Question

在没有非root用户的情况下，从dockerfile耗尽的docker容器正在正常运行，但是当我添加用户时，出现以下错误：

    Initializing database 2019-07-17 21:28:05 0 [Warning] Can't create test file /var/lib/mysql/9e79cb48a1f0.lower-test 2019-07-17 21:28:05 0 [ERROR] mysqld: Can't create/write to file '/var/lib/mysql/aria_log_control' (Errcode: 13 "Permission denied") 2019-07-17 21:28:05 0 [ERROR] mysqld: Got error 'Can't create file' when trying to use aria control file '/var/lib/mysql/aria_log_control' 2019-07-17 21:28:05 0 [ERROR] Plugin 'Aria' init function returned error. 2019-07-17 21:28:05 0 [ERROR] Plugin 'Aria' registration as a STORAGE ENGINE failed. 2019-07-17 21:28:05 0 [ERROR] InnoDB: Operating system error number 13 in a file operation. 2019-07-17 21:28:05 0 [ERROR] InnoDB: The error means mysqld does not have the access rights to the directory. 2019-07-17 21:28:05 0 [ERROR] InnoDB: Operating system error number 13 in a file operation. 2019-07-17 21:28:05 0 [ERROR] InnoDB: The error means mysqld does not have the access rights to the directory. 2019-07-17 21:28:05 0 [ERROR] InnoDB: Cannot open datafile './ibdata1' 2019-07-17 21:28:05 0
 [ERROR] InnoDB: Could not open or create the system tablespace. If you tried to add new data files to the system tablespace, and it failed here, you should now edit innodb_data_file_path in my.cnf back to what it was, and remove the new ibdata files InnoDB created in this failed attempt. InnoDB only wrote those files full of zeros, but did not yet use them in any way. But be careful: do not remove old data files which contain your precious data!

Dockerfile

FROM mariadb:10.3.5

RUN apt-get update & apt-get upgrade -y

ENV MYSQL_USER=user1 \
    MYSQL_PASSWORD=pass5 \
    MYSQL_DATABASE=db \
    MYSQL_ROOT_PASSWORD=XXX



RUN useradd -ms /bin/bash newuser
USER newuser
WORKDIR /home/newuser
RUN sudo chown -R newuser:newuser /var/lib/mysql
ADD . /home/newuser

I would like to see the container to run as non root user

Answer 1

如果您研究Dockerfile的内容，他们已经在Dockerfile中添加了一个无根用户，那么为什么还需要另一个？

# add our user and group first to make sure their IDs get assigned consistently, regardless of whatever dependencies get added
RUN groupadd -r mysql && useradd -r -g mysql mysql

您的这一步也被忽略了，

RUN sudo chown -R newuser:newuser /var/lib/mysql

但是当涉及到正式的docker entrypoint时，它失败了，他们以MySQL用户的身份运行数据库初始化或其他操作，因此新用户将不允许以下文件，因此会挑衅地拒绝权限。 / p>

如果您确实要执行此操作，则必须覆盖docker-entry点，或者可能是dockerfile的一部分。这是官方Dockerfile

的代码形式

rm -rf /var/lib/mysql; \
        mkdir -p /var/lib/mysql /var/run/mysqld; \
        chown -R mysql:mysql /var/lib/mysql /var/run/mysqld; \
    # ensure that /var/run/mysqld (used for socket and lock files) is writable regardless of the UID our mysqld instance ends up having at runtime
        chmod 777 /var/run/mysqld; \

无法以非root用户身份为mariadb镜像运行docker容器

1 个答案: