写入共享卷 docker [英] write in shared volumes docker
问题描述
我有一个带有 php 应用程序的 docker
I have a docker with a php application on it
例如我有一个共享量
/home/me/dev/site <=> /var/www/site
我可以在我的主机上写一些东西,它会与容器同步
I can write something in my host, it will be sync with the container
如果我启动
sudo docker exec test touch /var/www/site/test.txt
有效
但是如果我的服务器试图创建一个文件作为 www-data
这将无法正常工作,因为权限.
But if my server is trying to create a file as www-data
this is not working because of the rights.
有没有办法让 www-data
访问我的共享卷?
Is there a way to give access to my shared volumes to www-data
?
我正在使用 boot2docker
I am using boot2docker
推荐答案
(Bind-mounted) Docker 中的卷将保持设置的权限Docker 主机本身.您可以使用它来设置这些权限在容器中使用文件和目录之前.
(Bind-mounted) volumes in Docker will maintain the permissions that are set on the Docker host itself. You can use this to set the permissions on those files and directories before using them in the container.
一些背景;
Linux 中的权限基于用户和组 id ('uid'
/'gid'
).甚至尽管您看到一个用户和组名称作为所有者,但这些名称实际上并不是在 Linux 中很重要,它们只是为了让您更容易查看谁是文件的所有者(从 /etc/passwd
文件中查找).
Permissions in Linux are based on user and group ids ('uid'
/ 'gid'
). Even
though you see a user- and group name as owner, those names aren't actually
important in Linux, they are only there to make it easier for you to see who's the owner of a file (they are looked up from the /etc/passwd
file).
您可以在文件上设置any uid
/gid
;设置这些权限时,用户不必存在.例如;
You can set any uid
/gid
on a file; a user doesn't have to exist when setting those permissions. For example;
touch foobar && sudo chown 1234:5678 foobar && ls -la foobar
# UID and GID are set to 1234 / 5678, even though there's no such user
-rw-rw-r-- 1 1234 5678 0 Mar 25 19:14 foobar
检查权限(容器内外)
如上所述,Docker在使用时维护主机的所有权一卷.此示例显示卷中的权限和所有权是相同的外部和内部容器;
# (First create a dummy site)
mkdir -p volume-example/site && cd volume-example
echo "<html><body>hello world</body></html>" > site/index.html
# Permissions on the Docker host;
ls -n site
# total 4
# -rw-rw-r-- 1 1002 1002 38 Mar 25 19:15 index.html
# And, permissions inside a nginx container, using it as volume;
sudo docker run --rm -v $(pwd)/site:/var/www nginx ls -n /var/www
# total 4
# -rw-rw-r-- 1 1002 1002 38 Mar 25 19:15 index.html
设置权限
如前所述,用户不一定要存在才能使用它们,所以即使我们在 Docker 主机上没有 www-data
用户,我们仍然可以设置正确的权限,如果我们知道容器内该用户的uid"和gid";
Setting the permissions
As explained, a user doesn't have to exist in order to use them, so even if
we don't have a www-data
user on the Docker host, we can still set the correct
permissions if we know the "uid" and "gid" of that user inside the container;
让我们看看容器内的www-data用户的uid和gid是什么;
Let's see what the uid and gid of the www-data user is inside the container;
sudo docker run --rm nginx id www-data
# uid=33(www-data) gid=33(www-data) groups=33(www-data)
在更改权限之前先检查状态.这次我们以用户身份运行 nginx 容器 www-data
;
First check the state before changing the permissions. This time we
run the nginx container as user www-data
;
sudo docker run
--rm
--volume $(pwd)/site:/var/www
--user www-data nginx touch /var/www/can-i-write.txt
# touch: cannot touch `/var/www/can-i-write.txt': Permission denied
接下来设置本地目录的权限,看看是否可以写;
Next, set the permissions on the local directory, and see if we are able to write;
sudo chown -R 33:33 site
sudo docker run
--rm
--volume $(pwd)/site:/var/www
--user www-data nginx touch /var/www/can-i-write.txt
成功!
这篇关于写入共享卷 docker的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!