我如何 Docker COPY 作为非 root 用户? [英] How do I Docker COPY as non root?
问题描述
在构建 Docker 映像时,如何将文件COPY 到映像中,以使生成的文件归 root 以外的用户所有?
While building a Docker image, how do I COPY a file into the image so that the resulting file is owned by a user other than root?
推荐答案
适用于 v17.09.0-ce 及更新版本
在 ADD 或 COPY 命令中使用可选标志 --chown=<user>:<group>.
Use the optional flag --chown=<user>:<group> with either the ADD or COPY commands.
例如
COPY --chown=<user>:<group> <hostPath> <containerPath>
--chown 标志的文档现已在 Dockerfile 参考页面上发布.
The documentation for the --chown flag is now live on the main Dockerfile Reference page.
问题 34263 已合并,可在 发布 v17.09.0-ce.
Issue 34263 has been merged and is available in release v17.09.0-ce.
适用于 v17.09.0-ce 之前的版本
Docker 不支持 COPY 作为 root 以外的用户.您需要chown/chmod 文件在 COPY 命令之后.
Docker doesn't support COPY as a user other than root. You need to chown / chmod the file after the COPY command.
示例 Dockerfile:
Example Dockerfile:
from centos:6
RUN groupadd -r myuser && adduser -r -g myuser myuser
USER myuser
#Install code, configure application, etc...
USER root
COPY run-my-app.sh /usr/local/bin/run-my-app.sh
RUN chown myuser:myuser /usr/local/bin/run-my-app.sh &&
chmod 744 /usr/local/bin/run-my-app.sh
USER myuser
ENTRYPOINT ["/usr/local/bin/run-my-app.sh"]
在 v17.09.0-ce 之前,COPY 命令的 Dockerfile 参考说:
Previous to v17.09.0-ce, the Dockerfile Reference for the COPY command said:
所有新文件和目录均使用 0 的 UID 和 GID 创建.
All new files and directories are created with a UID and GID of 0.
<小时>
历史此功能已通过多个 GitHub 问题进行跟踪:6119、9943, 13600, 27303, 28499, 问题 30110.
History This feature has been tracked through multiple GitHub issues: 6119, 9943, 13600, 27303, 28499, Issue 30110.
Issue 34263 是实现可选标志功能和 Issue 467 更新了文档.
Issue 34263 is the issue that implemented the optional flag functionality and Issue 467 updated the documentation.
这篇关于我如何 Docker COPY 作为非 root 用户?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
