如何处理来自Docker的卷内的权限? [英] How to handle permission inside a volume from docker?

问题描述

我有一个运行PHP应用程序的容器，并且 php-fpm 服务无法在docker卷提供的文件夹内写入缓存文件.

I have a container running a PHP application and the php-fpm service can't write the cache files inside an folder provided by a docker volume.

我从主机上授予了我需要写入的文件夹的777权限，但是它只能工作一段时间.由 php-fpm 创建的文件没有必要的权限.此外，无法使用 chown 命令更改所有者和组.

I gave 777 permissions on the folder I need to write, from the host machine, but it works just for a while. Files created by php-fpm doesn't have necessary permissions. Furthermore it's not possible to change the owner and group with chown command.

这是我的 docker-composer.yml 文件:

web:
    image: eduardoleal/nginx
    external_links:
        - proxy
    links:
        - php:php
    container_name: "app-web"
    environment:
        VIRTUAL_HOST: web.app
    volumes_from:
        - data 
    volumes:
        - ./src/nginx-vhost.conf:/etc/nginx/sites-enabled/default
php:
    image: eduardoleal/php56
    container_name: "app-web-php"
    volumes_from:
        - data
data:
    container_name: "app-web-data" 
    image: phusion/baseimage
    volumes:
        - /Users/eduardo.leal/Code/vidaclass/web:/var/www/public

我正在使用VirtualBox在OSX上运行docker.

I'm running docker on OSX with VirtualBox.

推荐答案

由于拥有文件的 user 和 group 与>用户和 group 修改/读取文件.解决方法是，执行以下Docker(最好使用最新版本)

MacOS has some mounting problems because of the differences in user and group owning the file versus user and group modifying/reading the file. As a workaround, do the following (preferably using the latest version) of Docker,

$ brew install docker-machine-nfs
$ docker-machine start yourdockermachine
$ docker-machine-nfs yourdockermachine --shared-folder=/Users --nfs-config="-alldirs -maproot=0"

您可以根据需要更改您的dockermachine 的名称.此外，您还可以更改要映射的共享文件夹.上面的选项是最好的选择，并且在所有情况下都适用.我建议不要更改此设置，以免弄乱系统文件.

You can change the name of yourdockermachine as you like. Also, you have the ability to change the shared folder you want to map. The above option is the best bet and works in all cases. I would suggest not changing that so that you don't mess around with system files.

完成上述设置后，请确保为文件和文件夹提供适当的读取，写入，执行权限.

After the above setup, make sure you provide appropriate read, write, execute permissions to your files and folders.

注意:以上过程的依赖项为 brew ， docker-machine (或为简便起见，使用完整的docker工具箱)

NOTE: Dependencies for above procedure are brew, docker-machine (or the complete docker toolbox for simplicity)

更新1 : DockerMac Beta 处于私有邀请阶段.它在 xhyve Hypervisor 之上在Mac上本地运行Docker.这将意味着不再有权限错误并提高了性能.

UPDATE 1: Docker for Mac Beta is in private invite phase. It runs Docker natively on Mac on top of xhyve Hypervisor. It would mean, no more permission errors and improved performance.

更新2 :适用于Mac的Docker 现在在公开测试版中.基础技术保持不变，并且VM由Docker服务完全管理.撰写本文时的版本为 1.12.0-rc2 ，该版本可与OS X无缝协作，而无需 docker-machine 的任何干预.

UPDATE 2: Docker for Mac is now in Public Beta. The underlying technology remains the same and the VM is completely managed by the Docker service. The version as of this writing is 1.12.0-rc2 which works seamlessly with OS X without any intervention of docker-machine.

这篇关于如何处理来自Docker的卷内的权限?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！