泊坞窗:在启动容器时设置运行用户 [英] docker: set running user while launch container
问题描述
我使用官方的golang docker映像来编译go程序,并将生成的可执行文件放在映射到我的主机目录的卷上。
问题是生成的文件docker的用户属于root:root,这很烦人,因为我不想通过sudo运行脚本。
我在寻找解决方案以使docker容器作为非容器运行-root,但是我发现的方法需要更改Dockerfile并将用户添加到映像,例如
OP添加:
我理解原因,因为这正是我要避免的方法:将用户添加到图像中.br
如果我的问题没有解决,我将尝试直接修改容器。
实际上,还有另一种选择,它允许您不修改图像而 not 添加用户: 用户或用户重新映射 (自docker 1.10起)。但是,正如我在此处提到一样,您将需要docker 17.06以避免某些错误。
I use the official golang docker image to compile my go program and put the resulting executable on a volume mapped to my host directory.
The problem is that file generated by docker belongs to root:root, which is very annoying because I do not want to run my script via sudo.
I searched for solutions to make docker container run as non-root, but the method I found need to change Dockerfile and add user to the image, e.g.
http://gbraad.nl/blog/non-root-user-inside-a-docker-container.html
Is there a way to make docker container run as the CURRENT user on host machine, i.e., user A runs this image will generate file belongs to A:A, and user B generate file belongs to B:B, while A and B are both users defined on host machine (i.e. where the volume resides), without the need to add A and B into the image via Dockerfile?
which I made by base alphine-golang plus the git tool), runs on my laptop with the -u arg, but if I run it on an debian virtual machine, it tells me No user exists for uid 1001
Ideally, you would make your own image (based on an existing one) with the right expected ID:
RUN useradd -r -u 1001 -g appuser appuser
USER appuser
See "Understanding how uid and gid work in Docker containers", from Marc Campbell:
The OP adds:
I understand the reason because this is exactly what I try to avoid: add user into the image.
If my problem was not solved, I will try to modify the container directly.
Actually, there is another alternative, which allows you to not modify an image and not add a user: userns or user remap (since docker 1.10). However, as I mention here, you would need docker 17.06 to avoid some bugs.
这篇关于泊坞窗:在启动容器时设置运行用户的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
