Docker卷的权限问题 [英] Permissions issue with Docker volumes

问题描述

我想开始使用Docker进行Rails开发，所以我试图将一个骨架我可以使用我的所有应用程序。

I want to start using Docker for my Rails development, so I'm trying to put together a skeleton I can use for all my apps.

但是，我遇到了Docker卷和权限的问题。

However, I've run into an issue with Docker volumes and permissions.

我想将应用程序的目录绑定到容器中，以便将任何更改传播到容器，而无需重新构建。

I want to bind-mount the app's directory into the container, so that any changes get propagated to the container without the need to re-build it.

但是，如果我将它定义为我的 docker-compose.yml 中的一个卷，那么我不能再将目录 c> chown 。我需要目录及其所有内容由应用程序用户拥有，以便Passenger正常工作。

But if I define it as a volume in my docker-compose.yml, I can't chown the directory anymore. I need the directory and all its contents to be owned by the app user in order for Passenger to work correctly.

我读到，不可能 chown 卷。

你知道有任何解决方法吗？

Do you know of any workarounds?

推荐答案

我使用 hacky解决方案来管理我的开发环境的这个问题。 仅在开发环境中使用

I use a hacky solution to manage this problem for my development environments. To use on development environments only!

我用于开发环境的图像包含一个如下所示的脚本：

The images I use for development environments contain a script that looks like this:

#!/bin/sh

# In usr/local/bin/change-dev-id
# Change the "dev" user UID and GID

# Retrieve new ids to apply
NEWUID=$1
NEWGID=$1
if [ $# -eq 2 ]
then
    NEWGID=$2
elif [ $# -ne 1 ]
then
    echo "Usage: change-dev-id NEWUID [NEWGID]"
    echo "If NEWGID is not provided, its value will be the same as NEWUID"
    exit 1
fi

# Retrieve old ids
OLDUID=`id -u dev`
OLDGID=`id -g dev`

# Change the user ids
usermod -u ${NEWUID} dev
groupmod -g ${NEWGID} dev

# Change the files ownership
find / -not \( -path /proc -prune \) -user ${OLDUID} -exec chown -h ${NEWUID} {} \;
find / -not \( -path /proc -prune \) -group ${OLDGID} -exec chgrp -h ${NEWGID} {} \;

echo "UID and GID changed from ${OLDUID}:${OLDGID} to ${NEWUID}:${NEWGID} for \"dev\""
exit 0

在我的基本图像的Docker文件中，我添加它并使其可执行：

In the Dockerfile of my base image, I add it and make it executable:

# Add a script to modify the dev user UID / GID
COPY change-dev-id /usr/local/bin/change-dev-id
RUN chmod +x /usr/local/bin/change-dev-id

然后，我更改装载的文件夹的所有者，而不是改变容器用户的ID，使其与主机上的用户ID相符：

Then, instead of changing the owner of the mounted folder, I change the ID of the container's user to match the ID of my user on the host machine:

# In the Dockerfile of the project's development environment, change the ID of
# the user that must own the files in the volume so that it match the ID of
# the user on the host
RUN change-dev-id 1234

这是非常hacky，但它可以非常方便。

This is very hacky but it can be very convenient. I can own the files of the project on my machine while the user in the container has the correct permissions too.

您可以更新代码，我可以在我的机器上拥有项目的文件，而容器中的用户也拥有正确的权限。的脚本使用您想要的用户名（我的总是dev）或修改它以传递用户名作为参数。

You can update the code of the script to use the username you want (mine is always "dev") or modify it to pass the username as an argument.

这篇关于Docker卷的权限问题的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！