问题
So, I'm trying to get into creating docker images and I managed to get one going. It was qBittorrent, everything went fine until it started downloading files. All of qBits' directories are owned by 1000:1000 but as soon as it starts downloading a file, my docker-host machine says that the file folder is owned by root:root.
How can I make sure that everything the container creates is owned by 1000:1000?
I need it to be owned by that because other Docker containers, such as Radarr, need to access the files to import them and right now I'm getting permissions errors.
I've tried doing a chown -r and setgid on the host machine but the files keep getting created and owned by root...
I'm open to all suggestions :) Thanks!
My Dockerfile:
https://github.com/TheCreatorzOne/qbittorrent/blob/master/Dockerfile
回答1:
Managed to get it fixed up. The fix included adding a new user using the Dockerfile . The user automatically receives 1000:1000 as UID and GID but that can be swapped for others if so desired...
The Dockerfile is then run as the user with the USER command
All the directories the USER uses need to be chown -R and to be chmod 2775 -R (or any other, but either 2 or 4 in front so that they inherit permissions from the host folder)
Also make sure that you expose and create all needed volumes or else qbittorrent will not start. Creating a /Downloads/temp was essential here or else it gave an error because it couldn’t create its own because it’s not running as root.
The Dockerfile is available here: https://github.com/TheCreatorzOne/qbittorrent/blob/master/Dockerfile
The Ansible file is used in the PlexGuide Automation Project, so it is available to look at there.
回答2:
It depends on your docker run command.
I suggested here to mount host folders to the volumes declared in your image.
But if the issue persists, that could mean the command itself does some operation as root (through sudo commands)
For testing, you can experiment with userns (docker 17.06 or more).
See "Isolate containers with a user namespace":
- create a
/etc/subuidand/etc/subgidwith an id of a known local host user. launch your docker daemon with that user mapped:
dockerd --userns-remap="testuser:testuser"
And check that the files previously created as root in your hosted volumes are actually now owned by that mapped user.
来源:https://stackoverflow.com/questions/50317119/docker-container-creating-directories-owned-by-root-i-need-them-owned-by-10001