There are three ways to set user and group permissions in docker

Time:2021-7-24

Original text transferred from:There are three ways to set user and group permissions in docker

If you are playingDockerThe developer of must know that the container launched through docker command is used by defaultrootAs the default user and group, there will be a problem here. When you have root permission in the host environment, there is no such problem. If you do not have root permission and need to hang volume in the docker container, you will find that the generated files will be root permission, and you can’t write to the host at this time. This article teaches you three ways to set container user permissions.

Specify the user when using the docker command

When entering the Ubuntu container, the following instructions will be used:

docker run -ti ubuntu /bin/bash

At this time, through-uMethod to transfer user uid and group GID into the container.

mkdir tmp
docker run -ti -v $PWD/tmp:/test \
  -u uid:gid ubuntu /bin/bash

How to find the uid and GID of the current user? You can use the following methods

id -u
id -g

The above instructions can be changed to:

docker run -ti -v $PWD/tmp:/test \
  -u $(id -u):$(id -g) ubuntu /bin/bash

Specify the user using dockerfile

You can also directlydockerfileDirectly designated user within:

# Dockerfile

USER 1000:1000

I personally don’t recommend this method unless you create users independently in the container and specify permissions.

Specify permissions through docker compose

Throughdocker-composeYou can start multiple services at once. useuserYou can specify user permissions to write to a specific volume

services:
  agent:
    image: xxxxxxxx
    restart: always
    networks:
      - proxy
    logging:
      options:
        max-size: "100k"
        max-file: "3"
    volumes:
      - ${STORAGE_PATH}:/data
    user: ${CURRENT_UID}

Then through.envTo specify the value of the variable

STORAGE_PATH=/home/deploy/xxxx
CURRENT_UID=1001:1001

Experience

The user permission will be specified. Usually, you have to mount the host volume into the container, but you don’t have root permission. If you don’t do so, the resulting files will have root permission. Generally, users can’t write and can only read. This method is needed at this time.

This work adoptsCC agreement, reprint must indicate the author and the link to this article

Recommended Today

Hot! Front and rear learning routes of GitHub target 144K

Hello, Sifu’s little friend. I’m silent Wang Er. Last week, while appreciating teacher Ruan Yifeng’s science and technology weekly, I found a powerful learning route, which has been marked with 144K on GitHub. It’s very popular. It covers not only the front-end and back-end learning routes, but also the operation and maintenance learning routes. As […]