when the adduser commands are run:
Adding user `uwsgi' ...
Adding new group `uwsgi' (1000) ...
Adding new user `uwsgi' (1000) with group `uwsgi' ...
Creating home directory `/home/uwsgi' ...
Copying files from `/etc/skel' ...
[91mEnter new UNIX password: Retype new UNIX password: [0m
[91mpasswd: Authentication token manipulation error
passwd: password unchanged
[0m
[91mUse of uninitialized value $answer in chop at /usr/sbin/adduser line 563.
[0m
[91mUse of uninitialized value $answer in pattern match (m//) at /usr/sbin/adduser line 564.
[0m
Try again? [y/N]
Changing the user information for uwsgi
Enter the new value, or press ENTER for the default
Full Name []:
Room Number []: Work Phone []: Home Phone []: Other []:
[91mUse of uninitialized value $answer in chop at /usr/sbin/adduser line 589.
[0m
[91mUse of uninitialized value $answer in pattern match (m//) at /usr/sbin/adduser line 590.
[0m
Is the information correct? [Y/n]
---> 258f2f2f13df
Removing intermediate container 59948863162a
Step 5 : RUN adduser celery
---> Running in be06f1e20f64
Adding user `celery' ...
Adding new group `celery' (1001) ...
Adding new user `celery' (1001) with group `celery' ...
Creating home directory `/home/celery' ...
Copying files from `/etc/skel' ...
[91mEnter new UNIX password: Retype new UNIX password: [0m
[91mpasswd: Authentication token manipulation error
passwd: password unchanged
[0m
[91mUse of uninitialized value $answer in chop at /usr/sbin/adduser line 563.
[0m
[91mUse of uninitialized value $answer in pattern match (m//) at /usr/sbin/adduser line 564.
[0m
Try again? [y/N]
Changing the user information for celery
Enter the new value, or press ENTER for the default
Full Name []: Room Number []: Work Phone []:
Home Phone []: Other []:
[91mUse of uninitialized value $answer in chop at /usr/sbin/adduser line 589.
[0m
[91mUse of uninitialized value $answer in pattern match (m//) at /usr/sbin/adduser line 590.
[0m
Is the information correct? [Y/n]
The trick is to use useradd instead of its interactive wrapper adduser.
I usually create users with:
RUN useradd -ms /bin/bash newuser
which creates a home directory for the user and ensures that bash is the default shell.
You can then add:
USER newuser
WORKDIR /home/newuser
to your dockerfile. Every command afterwards as well as interactive sessions will be executed as user newuser:
docker run -t -i image
newuser@131b7ad86360:~$
You might have to give newuser the permissions to execute the programs you intend to run before invoking the user command.
Using non-privileged users inside containers is a good idea for security reasons. It also has a few drawbacks. Most importantly, people deriving images from your image will have to switch back to root before they can execute commands with superuser privileges.
这篇关于将用户添加到Docker Container的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
