问题
I've got a Windows Docker container (microsoft/aspnet) that is hosting a simple Web API. The web API accepts files from a form, saves them in a temp folder, does some processing, and then returns the result.
This works fine when deployed locally, but when done in my Docker container, I get a file permissions error on my temp folder (App_Data).
Is there a way to grant the IIS user the code is running as access to this file, or to open up the folder to any user for read/write access?
Current Docker file is below:
FROM microsoft/aspnet
COPY ./Deploy/ /inetpub/wwwroot
RUN mkdir /inetpub/wwwroot/App_Data
Error message snippet I get running API from docker image:
"InnerException":{"Message":"An error has occurred.","ExceptionMessage":"Access to the path 'C:\\inetpub\\wwwroot\\App_Data\\BodyPart_481b6424-f9a5-4608-894d-406145a48445' is denied.","ExceptionType":"System.UnauthorizedAccessException"
It looks like there is a bug open on the aspnet-docker github about this same issue. [link]
In the meantime, it looks like running cacls App_Data /G IIS_IUSRS:F after starting the container fixes the issue temporarily.
回答1:
Unclear why, but cacls doesn't seem to be working when run as part of building the container. Switched to using icacls, and was able to grant the IIS_USRS permissions on the folder.
Line added to dockerfile:
RUN icacls 'C:\inetpub\wwwroot\App_Data' /grant 'IIS_IUSRS:(F)'
来源:https://stackoverflow.com/questions/49459465/container-file-permissions-in-windows-container