缓存文件的symfony docker权限问题 [英] symfony docker permission problems for cache files

问题描述

我有一个docker-compose的docker的symfony设置，除了当我从控制台运行 cache：clear 以外，webserver无法访问这些文件。

I have a symfony setup for docker with docker-compose which is working well except when i run cache:clear from console, the webserver cant access the files.

我可以通过在控制台和web / app_dev.php中取消注释 umask（0000）; 来规避权限问题，但我想按照推荐运行symfony。

I can circumvent the permission problem by uncommenting umask(0000); in console and web/app_dev.php but i would like to run symfony as recommended.

我做的是旋转容器 docker-compose up

然后我进入容器。容器包含apache，php和通过数据卷的代码。

What i do is spin up the containers docker-compose up
Then i enter the container. The container contains the apache, php and the code via a data volume.

docker exec -i -t apache_1 /bin/bash

显然我以root身份登录，当我运行

Apparently i am logged in as root then and when i run

app/console cache:clear

缓存中的所有文件都属于用户root。 www-data作为webserver用户现在无法访问文件。

all files in cache belong to user root. www-data as webserver user now cant access the files anymore.

我也可以通过以www-data方式登录，然后通过缓存生成的文件来规避这一点：clear到www-data，网络服务器可以访问它们。

I also can circumvent this by logging in as www-data then the files generated by the cache:clear belong to www-data and the webserver can access them.

docker exec -u www-data -i -t apache_1 /bin/bash

但是这不利于我不在bash中，而是在 / usr / sbin / nologin 中，没有这样的东西bash_history等等。

But this has the downside that i dont land in bash but in /usr/sbin/nologin and dont have things like bash_history and so on.

搜索周围我发现这是Dockerfile的一部分，以解决权限问题，但对我来说没有影响。

Searching around i found this as part of the Dockerfile to solve the permission issue but it as no effect for me.

RUN usermod -u 1000 www-data

如果我理解正确，则将用户1000切换到www数据，但是当我登录到容器时，这是不成功的，我假设。

If i understand correct this switches the user 1000 to www-data, but as i am root when i login to the container this does not work, i assume.

所以为什么我登录到容器时我 root ，这个 usermod 如何运作？

So why am i root when i login to the container and how is this usermod suppose to work?

docker-compose.yml：

the docker-compose.yml:

proxy:
  image: jwilder/nginx-proxy:latest
  volumes:
    - /var/run/docker.sock:/tmp/docker.sock:ro
  ports:
    - "80:80"
elastic:
  build: docker/elasticsearch
  ports:
    - "9200:9200"
  volumes:
    - data/elasticsearch:/usr/local/elasticsearch/data
apache:
  build: docker/apachephp
  environment:
    - VIRTUAL_HOST=myapp.dev
  volumes:
    - ./code:/var/www/app
    - ./dotfiles/.bash_history:/.bash_history
    - ./logs:/var/www/app/app/logs
  links:
    - elastic
  expose:
    - "80"

推荐答案

我认为更改 www-data s userid给您的主机用户的ID是一个很好的解决方案，因为主机用户的权限相当容易设置。

I'd think changing www-datas userid to your host-user's id is a good solution, as permissions for the host user are fairly easy to setup.

#change www-data`s UID inside a Dockerfile
RUN usermod -u [USERID] www-data 

用户ID 1000是大多数linux系统的默认值afaik ... 501 on mac

您可以运行 id -u

user id 1000 is the default for most linux systems afaik... 501 on mac
you can run id -u on the host system to find out.

然后，您可以登录容器运行symfony comman ds as www-data

You could then log into the container to run symfony commands as www-data

docker exec -it -u www-data [CONTAINER] bash

我想知道如何在容器构建上动态设置userid。
我猜想通过 - build-arg 将其传递给docker-compose将是

I was wondering how you could set the userid dynamically on container build. I guess passing it via --build-arg to docker-compose would be the way

docker-compose build --build-arg USERID=$(id -u)

...但是还没有设法访问Dockerfile中的var。

...but haven't managed to access that var in the Dockerfile yet.

这篇关于缓存文件的symfony docker权限问题的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！