Docker容器中卷的权限错误 | Docker容器中卷的权限错误

本文介绍了Docker容器中卷的权限错误的处理方法，对大家解决问题具有一定的参考价值，需要的朋友们下面随着小编来一起学习吧！

问题描述

我通过本地的docker-machine VM在OSX 10.11中运行Docker 1.8.1。

我有以下docker-compose.yml：

  web：
 build：docker / web 
 ports：
  -  80:80 
  -  8080 ：8080 
卷：
  -  $ PWD / cms：/ srv / cms

我的Dockerfile看起来像这样：

 从高山
 
＃安装nginx和php 
 RUN apk add --update \ 
 nginx \ 
 php \ 
 php-fpm \ 
 php-pdo \ 
 php-json \ 
 php-openssl \ 
 php-mysql \ 
 php-pdo_mysql \ 
 php-mcrypt \ 
 php-ctype \ 
 php- zlib \ 
主管\ 
 wget \ 
 curl \ 
&&& rm -rf / var / cache / apk / * 
 
 RUN mkdir -p / etc / nginx&& \ 
 mkdir -p / etc / nginx / sites-enabled&& \ 
 mkdir -p / var / run / php-fpm&&& \ 
 mkdir -p / var / log / supervisor& amp;& \ 
 mkdir -p / srv / cms 
 
 RUN rm /etc/nginx/nginx.conf 
添加nginx.conf /etc/nginx/nginx.conf 
 ADD thunder.conf /etc/nginx/sites-enabled/thunder.conf 
 
添加nginx-supervisor.ini /etc/supervisor.d/nginx-supervisor.ini 
 
 WORKDIR/ srv / cms
 VOLUME/ srv / cms
 
 EXPOSE 80 
 EXPOSE 8080 
 EXPOSE 22 
 
 CMD [/ usr / bin / supervisord]

当我使用 docker-compose up 一切正常，我的卷被安装在正确的地方。

但是挂载文件夹/ srv / cms中的权限看错了用户为1000，组中的50为容器。网络服务器无法在此文件夹中创建任何文件，因为它与用户root一起运行。

解决方案

1）一般想法：Docker不是流氓。将两个不同的服务放入一个容器是错误的！将其分成两个不同的图像并将它们链接在一起。不要做这个肮脏的图像。

检查并遵循

避免安装不必要的包

每个容器只运行一个进程

最小化层数

如果你这样做：

你将删除你的主管

你可以减少层数

它应该是（例如）：

 从高山
 
运行apk添加--update \ 
 wget \ 
 curl 
运行apk添加--update \ 
 php \ 
 php-fpm \ 
 php-pdo \ 
 php-json \ 
 php-openssl \ 
 php-mysql \ 
 php-pdo_mysql \ 
 php-mcrypt \ 
 php-cty pe \ 
 php-zlib 
运行usermod -u 1000 www-data 
 RUN rm -rf / var / cache / apk / * 
 
 EXPOSE 9000

对于nginx，只要使用默认映像和安装配置即可。
docker-compose文件，如：

  nginx：
 image：nginx 
 container_name：site .dev 
卷：
  -  ./myconf1.conf:/etc/nginx/conf.d/myconf1.conf 
  -  ./myconf2.conf:/etc/nginx/conf.d /myconf2.conf 
  -  $ PWD / cms：/ srv / cms 
 ports：
  - 80:80
 links：
  -  phpfpm 
 phpfpm：
 build：./phpfpm/ 
容器名称：phpfpm.dev 
命令：php5-fpm -F  - 以-to-run-as-root 
卷：
  -  $ PWD / cms：/ srv / cms

2）
添加运行usermod -u 1000 www-data 进入Dockerfile for php容器，它将修复权限问题。

I run Docker 1.8.1 in OSX 10.11 via an local docker-machine VM.

I have the following docker-compose.yml:

web:
    build: docker/web
    ports:
        - 80:80
        - 8080:8080
    volumes:
        - $PWD/cms:/srv/cms

My Dockerfile looks like this:

FROM alpine

# install nginx and php
RUN apk add --update \
    nginx \
    php \
    php-fpm \
    php-pdo \
    php-json \
    php-openssl \
    php-mysql \
    php-pdo_mysql \
    php-mcrypt \
    php-ctype \
    php-zlib \
    supervisor \
    wget \
    curl \
    && rm -rf /var/cache/apk/*

RUN mkdir -p /etc/nginx && \
    mkdir -p /etc/nginx/sites-enabled && \
    mkdir -p /var/run/php-fpm && \
    mkdir -p /var/log/supervisor && \
    mkdir -p /srv/cms

RUN rm /etc/nginx/nginx.conf
ADD nginx.conf /etc/nginx/nginx.conf
ADD thunder.conf /etc/nginx/sites-enabled/thunder.conf

ADD nginx-supervisor.ini /etc/supervisor.d/nginx-supervisor.ini

WORKDIR "/srv/cms"
VOLUME "/srv/cms"

EXPOSE 80
EXPOSE 8080
EXPOSE 22

CMD ["/usr/bin/supervisord"]

When I run everything with docker-compose up everything works fine, my volumes are mounted at the correct place.

But the permissions in the mounted folder /srv/cms look wrong. The user is "1000" and the group is "50" in the container. The webserver could not create any files in this folder, because it runs with the user "root".

解决方案

1) General idea: Docker it is not Vagrant. It is wrong to put two different services into one container! Split it into two different images and link them together. Don't do this shitty image.

Check and follow https://docs.docker.com/engine/userguide/eng-image/dockerfile_best-practices/

Avoid installing unnecessary packages
Run only one process per container
Minimize the number of layers

If you do it:

you will remove your supervisor
your can decrease numbers of layers

It should be something like (example):

FROM alpine

RUN apk add --update \
    wget \
    curl
RUN apk add --update \
    php \
    php-fpm \
    php-pdo \
    php-json \
    php-openssl \
    php-mysql \
    php-pdo_mysql \
    php-mcrypt \
    php-ctype \
    php-zlib
RUN usermod -u 1000 www-data
RUN rm -rf /var/cache/apk/*

EXPOSE 9000

For nginx it is enough to use default image and mount configs.docker-compose file like:

nginx:
  image: nginx
  container_name: site.dev
  volumes:
    - ./myconf1.conf:/etc/nginx/conf.d/myconf1.conf
    - ./myconf2.conf:/etc/nginx/conf.d/myconf2.conf
    - $PWD/cms:/srv/cms
  ports:
    - "80:80"
  links:
   - phpfpm
phpfpm:
  build: ./phpfpm/
  container_name: phpfpm.dev
  command: php5-fpm -F --allow-to-run-as-root
  volumes:
    - $PWD/cms:/srv/cms

2)Add RUN usermod -u 1000 www-data into Dockerfile for php container, it will fix problem with permission.

这篇关于Docker容器中卷的权限错误的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持！