挂载“命名体积”作为Docker的非根目录 [英] Mount "named volume" as non-root in Docker

问题描述

有没有办法将命名卷作为非root用户安装？我试图避免在每个Dockerfile中运行一个 chown ，但是我需要非root用户可以写入mount，以便能够编写由构建图像

Is there any way to mount a named volume as a non-root user? I am trying to avoid having to run a chown in each Dockerfile but I need the mount to be writable by a non-root user to be able to write the artifacts created by a build in the image

这是我正在尝试的

docker run --rm -it -v /home/bob/dev/:/src/dev -v builds:/mnt/build --name build hilikus/build /bin/bash

但是对于第二个挂载我得到

but for the second mount I get

[user@42f237282128 ~]$ ll /mnt
total 4
drwxr-xr-x 2 root root 4096 Sep 18 19:29 build

我的其他挂载（ / src / dev / ）由用户拥有，而不是通过根，所以它给了我需要的;但是，我没有能够对命名卷做同样的操作。

My other mount (/src/dev/) is owned by user, not by root so it gives what I need; however, I haven't been able to do the same with the named volume.

推荐答案

命名卷初始化为您在该位置的图像，因此您需要在Dockerfile内设置权限：

The named volume initializes to the contents of your image at that location, so you need to set the permissions inside your Dockerfile:

$ cat df.vf-uid
FROM busybox
RUN mkdir -p /data && echo "hello world" > /data/hello && chown -R 1000 /data

$ docker build -t test-vf -f df.vf-uid .
Sending build context to Docker daemon 23.06 MB
Step 1 : FROM busybox
 ---> 2b8fd9751c4c
Step 2 : RUN mkdir -p /data && echo "hello world" > /data/hello && chown -R 1000 /data
 ---> Using cache
 ---> 41390b132940
Successfully built 41390b132940

$ docker run -v test-vol:/data --rm -it test-vf ls -alR /data
/data:
total 12
drwxr-xr-x    2 1000     root          4096 Sep 19 15:26 .
drwxr-xr-x   19 root     root          4096 Sep 19 15:26 ..
-rw-r--r--    1 1000     root            12 Aug 22 11:43 hello

这篇关于挂载“命名体积”作为Docker的非根目录的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！