缓存文件的symfony docker权限问题 [英] symfony docker permission problems for cache files
问题描述
我有一个docker-compose的docker的symfony设置,除了当我从控制台运行 cache:clear 以外,webserver无法访问这些文件。
I have a symfony setup for docker with docker-compose which is working well except when i run cache:clear from console, the webserver cant access the files.
我可以通过在控制台和web / app_dev.php中取消注释 umask(0000); 来规避权限问题,但我想按照推荐运行symfony。
I can circumvent the permission problem by uncommenting umask(0000); in console and web/app_dev.php but i would like to run symfony as recommended.
我做的是旋转容器 docker-compose up
然后我进入容器。容器包含apache,php和通过数据卷的代码。
What i do is spin up the containers docker-compose up
Then i enter the container. The container contains the apache, php and the code via a data volume.
docker exec -i -t apache_1 /bin/bash
显然我以root身份登录,当我运行
Apparently i am logged in as root then and when i run
app/console cache:clear
缓存中的所有文件都属于用户root。 www-data作为webserver用户现在无法访问文件。
all files in cache belong to user root. www-data as webserver user now cant access the files anymore.
我也可以通过以www-data方式登录,然后通过缓存生成的文件来规避这一点:clear到www-data,网络服务器可以访问它们。
I also can circumvent this by logging in as www-data then the files generated by the cache:clear belong to www-data and the webserver can access them.
docker exec -u www-data -i -t apache_1 /bin/bash
但是这不利于我不在bash中,而是在 / usr / sbin / nologin 中,没有这样的东西bash_history等等。
But this has the downside that i dont land in bash but in /usr/sbin/nologin and dont have things like bash_history and so on.
搜索周围我发现这是Dockerfile的一部分,以解决权限问题,但对我来说没有影响。
Searching around i found this as part of the Dockerfile to solve the permission issue but it as no effect for me.
RUN usermod -u 1000 www-data
如果我理解正确,则将用户1000切换到www数据,但是当我登录到容器时,这是不成功的,我假设。
If i understand correct this switches the user 1000 to www-data, but as i am root when i login to the container this does not work, i assume.
所以为什么我登录到容器时我 root ,这个 usermod 如何运作?
So why am i root when i login to the container and how is this usermod suppose to work?
docker-compose.yml:
the docker-compose.yml:
proxy:
image: jwilder/nginx-proxy:latest
volumes:
- /var/run/docker.sock:/tmp/docker.sock:ro
ports:
- "80:80"
elastic:
build: docker/elasticsearch
ports:
- "9200:9200"
volumes:
- data/elasticsearch:/usr/local/elasticsearch/data
apache:
build: docker/apachephp
environment:
- VIRTUAL_HOST=myapp.dev
volumes:
- ./code:/var/www/app
- ./dotfiles/.bash_history:/.bash_history
- ./logs:/var/www/app/app/logs
links:
- elastic
expose:
- "80"
推荐答案
我认为更改 www-data
s userid给您的主机用户的ID是一个很好的解决方案,因为主机用户的权限相当容易设置。
I'd think changing www-data
s userid to your host-user's id is a good solution, as permissions for the host user are fairly easy to setup.
#change www-data`s UID inside a Dockerfile
RUN usermod -u [USERID] www-data
用户ID 1000是大多数linux系统的默认值afaik ... 501 on mac
您可以运行 id -u
user id 1000 is the default for most linux systems afaik... 501 on mac
you can run id -u
on the host system to find out.
然后,您可以登录容器运行symfony comman ds as www-data
You could then log into the container to run symfony commands as www-data
docker exec -it -u www-data [CONTAINER] bash
我想知道如何在容器构建上动态设置userid。
我猜想通过 - build-arg
将其传递给docker-compose将是
I was wondering how you could set the userid dynamically on container build.
I guess passing it via --build-arg
to docker-compose would be the way
docker-compose build --build-arg USERID=$(id -u)
...但是还没有设法访问Dockerfile中的var。
...but haven't managed to access that var in the Dockerfile yet.
这篇关于缓存文件的symfony docker权限问题的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!