问题
After my container is created with external volume, Permission becomes 1000.
drwxr-x--- 7 1000 1000 4096 Mar 02 01:13 my_domain
Everytime i need to changed it my user. AS docker is installed by root user. How can i avoid this situation ? Can anyone please write something ?
回答1:
With docker host volumes, you will see the UID of the user inside the container used to read and write files on the host, there is no translation of UID/GID between the container and host (that's not a feature of linux bind mounts). There are various workarounds to this, including:
- Just letting the container write files as the different uid/gid. This could give access to random users on the host to the container data, and could result in write errors if the host directory does not have write access for the container user.
- Change the uid of the user created inside the image. This results in a different image per host where you want to run with host mounts.
- Change the uid at run time with something like the
-uflag todocker run. This can result in files inside the image being inaccessible, and the uid inside the container not matching the /etc/passwd file inside the container.
My personal solution to this is to dynamically modify the user inside the container with an entrypoint that starts as root and compares the uid of the container user to the uid of the volume mount. When they differ, I modify the uid of the user in the container and recursively fix any files still belonging to the old uid from the image. The key part of this routine is a fix-perms script in my base image repo. You can see this along with an example of how to modify existing images to use it here: https://github.com/sudo-bmitch/docker-base/ (fix-perms is at bin/fix-perms).
Note that in production, I typically do not run with host volumes and I skip running the entrypoint as root. Named volumes avoid this issue by initializing the directory from the image contents, including permissions and file owners.
回答2:
Don't change it to a user with different UID. The permission might be changed by the container itself when you start it. you may need to review the docker image that you are using in this case.
So let's take mysql-docker for example. when you start it, the permissions will be changed even for the mounted volume in order to work properly otherwise you will face permissions issue because the mysql user is not able to write any data.
Based on weblogic12c tag in your question, I have noticed the following in the Dockerfile of weblogic:
RUN chown oracle:oracle -R /u01
If your data is saved inside the container within the same directory then probably that 1000 represents oracle user inside the container, you can check /etc/passwd inside the container also.
So the UID and GID which is 1000 in your case represents a user inside the container that is being used by the container process and because you don't have a user matches this UID it will appear in a numerical way as you see it. You may create a user with the same UID on the host if you want to. So in order to give 1000 a username and group name you need to do the following:
useradd -U -u 1000 oracle
The above command will create a user called oracle and and a group with same name due to using -U and the UID/GID will be 1000 due to using -u
-u, --uid UID user ID of the new account
-U, --user-group create a group with the same name as the user
Next if you executed the following command on the host you will get a result tells you the user group and the uid/gid:
id oracle
uid=1000(oracle) gid=1000(oracle) groups=1000(oracle)
来源:https://stackoverflow.com/questions/55181247/permission-changed-to-1000-on-local-host-after-docker-container-with-volume-crea