如何在Docker容器内使用setfacl? [英] How to use setfacl within a Docker container?
问题描述
似乎在容器内文件系统没有安装acl,因此setfacl将无法正常工作。它不会让我重新装载它,我甚至不能运行'df -h'。
It seems like within the container the filesystem is mounted without 'acl', therefore 'setfacl' won't work. And it won't let me remount it either, and I can't even run 'df -h'.
我需要setfacl,因为我使root拥有所有的文件从我的网站,我给网络服务器用户写入权限只有几个目录,如缓存,日志等。
I need setfacl because I make root own all the files from my websites, and I give the webserver user write permissions to only a few directories like cache, logs, etc.
我该怎么办?
推荐答案
好消息是Docker支持ACL。
但是默认情况下,Docker使用AUFS堆栈容器和图像; AUFS不支持ACLS。
The good news is that Docker supports ACLs. But by default Docker uses AUFS to stack container and images ; AUFS doesn't support ACLS.
如果您告诉Docker使用Device Mapper(LVM)进行存储,则可以使用您的容器中的setfacl
。
If you tell Docker to use Device Mapper (LVM) for its storage, you'll be able to use setfacl
in your containers.
使用适当的选项启动Docker守护程序:
Start your Docker daemon with the appropriate option:
docker -d --storage-driver=devicemapper --daemon=true
资料来源: https://groups.google.com/forum/#!topic/docker-user/165AARba2Bk
df -h
不符合其他不相关的原因:它依赖于 / etc / mtab
,默认情况下不存在。在您的容器中,从 procfs
创建一个链接,这将解决这个问题:
df -h
doesn't work for a different and unrelated reason : it relies on /etc/mtab
, not present by default. In your container, create a link from procfs
, that will solve this problem:
ln -s /proc/mounts /etc/mtab
这篇关于如何在Docker容器内使用setfacl?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!