权限被拒绝安装现有卷(没有sudo)

时间:2018-02-22 13:02:07

标签: docker docker-volume

以下设置:

我是机器上的username。我在docker组,以便我可以运行docker,它安装在该机器上。

我拼命试图在这台机器上运行jupyter/datascience-notebook,但问题是我无法安全存档,因为用户似乎没有对已安装目录的访问权限。

它应该像这样工作:

docker run -it --rm -p 8888:8888 -v ~/workspaces:/home/jovyan/work/ -e NB_UID=$(id -u) -e NB_GID=$(id -g) -e GRANT_SUDO=yes jupyter/datascience-notebook

但它没有,因为我没有sudo权利。

$ docker run -it --rm -p 8888:8888 -v ~/workspaces:/home/jovyan/work/ -e NB_UID=$(id -u) -e NB_GID=$(id -g) -e GRANT_SUDO=yes jupyter/datascience-notebook
Container must be run as root to set $NB_UID
Container must be run as root to set $NB_GID
Container must be run as root to grant sudo permissions

我打算玩Dockerfile,所以我开始写这个:

FROM jupyter/datascience-notebook

# Use user root
USER root

RUN ls -la ~/
RUN chown -R jovyan:users ~/.local         
RUN chmod -R 1777 ~/.local
RUN ls -la ~/

这就是为什么:下面这个小帮助脚本应该创建图像test-image并在之后运行它。

#!/usr/bin/env python
import os
import subprocess
from notebook.auth import passwd

cmd = 'docker run -it --rm -p 8888:8888 ' \
    '-v ~/workspaces:/home/jovyan/work ' \
    '-v ~/datasets:/home/jovyan/data ' \
    '-e NB_UID=$(id -u) -e NB_GID=$(id -g) -e GRANT_SUDO=yes ' \
    'test-image start.sh jupyter lab ' \
    '--NotebookApp.token=\'\' '

print('Running {}'.format(cmd))


subprocess.call('docker build --rm -t test-image .', shell=True)
subprocess.call(cmd, shell=True)

由于不理解的原因,我得到以下输出:

...
Step 14/16 : RUN ls -la ~/
 ---> Running in ef30926edc1a
total 44
drwsrwsr-x 12 jovyan users 4096 Feb 22 12:59 .
drwxr-xr-x 12 root   root  4096 Feb 22 12:59 ..
-rw-rw-r--  1 jovyan users  220 Aug 31  2015 .bash_logout
-rw-rw-r--  1 jovyan users 3771 Aug 31  2015 .bashrc
drwsrwsr-x  3 jovyan users 4096 Feb 20 11:41 .cache
drwsrwsr-x  3 jovyan users 4096 Feb 20 09:29 .conda
drwsrwsr-x  3 jovyan users 4096 Feb 20 11:41 .config
drwxrwsrwt 11 jovyan users 4096 Feb 22 12:59 .local
-rw-rw-r--  1 jovyan users  655 May 16  2017 .profile
drwsrwsr-x  2 jovyan users 4096 Feb 20 09:28 work
drwsrwsr-x  3 jovyan users 4096 Feb 20 09:38 .yarn
 ---> 2de66bf593f3
Removing intermediate container ef30926edc1a
Step 15/16 : RUN ls -la ~/.local/share
...
Set username to: jovyan
usermod: no changes
Set jovyan UID to: 1006
Set jovyan GID to: 1006
Granting jovyan sudo access and appending /opt/conda/bin to sudo PATH
Executing the command: jupyter lab --NotebookApp.token=
Traceback (most recent call last):
  File "/opt/conda/lib/python3.6/site-packages/traitlets/traitlets.py", line 528, in get
    value = obj._trait_values[self.name]
KeyError: 'runtime_dir'

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
  File "/opt/conda/bin/jupyter-lab", line 6, in <module>
    sys.exit(jupyterlab.labapp.main())
  File "/opt/conda/lib/python3.6/site-packages/jupyter_core/application.py", line 266, in launch_instance
    return super(JupyterApp, cls).launch_instance(argv=argv, **kwargs)
  File "/opt/conda/lib/python3.6/site-packages/traitlets/config/application.py", line 657, in launch_instance
    app.initialize(argv)
  File "<decorator-gen-7>", line 2, in initialize
  File "/opt/conda/lib/python3.6/site-packages/traitlets/config/application.py", line 87, in catch_config_error
    return method(app, *args, **kwargs)
  File "/opt/conda/lib/python3.6/site-packages/notebook/notebookapp.py", line 1366, in initialize
    self.init_configurables()
  File "/opt/conda/lib/python3.6/site-packages/notebook/notebookapp.py", line 1100, in init_configurables
    connection_dir=self.runtime_dir,
  File "/opt/conda/lib/python3.6/site-packages/traitlets/traitlets.py", line 556, in __get__
    return self.get(obj, cls)
  File "/opt/conda/lib/python3.6/site-packages/traitlets/traitlets.py", line 535, in get
    value = self._validate(obj, dynamic_default())
  File "/opt/conda/lib/python3.6/site-packages/jupyter_core/application.py", line 99, in _runtime_dir_default
    ensure_dir_exists(rd, mode=0o700)
  File "/opt/conda/lib/python3.6/site-packages/jupyter_core/utils/__init__.py", line 13, in ensure_dir_exists
    os.makedirs(path, mode=mode)
  File "/opt/conda/lib/python3.6/os.py", line 210, in makedirs
    makedirs(head, mode, exist_ok)
  File "/opt/conda/lib/python3.6/os.py", line 210, in makedirs
    makedirs(head, mode, exist_ok)
  File "/opt/conda/lib/python3.6/os.py", line 220, in makedirs
    mkdir(name, mode)
PermissionError: [Errno 13] Permission denied: '/home/jovyan/.local/share'

那么我发现chmod -R 1777 ~/.local会发生什么事情,因为我认为这可能会帮助我解决您在此输出结尾时看到的Permission denied错误。

我不明白为什么这不起作用。我想要做的就是将现有目录挂载到我的docker容器中,并能够在那里写入文件。

1 个答案:

答案 0 :(得分:0)

虽然使用--user运行Docker容器时出现错误,但是相应容器的Dockerimage没有

USER mynamehere

在其中。 USER root行不是一个好主意,如果您想要一个专用用户,则需要使用另一个用户名(只要不是root用户就无关紧要)。通过添加

可以映射此用户以适合您的本地uid / gui
--user $(id -u):$(id -g) 

到您的docker运行命令行。 之后,应使用主机用户名创建在附加卷中创建的新文件。

注意:我建议通过在USER mynamehere行之前添加此权限,在Dockerfile中为用户mynamehere赋予sudo权限:

RUN apt-get update && apt-get install sudo && \
    adduser --disabled-password --gecos "" udocker && \
    adduser udocker sudo && echo '%sudo ALL=(ALL) NOPASSWD:ALL' >> /etc/sudoers