All geek questions in one place

Docker level host permissions

In our internal test environment, we provide CentOS VM from a vSphere-based server. Images are vanilla 7.1 with packages and related configuration to support authentication through LDAP. I have Docker 1.13.1 installed with the OverlayFS driver in the xfs file system.

FROM centos:7
RUN useradd dockeruser
USER dockeruser
VOLUME /data

On the host:

mkdir data
echo "hello from host" > data/host-msg.txt
docker run -ti --rm -v $(pwd)/data:/data testimage bash

Inside the container:

echo "hello from container" > /data/container-msg.txt
bash: /data/container-msg.txt: Permission denied

List of directory contents inside the container:

drwxr-xr-x   2 12345 13000    25 Feb 12 21:36 data
drwxr-xr-x   5 root  root    360 Feb 12 21:36 dev
drwxr-xr-x   1 root  root     62 Feb 12 21:36 etc

The directory datadisplays the name of the owner in uid / gid format, not the username / groupname.

I read many articles and questions describing this behavior, and various strategies to a workaround .

. Fedora 25 . , / , / .

/
    drwxrwxr-x   2 dockeruser dockeruser  4096 Feb 12 04:36 data
    drwxr-xr-x   5 root       root         360 Feb 12 22:00 dev
    drwxr-xr-x   1 root       root        4096 Feb 12 22:00 etc

/data
    -rw-rw-r--   1 dockeruser dockeruser    21 Feb 12 22:04 container-msg.txt

, CentOS 7.1 VM dev- libvirt - uid/gid, , . Just Worked, .

? LDAP - ? - , , ?

, , , , , , CentOS Fedora, - Docker? - , , ( ), ?

+4
1

uid/gid, /_.

, uid/guid (check/etc/passwd). , uid/guid . /os, . stat /. uid/guid

stat /data
stat /path/on/host
0

Source: https://habr.com/ru/post/1669537/

More articles:


All Articles