泊坞窗:Unix“谁”命令在容器内不起作用 [英] Docker: unix "who" command doesn't work inside container
问题描述
我有一个Docker映像,其中创建了一个名为建设者的非root用户。
I have a Docker image that has one non-root user created named builder.
本应在容器中运行的应用程序使用unix 谁命令。
The application that supposed to run inside the container uses unix who command.
由于某种原因,它在容器内返回空字符串:
For some reason it returns empty string inside the container:
builder@2dc3831c558b:~$ who
builder@2dc3831c558b:~$
由于实现细节,我不能使用 whoami 。
I cannot use whoami because of implementation details.
(我正在使用Docker 1.6.2在Debian Jessie上)
(I'm using Docker 1.6.2 on Debian Jessie)
编辑(有关为什么使用谁的详细信息):
我使用命令 who 并使用参数 am i ,即我是谁。这假设是要返回首次登录的用户。因此,例如,我是sudo 返回 builder ,而 sudo whoami 返回 root 。
I use the command who with the parameters am i, that is who am i. This suppose to return the user who first made the login. So, for example, sudo who am i returns builder, while sudo whoami returns root.
推荐答案
命令谁 包含诸如 -b :上次系统引导的时间。
The command who includes options like -b: time of last system boot.
由于容器中的所有命令都会转换为对内核的系统调用,因此不会返回任何内容
Since all commands from a container translates into system calls to the kernel, that would not return anything container related, but docker-host related (ie the underlying host).
另请参见" 谁和whoami命令之间的区别: whoami 会显示正在运行的有效用户名 whoami ,
See also "Difference between who and whoami commands": whoami prints effective username of being ran whoami, which is not the same as who (printing information about users who are currently logged in).
问题1854 7 是:
注册表配置存储在客户端中,因此就像
cat〜/ .docker这样简单。 /config.json将为您提供所需的答案。
The registry configuration is stored in the client, so something as simple as
cat ~/.docker/config.jsonwill give you the answer you're looking for.
docker info | grep用户名应该为您提供此信息。
docker info | grep Username should give you this information.
但这与从容器会话中运行命令不同。 id -u 可能更接近。
But that is not the same as running the command from within a container session. id -u might be closer.
默认情况下,由docker守护进程启动容器时,没有直接登录。 br />
作为 Auzias 已评论,只有直接ssh连接(启动登录会话)才允许 who 返回任何东西。但是对于docker,由于 docker exec (用于调试目的)存在(除非确实需要 ,否则保留映像维护器以包含ssh)。
By default, there is no direct loggin when a container is started by the docker daemon.
As Auzias commented, only a direct ssh connection (initiating a login session) would allow who to return anything. But with docker, this is generally not needed since docker exec (for debug purposes) exists (and spare the image maintainer to include ssh unless it is really needed).
这篇关于泊坞窗:Unix“谁”命令在容器内不起作用的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
