Docker以root身份安装卷 [英] Docker mount a volume as root

问题描述

问题描述

我有一个Docker镜像，正在使用卷安装选项执行大量次数。它的内置方式使默认用户没有root权限。然而，我需要确保当我挂载卷时，它被安装为 root ，而不是作为当前工作的用户因为安全性问题。 （不能允许当前工作的非root用户删除已装载卷中的任何文件。）

I have a Docker image, which is being executed with volume mounting options a large number of times. It is built in a way so that the default user does not have root permissions. However I need to make sure that when I mount the volume it is being mounted as root and not as the current working user because of security concerns. (The current working non-root user must not be allowed to delete any files inside the mounted volume.)

示例

从主机：

docker run -it -v /路径/到/ mount：/ container / mounted / path image-name

容器内 current-user @ docker-container ：

/ container / mounting / path中的所有文件必须具有所有者权限根根而不是 current-user current-user 。 p>

All of the files inside /container/mounting/path must have owner permissions root root and not current-user current-user.

推荐答案

只要确保 / path / to / mount 的权限是设置为 root：root ，你应该是好的。

Just make sure that the permissions on /path/to/mount are set to root:root and you should be good.

像这样，我正在安装/ sbin它具有root权限：本地机器上的root权限。

Like this for example, I'm mounting /sbin which has root:root permissions on my local machine.

current-user@hostmachine:/sbin$ docker run -it -v /sbin:/home/sbin centos:6.6 /bin/bash
[root@e9e21b0f36c7 /]# 
[root@e9e21b0f36c7 ~]# adduser current-user
[root@e9e21b0f36c7 ~]# su current-user -
[current-user@e9e21b0f36c7 root]$ cd
[current-user@e9e21b0f36c7 home]$ cd sbin
[current-user@e9e21b0f36c7 sbin]$ touch file
touch: cannot touch `file': Permission denied
[current-user@e9e21b0f36c7 sbin]$

这篇关于Docker以root身份安装卷的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！