2
這裏是我做的:權限的碼頭工人拒絕容器,即使用戶有權限
$ docker run -it --rm tomcat:8.5-alpine sh
/usr/local/tomcat # adduser -D -g '' -u 1000 user
/usr/local/tomcat # chown -R user:user $CATALINA_HOME
/usr/local/tomcat # su user -c 'catalina.sh run'
sh: catalina.sh: Permission denied
/usr/local/tomcat # echo $CATALINA_HOME
/usr/local/tomcat
/usr/local/tomcat # ls -la $CATALINA_HOME
total 128
drwxr-xr-x 20 user user 4096 Dec 4 00:47 .
drwxr-xr-x 10 root root 4096 Dec 4 00:47 ..
-rw-r----- 1 user user 57092 Nov 3 21:16 LICENSE
-rw-r----- 1 user user 1723 Nov 3 21:16 NOTICE
-rw-r----- 1 user user 7063 Nov 3 21:16 RELEASE-NOTES
-rw-r----- 1 user user 15946 Nov 3 21:16 RUNNING.txt
drwxr-x--- 2 user user 4096 Dec 4 00:47 bin
drwx------ 2 user user 4096 Dec 4 00:47 conf
drwxr-xr-x 4 user user 4096 Dec 4 00:47 include
drwxr-x--- 2 user user 4096 Dec 4 00:47 lib
drwxr-x--- 2 user user 4096 Nov 3 21:14 logs
drwxr-xr-x 4 user user 4096 Dec 4 00:47 native-jni-lib
drwxr-x--- 2 user user 4096 Dec 4 00:47 temp
drwxr-x--- 12 user user 4096 Dec 4 00:47 webapps
drwxr-x--- 2 user user 4096 Nov 3 21:14 work
/usr/local/tomcat # su user -c 'ls -la /usr/local/tomcat/bin'
ls: can't open '/usr/local/tomcat/bin': Permission denied
total 0
/usr/local/tomcat # su user -c 'ls -la /usr/local/tomcat/include'
total 12
drwxr-xr-x 4 user user 4096 Dec 4 00:47 .
drwxr-xr-x 20 user user 4096 Dec 4 00:47 ..
drwxr-xr-x 2 user user 4096 Nov 17 23:45 apr-1
我不明白爲什麼我的新創建的用戶user無法訪問/usr/local/tomcat/bin,而他可以訪問/usr/local/tomcat/include:user擁有所有用戶的&組的權限在此文件夾bin ...
我已經得到了相同的結果,如果我用勞克--privileged=true(docker run --privileged=true -it --rm tomcat:8.5-alpine sh)碼頭工人,和這個碼頭工人形象似乎並沒有使用SELinux的爲su -c "setenforce 0"給出了錯誤ash: setenforce: not found。
我在Ubuntu 14.04.5 LTS上使用Docker版本1.12.3, build 6b644ec。
這是否對應於bug in Docker with AUFS driver?
你有沒有找到任何解決辦法了嗎? – rideronthestorm
@rideronthestorm悲傷不,我終於以root身份運行Tomcat:https://github.com/anthony-o/SwinGifts/blob/master/run_with_docker.sh#L89。我認爲這是由於Docker帶AUFS驅動的錯誤:https://github.com/moby/moby/issues/24660 –
@rideronthestorm或者在你的情況下它是一個「chmod THEN chown」問題?看到https://github.com/moby/moby/issues/6047#issuecomment-270156862 –