Docker更改了作为卷装载的本地文件的所有者

时间:2019-03-13 20:21:48

标签: docker permissions docker-volume chown owner

我在任何地方都找不到答案,为什么Docker更改了作为卷装载的文件的所有者。在docker run之前:

$ ls -la
total 56
drwxrwxr-x 9 ci ci 4096 Mar 13 21:13 .
drwxrwxr-x 4 ci ci 4096 Mar 13 21:12 ..
-rw-rw-r-- 1 ci ci 1108 Mar 13 21:13 application.yml
drwxrwxr-x 5 ci ci 4096 Mar 13 21:13 ci
drwxrwxr-x 5 ci ci 4096 Mar 13 21:13 config
drwxrwxr-x 3 ci ci 4096 Mar 13 21:13 database
-rw-rw-r-- 1 ci ci 2779 Mar 13 21:13 Dockerfile
drwxrwxr-x 3 ci ci 4096 Mar 13 21:13 docker-stuff
drwxrwxr-x 8 ci ci 4096 Mar 13 21:13 .git
-rw-rw-r-- 1 ci ci  137 Mar 13 21:13 .gitignore
-rwxrwxr-x 1 ci ci 6366 Mar 13 21:13 image.sh

docker run之后:

$ ls -la
total 60
drwxrwxr-x 10 administrator administrator 4096 Mar 13 21:15 .
drwxrwxr-x  4 ci            ci            4096 Mar 13 21:12 ..
-rw-rw-r--  1 administrator administrator 1108 Mar 13 21:13 application.yml
drwxrwxr-x  5 administrator administrator 4096 Mar 13 21:13 ci
drwxrwxr-x  5 ci            ci            4096 Mar 13 21:13 config
drwxrwxr-x  3 administrator administrator 4096 Mar 13 21:13 database
-rw-rw-r--  1 administrator administrator 2779 Mar 13 21:13 Dockerfile
drwxrwxr-x  3 administrator administrator 4096 Mar 13 21:13 docker-stuff
drwxrwxr-x  8 administrator administrator 4096 Mar 13 21:13 .git
-rw-rw-r--  1 administrator administrator  137 Mar 13 21:13 .gitignore
-rwxrwxr-x  1 administrator administrator 6366 Mar 13 21:13 image.sh

完整的docker run命令是:

docker run -d \
             --rm \
             --name "$CONTAINER_NAME" \
             -p "$SHINY_HOST_PORT:3838" \
             -p "$RSTUDIO_HOST_PORT:8787" \
             -v "$DATA_DIR_ON_HOST":"$DATA_DIR_IN_CONTAINER" \
             -v "$CONFIG_DIR_ON_HOST":"$CONFIG_DIR_IN_CONTAINER" \
             -v $(pwd):"/data/" \
             "$DOCKER_IMAGE":"$DOCKER_TAG"

我的用户组是:

$ groups
ci sudo docker administrator

您是否知道为什么会发生?

2 个答案:

答案 0 :(得分:0)

尝试以下命令,该命令添加了--user docker run option来控制容器中运行的进程将使用的 uid gid

docker run -d \
      --rm \
      --name "$CONTAINER_NAME" \
      -p "$SHINY_HOST_PORT:3838" \
      -p "$RSTUDIO_HOST_PORT:8787" \
      -v "$DATA_DIR_ON_HOST":"$DATA_DIR_IN_CONTAINER" \
      -v "$CONFIG_DIR_ON_HOST":"$CONFIG_DIR_IN_CONTAINER" \
      -v $(pwd):"/data/" \
      --user "$(id -u ci):$(getent group ci | cut -d: -f3)" \
      "$DOCKER_IMAGE":"$DOCKER_TAG"

  • id -u ci将获得用户ci
  • uid
  • getent group ci | cut -d: -f3将获得组ci
  • gid

答案 1 :(得分:0)

默认情况下,容器中的权限以root用户身份运行,因此,每次安装卷时,权限都将重置为root用户。请参阅this文章。