我运行docker容器,以便从源文件夹提取文件到目标文件夹。源文件夹位于我的用户的主目录中,因此从中读取或写入没有问题。而目标文件夹只能由非rootuser访问。
当我用非rootuser运行docker容器时,我无法在容器的文件夹中写入(权限被拒绝)。另一方面,当我用用户运行容器时,我无法写入目标文件夹。
设置我像这样创建图像
docker build -t lftp .
基于以下Dockerfile:
Dockerfile
FROM debian:10
RUN apt-get update && apt-get -y upgrade
RUN apt-get -y install lftp dos2unix man
# Adding the scripts
COPY scripts /scripts
WORKDIR /work
# Adding the nonrootuser and his uid (`id -u nonrootuser`)
RUN useradd -u 47001 nonrootuser && mkhomedir_helper nonrootuser
然后运行容器,同时绑定以下卷:
- download_folder
- destination_folder & lt;→此文件夹需要由非rootuser 访问。
docker run -ti --rm --name=lftp_untar -u `id -u nonrootuser`:`id -g nonrootuser` -v ${download_folder}:/source -v ${destination_folder}:/target lftp bash /scripts/execute_untar.sh /source /target
地点:
execute_untar.sh
#!/bin/bash
source=$1
target=$2
if [ ! -d $source ]; then
echo Can't access $source
exit 1
fi
if [ ! -d $target ]; then
echo Can't access $target
exit 1
fi
if [ ! -w $target ]; then
echo Can't write to $target
exit 1
fi
# Then Read files from /scripts and /work folder
exclude_file=$(readlink -f /scripts/exclude.txt)
log_file=$(readlink -f untar.log)
access denied的问题在于当您挂载目录时=>
-v ${destination_folder}:/target
-v ${download_folder}:/source
从容器环境的角度来看,需要root权限。我可以在docker映像中控制绑定挂载卷的所有者吗?
我建议在运行容器时将目标、源文件夹挂载在nonrootuser主目录下,以便match它们的权限。通过这种方式,您将获得所需的写访问
docker run -ti --rm --name=lftp_untar -u `id -u nonrootuser`:`id -g nonrootuser` -v ${download_folder}:/home/nonrootuser/source -v ${destination_folder}:/home/nonrootuser/target lftp bash /scripts/execute_untar.sh /home/nonrootuser/source /home/nonrootuser/target