Docker以root身份安装卷 [英] Docker mount a volume as root
问题描述
问题描述
我有一个Docker镜像,正在使用卷安装选项执行大量次数。它的内置方式使默认用户没有root权限。然而,我需要确保当我挂载卷时,它被安装为 root
,而不是作为当前工作的用户因为安全性问题。 (不能允许当前工作的非root用户删除已装载卷中的任何文件。)
I have a Docker image, which is being executed with volume mounting options a large number of times. It is built in a way so that the default user does not have root permissions. However I need to make sure that when I mount the volume it is being mounted as root
and not as the current working user because of security concerns. (The current working non-root user must not be allowed to delete any files inside the mounted volume.)
示例
从主机:
docker run -it -v /路径/到/ mount:/ container / mounted / path image-name
容器内 current-user @ docker-container
:
/ container / mounting / path中的所有文件
必须具有所有者权限根根
而不是 current-user current-user
。 p>
All of the files inside /container/mounting/path
must have owner permissions root root
and not current-user current-user
.
推荐答案
只要确保 / path / to / mount
的权限是设置为 root:root
,你应该是好的。
Just make sure that the permissions on /path/to/mount
are set to root:root
and you should be good.
像这样,我正在安装/ sbin它具有root权限:本地机器上的root权限。
Like this for example, I'm mounting /sbin which has root:root permissions on my local machine.
current-user@hostmachine:/sbin$ docker run -it -v /sbin:/home/sbin centos:6.6 /bin/bash
[root@e9e21b0f36c7 /]#
[root@e9e21b0f36c7 ~]# adduser current-user
[root@e9e21b0f36c7 ~]# su current-user -
[current-user@e9e21b0f36c7 root]$ cd
[current-user@e9e21b0f36c7 home]$ cd sbin
[current-user@e9e21b0f36c7 sbin]$ touch file
touch: cannot touch `file': Permission denied
[current-user@e9e21b0f36c7 sbin]$
这篇关于Docker以root身份安装卷的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!