建立Docker映像的文件所有权

建立Docker映像的文件所有权

本文介绍了建立Docker映像的文件所有权的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!

问题描述

我想为添加到Docker映像中的文件设置文件权限。我有一个简单的Dockerfile:

I want to set up file permissions for files I add to a docker image. I have this simple Dockerfile:

FROM ubuntu:utopic

WORKDIR /app
RUN groupadd -g 1000 baz && useradd -u 1000 -g baz baz -d /app -s /bin/false
RUN chown baz:baz /app && chmod g+s /app
# want this to be have group baz
ADD foo /app/

使用 docker build -t abc进行构建。其中,<$中有一个 foo 文件c $ c>。创建图像。但是,对 / app / foo 的权限不是我想要的。

Building this with docker build -t abc . where there is a foo file in . creates an image. However, the permissions on /app/foo inside is not what I want.

docker run abc ls -la
total 12
drwxr-xr-x  2 baz  baz  4096 Sep  2 23:21 .
drwxr-xr-x 37 root root 4096 Sep  3 07:27 ..
-rw-rw-r--  1 root root  419 Sep  2 21:43 foo

请注意,文件 foo 不属于组尽管在<$ c上设置了,但是baz $ c> / app 目录。添加文件后,我可以使用 RUN chown -R baz:baz / app ,但这会造成要创建的层的副本(请注意两层的大小)以下):

Note that file foo doesn't belong to group baz despite the setgid bit being set on the /app dir. I could use RUN chown -R baz:baz /app after adding the files, but that casues the a copy of the layer to be created (Note the size of the two layers below):

docker history abc | head -n 3
IMAGE               CREATED              CREATED BY                                      SIZE                COMMENT
b95a3d798873        About a minute ago   /bin/sh -c chown -R baz:baz /app                419 B
7e007196c116        About a minute ago   /bin/sh -c #(nop) ADD file:2b91d9890a9c392390   419 B

要解决此问题并添加文件的所有权正是我想要的?

推荐答案

而不是添加 foo ,您可以将其打包为tar归档文件并为特定的UID / GID设置权限。这是有关操作方法的帖子:

Instead of adding foo directly, you could pack it as a tar-archive and set permissions for a specific UID/GID. Here is a post on how to do it:https://unix.stackexchange.com/questions/61004/force-the-owner-and-group-for-the-contents-of-a-tar-file

之后,您可以将其解压缩到Docker映像中( ADD 自动解压缩)。您应该看到保留的权限没有其他层。

After that you can just untar it within your Docker image (ADD untars automagically). You should see the permissions preserved without an additional layer.

这篇关于建立Docker映像的文件所有权的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持!

07-22 17:39