我正在尝试使用远程 - 容器扩展为Visual Studio代码,但是当我"在容器中打开文件夹"时,我会收到此错误:
Run: docker exec 0d0c1eac6f38b81566757786f853d6f6a4f3a836c15ca7ed3a3aaf29b9faab14 /bin/sh -c set -o noclobber ; mkdir -p '/home/appuser/.vscode-server/data/Machine' && { > '/home/appuser/.vscode-server/data/Machine/.writeMachineSettingsMarker' ; } 2> /dev/null
mkdir: cannot create directory ‘/home/appuser’: Permission denied
我的dockerfile使用:
FROM python:3.7-slim
...
RUN useradd -ms /bin/bash appuser
USER appuser
我也尝试了:
RUN adduser -D appuser
RUN groupadd -g 999 appuser &&
useradd -r -u 999 -g appuser appuser
USER appuser
如果我直接构建它们。我该如何工作?
对我有用的是在我的dockerfile中创建一个非根用户,然后配置VS Code Dev容器以使用该用户。
步骤1.在您的Docker Image中创建非根用户
ARG USER_ID=1000
ARG GROUP_ID=1000
RUN groupadd --system --gid ${GROUP_ID} MY_GROUP &&
useradd --system --uid ${USER_ID} --gid MY_GROUP --home /home/MY_USER --shell /sbin/nologin MY_USER
步骤2.在项目的根部配置.devcontainer/devcontainer.json文件(在启动远程开发时,应该创建(
"remoteUser": "MY_USER" <-- this is the setting you want to update
如果您使用Docker组合,则可以通过配置.devcontainer/docker-compose.yml配置VS代码将整个容器作为非root用户运行,但是我对上述过程感到满意,因此我没有进一步实验。<<<<<<<<<<<<<<<<<</p>
您可能会通过阅读有关此主题的VS代码文档获得一些其他见解。
进入您的WSL2,并使用命令ID检查您的本地UID(非根(是什么。就我而言,它是uid = 1000(ubuntu(。将您的Dockerfile更改为这样的东西:
# For more information, please refer to https://aka.ms/vscode-docker-python
FROM python:3.8-slim-buster
# Keeps Python from generating .pyc files in the container
ENV PYTHONDONTWRITEBYTECODE=1
# Turns off buffering for easier container logging
ENV PYTHONUNBUFFERED=1
# Install pip requirements
COPY requirements.txt .
RUN python -m pip install -r requirements.txt
WORKDIR /home/ubuntu
COPY . /home/ubuntu
# Creates a non-root user and adds permission to access the /app folder
# For more info, please refer to https://aka.ms/vscode-docker-python-configure-containers
RUN useradd -u 1000 ubuntu && chown -R ubuntu /home/ubuntu
USER ubuntu
# During debugging, this entry point will be overridden. For more information, please refer to https://aka.ms/vscode-docker-python-debug
CMD ["python", "app.py"]