如何将用户添加到Docker容器?
我有一个运行着某些进程(uwsgi和celery)的docker容器。我想为这些进程以及它们都属于的工作组创建一个celery用户和uwsgi用户,以便分配权限。
我尝试将RUN adduser uwsgi和添加RUN adduser
celery到我的Dockerfile中,但这会引起问题,因为这些命令会提示您输入(我已在下面的构建中发布了响应)。
将用户添加到Docker容器以便为在该容器中运行的工作人员设置权限的最佳方法是什么?
我的Docker映像是基于官方Ubuntu14.04构建的。
这是运行adduser命令时Dockerfile的输出:
Adding user `uwsgi' ...Adding new group `uwsgi' (1000) ...
Adding new user `uwsgi' (1000) with group `uwsgi' ...
Creating home directory `/home/uwsgi' ...
Copying files from `/etc/skel' ...
[91mEnter new UNIX password: Retype new UNIX password: [0m
[91mpasswd: Authentication token manipulation error
passwd: password unchanged
[0m
[91mUse of uninitialized value $answer in chop at /usr/sbin/adduser line 563.
[0m
[91mUse of uninitialized value $answer in pattern match (m//) at /usr/sbin/adduser line 564.
[0m
Try again? [y/N]
Changing the user information for uwsgi
Enter the new value, or press ENTER for the default
Full Name []:
Room Number []: Work Phone []: Home Phone []: Other []:
[91mUse of uninitialized value $answer in chop at /usr/sbin/adduser line 589.
[0m
[91mUse of uninitialized value $answer in pattern match (m//) at /usr/sbin/adduser line 590.
[0m
Is the information correct? [Y/n]
---> 258f2f2f13df
Removing intermediate container 59948863162a
Step 5 : RUN adduser celery
---> Running in be06f1e20f64
Adding user `celery' ...
Adding new group `celery' (1001) ...
Adding new user `celery' (1001) with group `celery' ...
Creating home directory `/home/celery' ...
Copying files from `/etc/skel' ...
[91mEnter new UNIX password: Retype new UNIX password: [0m
[91mpasswd: Authentication token manipulation error
passwd: password unchanged
[0m
[91mUse of uninitialized value $answer in chop at /usr/sbin/adduser line 563.
[0m
[91mUse of uninitialized value $answer in pattern match (m//) at /usr/sbin/adduser line 564.
[0m
Try again? [y/N]
Changing the user information for celery
Enter the new value, or press ENTER for the default
Full Name []: Room Number []: Work Phone []:
Home Phone []: Other []:
[91mUse of uninitialized value $answer in chop at /usr/sbin/adduser line 589.
[0m
[91mUse of uninitialized value $answer in pattern match (m//) at /usr/sbin/adduser line 590.
[0m
Is the information correct? [Y/n]
回答:
诀窍是使用useradd而不是其交互式包装器adduser。我通常使用以下方式创建用户:
RUN useradd -ms /bin/bash newuser它为用户创建一个主目录,并确保bash是默认的shell。
然后,您可以添加:
USER newuserWORKDIR /home/newuser
到您的dockerfile。之后的每个命令以及交互式会话都将以用户身份执行newuser:
docker run -t -i imagenewuser@131b7ad86360:~$
newuser在调用用户命令之前,您可能必须授予执行打算运行的程序的权限。
出于安全原因,在容器内使用非特权用户是一个好主意。它还有一些缺点。最重要的是,从您的图像派生图像的人将必须切换回root用户才能执行具有超级用户特权的命令。
以上是 如何将用户添加到Docker容器? 的全部内容, 来源链接: utcz.com/qa/412910.html
