我知道无法更改通过卷共享的文件的权限,因为默认情况下,并且据我了解,docker容器的权限反射(reflect)了主机的权限,但是,这不会发生就我而言, docker 只是将所有文件的权限更改为755,某些文件必须具有特定权限。
主办:
Docker容器:
Docker文件:
FROM ubuntu:18.04
ARG DEBIAN_FRONTEND=noninteractive
#Updating operating system
RUN apt-get update && apt-get -y upgrade && apt-get -y dist-upgrade
##Installing essential packages
RUN apt-get -y install apt-utils software-properties-common curl bash-completion vim git supervisor
## Add Scripts
ADD ./start.sh /start.sh
EXPOSE 80
STOPSIGNAL SIGTERM
#CMD ["/start.sh"]
ENTRYPOINT echo $XDEBUG_CONFIG >> /etc/php/7.3/fpm/php.ini && service php7.3-fpm start && nginx -g "daemon off;"
docker-compose.yml
volumes:
- ${DOCUMENT_ROOT-./www}:/usr/share/nginx/html
- ${VHOSTS_DIR-./config/nginx/sites-enabled}:/etc/nginx/sites-enabled
- ${PHP_INI-./config/php/php.ini}:/etc/php/7.3/fpm/conf.d/php.ini
- ${LOG_DIR-./logs/nginx}:/var/log/nginx
最佳答案
你的假设
I know that it is impossible to change the permissions of a file shared via volume
仅部分正确,实际上存在一组模式-
:ro
和:rw
-您可以在通过docker-compose挂载卷时使用,如文档中所述:Standard modes are
ro
for read-only andrw
for read-write (default).
资料来源:https://docs.docker.com/compose/compose-file/#short-syntax-3
如果主机使用
:Z
,则还可以使用:z
和selinux
模式。If you use
selinux
you can add thez
orZ
options to modify the selinux label of the host file or directory being mounted into the container. This affects the file or directory on the host machine itself and can have consequences outside of the scope of Docker.
- The
z
option indicates that the bind mount content is shared among multiple containers.- The
Z
option indicates that the bind mount content is private and unshared.Use extreme caution with these options. Bind-mounting a system directory such as
/home
or/usr
with theZ
option renders your host machine inoperable and you may need to relabel the host machine files by hand.
资料来源:https://docs.docker.com/storage/bind-mounts/#configure-the-selinux-label
这是一个示例,在我的主机上,这是我的文件的权限:
~ # ls -la ro rw
ro:
total 0
drwxr-xr-x 3 ben staff 96 May 23 23:06 .
drwxr-xr-x 9 ben staff 288 May 23 23:16 ..
-rw-r--r-- 1 ben staff 0 May 23 23:06 file
rw:
total 0
drwxr-xr-x 3 ben staff 96 May 23 23:06 .
drwxr-xr-x 9 ben staff 288 May 23 23:16 ..
-rwxr-xr-x 1 ben staff 0 May 23 23:06 file
然后用这个docker-compose.yml
version: '3.8'
services:
test:
image: alpine
volumes:
- ./ro:/root/ro:Z
- ./rw:/root/rw:Z
command: sleep 100000000000
这是容器上的结果
~ # ls -la ro rw
ro:
total 4
drwxr-xr-x 3 root root 96 May 23 21:06 .
drwx------ 1 root root 4096 May 23 21:17 ..
-rw-r--r-- 1 root root 0 May 23 21:06 file
rw:
total 4
drwxr-xr-x 3 root root 96 May 23 21:06 .
drwx------ 1 root root 4096 May 23 21:17 ..
-rwxr-xr-x 1 root root 0 May 23 21:06 file
关于php - 如何在容器docker中反射(reflect)主机权限?,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/61975830/