写在共享卷码头 [英] write in shared volumes docker

问题描述

我有一个带有php应用程序的码头服务器

我有一个共享卷，例如

  / home / me / dev / site< => / var / www / site 
  

我可以在我的主机上写东西，它将与容器同步

如果我启动

  sudo docker exec test touch / var / www / site / test.txt 
  

它的工作原理

但是如果我的服务器试图创建一个文件作为 www-data 这是不正常的。

有没有办法让我共享的卷访问到 www-data ？

我是在Docker中使用boot2docker

解决方案

（绑定）卷将维护在
上设置的Docker主机的权限本身。您可以使用此功能在容器中使用这些
文件和目录之前设置权限。

某些背景;

Linux中的权限基于用户和组 ids （'uid '/ code> 'GID'）。即使
，尽管您 将用户名和组名称作为所有者，但这些名称在Linux中实际上并不是
，它们只能在使您更容易查看谁是
文件的所有者（他们从 / etc / passwd 文件中查找）。

您可以在文件中设置任何 uid / gid 当
设置这些权限时，用户不必存在。例如;

  touch foobar&& sudo chown 1234：5678 foobar&& ls -la foobar 
 
＃UID和GID设置为1234/5678，即使没有这样的用户
 -rw-rw-r-- 1 1234 5678 0 Mar 25 19:14 foob​​ar 
  

检查权限（容器内外）

如上所述，Docker在使用
a卷时维护主机的所有权。此示例显示，卷中的权限和所有权是在之外的
相同

< pre class =lang-sh prettyprint-override> ＃（首先创建一个虚拟站点）

mkdir -p volume-example / site&& cd volume-example
echo< html>< body> hello world< / body>< / html> > site / index.html

＃Docker主机上的权限;

ls -n site

＃total 4
＃-rw-rw-r-- 1 1002 1002 38 3月25日19:15 index.html

＃另外，一个nginx容器内的权限，使用它作为卷;

sudo docker运行--rm -v $（pwd）/ site：/ var / www nginx ls -n / var / www

＃total 4
＃-rw-rw-r-- 1 1002 1002 38 3月25日19:15 index.html


设置权限

如上所述，用户不必存在才能使用它们，所以即使
我们没有<$在Docker主机上的c $ c> www-data 用户，我们仍然可以设置正确的
权限，如果我们现在该容器中该用户的uid和gid / p>

让我们看看www数据用户的uid和gid是容器内的

  sudo docker run --rm nginx id www-data 
 
＃uid = 33（www-data）gid = 33（www-data）groups = 33（www-data）
  

首先检查状态之前更改权限。这次我们
运行nginx容器作为用户 www-data ;

 
＃touch：can not touch`/var/www/can-i-write.txt'：Permission denied 
  

现在，设置本地目录的权限，看看我们是否可以写;

  sudo chown -R 33:33 site 
 
 sudo docker run \ 
 --rm \ 
 --volume $（pwd）/ site：/ var / www \ 
 --user www-data nginx touch / var / www / can-i-write .txt 
  

成功！

I have a docker with a php application on it

I have a share volume, for example

/home/me/dev/site <=> /var/www/site

I can write something in my host, it will be sync with the container

if I launch

sudo docker exec test touch /var/www/site/test.txt

It works

But if my server is trying to create a file as www-data this is not working because of the rights.

Is there a way to give access to my shared volumes to www-data ?

I am using boot2docker

解决方案

(Bind-mounted) volumes in Docker will maintain the permissions that are set on the Docker host itself. You can use this to set the permissions on those files and directories before using them in the container.

Some background;

Permissions in Linux are based on user and group ids ('uid' / 'gid'). Even though you see a user- and group name as owner, those names aren't actually important in Linux, they are only there to make it easier for you to see who's the owner of a file (they are looked up from the /etc/passwd file).

You can set any uid/gid on a file; a user doesn't have to exist when setting those permissions. For example;

touch foobar && sudo chown 1234:5678 foobar && ls -la foobar

# UID and GID are set to 1234 / 5678, even though there's no such user
-rw-rw-r-- 1 1234 5678 0 Mar 25 19:14 foobar

Checking permissions (inside and outside a container)

As mentioned above, Docker maintains ownership of the host when using a volume. This example shows that permissions and ownership in the volume are the same outside and inside a container;

# (First create a dummy site)

mkdir -p volume-example/site && cd volume-example
echo "<html><body>hello world</body></html>" > site/index.html

# Permissions on the Docker host;

ls -n site

# total 4
# -rw-rw-r-- 1 1002 1002 38 Mar 25 19:15 index.html

# And, permissions inside a nginx container, using it as volume;

sudo docker run --rm -v $(pwd)/site:/var/www nginx ls -n /var/www

# total 4
# -rw-rw-r-- 1 1002 1002 38 Mar 25 19:15 index.html

Setting the permissions

As explained, a user doesn't have to exist in order to use them, so even if we don't have a www-data user on the Docker host, we can still set the correct permissions if we now the "uid" and "gid" of that user inside the container;

Let's see what the uid and gid of the www-data user is inside the container;

sudo docker run --rm nginx id www-data

# uid=33(www-data) gid=33(www-data) groups=33(www-data)

First check the state before changing the permissions. This time we run the nginx container as user www-data;

sudo docker run \
  --rm \
  --volume $(pwd)/site:/var/www \
  --user www-data nginx touch /var/www/can-i-write.txt

# touch: cannot touch `/var/www/can-i-write.txt': Permission denied

Now, set the permissions on the local directory, and see if we are able to write;

sudo chown -R 33:33 site

sudo docker run \
   --rm \
   --volume $(pwd)/site:/var/www \
   --user www-data nginx touch /var/www/can-i-write.txt

Succes!

这篇关于写在共享卷码头的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！