在创建容器时设置Docker映像用户名? [英] Set docker image username at container creation time?
问题描述
我有一个已配置为运行代码的OpenSuse 42.3 Docker映像.该映像具有一个我通过Dockerfile在初始映像生成期间创建的名为"myuser"的用户(root用户除外).我有三个脚本文件,可根据用户所使用的操作系统从映像生成容器.
问题:能否将容器中的用户名"myuser"设置为执行容器生成脚本的用户的用户名?
我的目标是让用户以交互方式弹出到容器中,并能够从容器中运行代码.该代码只是一个执行并具有某些IO的二进制文件,因此我希望可以从容器内访问用户目录,以便他们可以导航到计算机上的文件夹并运行代码以在文件系统中生成输出./p>
以下是我到目前为止构建的内容.我尝试在Linux脚本调用 docker run 的过程中设置USER环境变量,但这并没有将用户从"myuser"更改为"bob"(启动主机的用户名容器).目录的挂载似乎工作正常.我不确定是否有可能实现我的目标.
Linux容器脚本:
username ="$ USER"userID ="$(id -u)"groupID ="$(id -g)"home ="$ {1:-$ HOME}"imageName ="myImage:ImageTag"containerName ="version1Image"docker run -it -d --name $ {containerName} -u $ userID:$ groupID \-e USER = $ {用户名} --workdir ="/home/myuser" \--volume ="$ {home}:/home/myuser" $ {imageName}/bin/bash \ Mac Container脚本:
username ="$ USER"userID ="$(id -u)"groupID ="$(id -g)"home ="$ {1:-$ HOME}"imageName ="myImage:ImageTag"containerName ="version1Image"docker run -it -d --name $ {containerName} \--workdir ="/home/myuser" \--v ="$ {home}:/home/myuser" $ {imageName}/bin/bash \ Windows容器脚本:
ECHO OFFSET imageName ="myImage:ImageTag"SET containerName ="version1Image"docker run -it -d --name%containerName%--workdir ="/home/myuser" -v =%USERPROFILE%:/home/myuser"%imageName%/bin/bash回显已创建容器%containerName%."echo运行./startWindowsLociStream脚本以启动容器" 以下代码已签入 以下是相关Dockerfile中的几行内容: 然后运行它,您只需要将/home/myuser挂载为卷,它将调整入口点的权限.例如: 在该容器内,您可以运行 I have an OpenSuse 42.3 docker image that I've configured to run a code. The image has a single user(other than root) called "myuser" that I create during the initial Image generation via the Dockerfile. I have three script files that generate a container from the image based on what operating system a user is on. Question: Can the username "myuser" in the container be set to the username of the user that executes the container generation script? My goal is to let a user pop into the container interactively and be able to run the code from within the container. The code is just a single binary that executes and has some IO, so I want the user's directory to be accessible from within the container so that they can navigate to a folder on their machine and run the code to generate output in their filesystem. Below is what I have constructed so far. I tried setting the USER environment variable during the linux script's call to Linux Container script: Mac Container script: Windows Container script:
The below code has been checked into https://github.com/bmitch3020/run-as-user. I would handle this in an entrypoint.sh that checks the ownership of /home/myuser and updates the uid/gid of the user inside your container. It can look something like: And here's some lines from a relevant Dockerfile: Then to run it, you just need to mount /home/myuser as a volume and it will adjust permissions in the entrypoint. e.g.: Inside that container you can run 这篇关于在创建容器时设置Docker映像用户名?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
从FROM debian:9ARG GOSU_VERSION = 1.10#以root身份运行,让入口点退回到myuserUSER根#安装prereq debian软件包运行apt获取更新&&DEBIAN_FRONTEND =非交互式apt-get install -y --no-install-recommends \apt-transport-https \ca证书\卷曲vimwget&&易于清洁&&rm -rf/var/lib/apt/lists/*#安装gosuRUN dpkgArch ="$(dpkg --print-architecture | awk -F-'{print $ NF}')" \&&wget -O/usr/local/bin/gosu"https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-$dpkgArch" \&&chmod 755/usr/local/bin/gosu \&&gosu没人真运行useradd -d/home/myuser -m myuserWORKDIR/home/myuser#入口点用于更新uid/gid,然后运行users命令COPY entrypoint.sh/entrypoint.shENTRYPOINT ["/entrypoint.sh"]CMD/bin/sh
$ docker build -t以用户身份运行.$ docker run -it --rm -v $ {pwd):/home/myuser以用户身份运行/bin/bash id 和 ls -l </code>来查看您是否有权访问/home/myuser文件.docker run, but that didn't change the user from "myuser" to say "bob" (the username on the host machine that started the container). The mounting of the directories seems to work fine. I'm not sure if it is even possible to achieve my goal.username="$USER"
userID="$(id -u)"
groupID="$(id -g)"
home="${1:-$HOME}"
imageName="myImage:ImageTag"
containerName="version1Image"
docker run -it -d --name ${containerName} -u $userID:$groupID \
-e USER=${username} --workdir="/home/myuser" \
--volume="${home}:/home/myuser" ${imageName} /bin/bash \
username="$USER"
userID="$(id -u)"
groupID="$(id -g)"
home="${1:-$HOME}"
imageName="myImage:ImageTag"
containerName="version1Image"
docker run -it -d --name ${containerName} \
--workdir="/home/myuser" \
--v="${home}:/home/myuser" ${imageName} /bin/bash \
ECHO OFF
SET imageName="myImage:ImageTag"
SET containerName="version1Image"
docker run -it -d --name %containerName% --workdir="/home/myuser" -v="%USERPROFILE%:/home/myuser" %imageName% /bin/bash
echo "Container %containerName% was created."
echo "Run the ./startWindowsLociStream script to launch container"
#!/bin/sh
set -x
# get uid/gid
USER_UID=`ls -nd /home/myuser | cut -f3 -d' '`
USER_GID=`ls -nd /home/myuser | cut -f4 -d' '`
# get the current uid/gid of myuser
CUR_UID=`getent passwd myuser | cut -f3 -d: || true`
CUR_GID=`getent group myuser | cut -f3 -d: || true`
# if they don't match, adjust
if [ ! -z "$USER_GID" -a "$USER_GID" != "$CUR_GID" ]; then
groupmod -g ${USER_GID} myuser
fi
if [ ! -z "$USER_UID" -a "$USER_UID" != "$CUR_UID" ]; then
usermod -u ${USER_UID} myuser
# fix other permissions
find / -uid ${CUR_UID} -mount -exec chown ${USER_UID}.${USER_GID} {} \;
fi
# drop access to myuser and run cmd
exec gosu myuser "$@"
FROM debian:9
ARG GOSU_VERSION=1.10
# run as root, let the entrypoint drop back to myuser
USER root
# install prereq debian packages
RUN apt-get update \
&& DEBIAN_FRONTEND=noninteractive apt-get install -y --no-install-recommends \
apt-transport-https \
ca-certificates \
curl \
vim \
wget \
&& apt-get clean \
&& rm -rf /var/lib/apt/lists/*
# Install gosu
RUN dpkgArch="$(dpkg --print-architecture | awk -F- '{ print $NF }')" \
&& wget -O /usr/local/bin/gosu "https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-$dpkgArch" \
&& chmod 755 /usr/local/bin/gosu \
&& gosu nobody true
RUN useradd -d /home/myuser -m myuser
WORKDIR /home/myuser
# entrypoint is used to update uid/gid and then run the users command
COPY entrypoint.sh /entrypoint.sh
ENTRYPOINT ["/entrypoint.sh"]
CMD /bin/sh
$ docker build -t run-as-user .
$ docker run -it --rm -v $(pwd):/home/myuser run-as-user /bin/bash
id and ls -l to see that you have access to /home/myuser files.
