linux-以非root用户身份在Docker容器中运行nginx会导致权限被拒绝错误

前端之家收集整理的这篇文章主要介绍了linux-以非root用户身份在Docker容器中运行nginx会导致权限被拒绝错误 前端之家小编觉得挺不错的,现在分享给大家,也给大家做个参考。

我有以下Dockerfile

FROM ubuntu:14.04
EXPOSE 8000

# Install Nginx
RUN apt-get update -q \
    && apt-get install --no-install-recommends --no-install-suggests -y -q \
                        Nginx \
    && rm -rf /var/lib/apt/lists/*

COPY ./Nginx.conf /etc/Nginx/
COPY ./index.html /usr/share/Nginx/test/

RUN groupadd -r webgroup \
    && useradd -r -m -g webgroup webuser \
    && touch /run/Nginx.pid \
    && chown -R webuser:webgroup /var/log/Nginx /var/lib/Nginx /run/Nginx.pid 

USER webuser
CMD Nginx

当我运行它时,我在/ var / log / Nginx上被拒绝权限:

mikhails-mbp:test-docker-Nginx mkuleshov$docker run -p 8000:8000 mytest
Nginx: [alert] could not open error log file: open() "/var/log/Nginx/error.log" Failed (13: Permission denied)
2016/10/02 17:02:51 [emerg] 5#0: open() "/var/log/Nginx/access.log" Failed (13: Permission denied)

如果我用bash进入容器,我会看到:

webuser@d190146a0e8d:/var/log/Nginx$ls -la
total 8
drwxr-x--- 2 webuser webgroup 4096 Jun  2 15:16 .
drwxrwxr-x 8 root    syslog   4096 Oct  2 17:02 ..

这怎么可能?在上述会话中,我也无法在该用户下创建文件.

有用的功能删除/ var / log / Nginx并重新创建.但是我不知道为什么会这样.

没有SELinux.

有没有人遇到过类似的事情,或者我做错了什么?

附言这是Docker信息,如果可以帮助您

mikhails-mbp:test-docker-Nginx mkuleshov$docker info
Containers: 179
 Running: 0
 Paused: 0
 Stopped: 179
Images: 901
Server Version: 1.11.2
Storage Driver: aufs
 Root Dir: /mnt/sda1/var/lib/docker/aufs
 Backing Filesystem: extfs
 Dirs: 1109
 Dirperm1 Supported: true
Logging Driver: json-file
Cgroup Driver: cgroupfs
Plugins:
 Volume: local
 Network: bridge null host
Kernel Version: 4.4.12-boot2docker
Operating System: Boot2Docker 1.11.2 (TCL 7.1); HEAD : a6645c3 - Wed Jun  1 22:59:51 UTC 2016
OSType: linux
Architecture: x86_64
cpus: 1
Total Memory: 1.955 GiB
Name: default
ID: 3K5S:3QBN:BXGY:FASS:VG6P:D4CS:UXRK:GYXB:HJQG:SIQH:F6KQ:N4BN
Docker Root Dir: /mnt/sda1/var/lib/docker
Debug mode (client): false
Debug mode (server): true
 File Descriptors: 15
 Goroutines: 32
 System Time: 2016-10-02T17:08:51.355144074Z
 EventsListeners: 0
Username: mkuleshov
Registry: https://index.docker.io/v1/
Labels:
 provider=virtualBox

P.P.S.这是针对该情况的带有配置的测试仓库:@L_301_0@

最佳答案
将您的用户添加到adm组中很可能会解决您的问题.

尝试sudo usermod -aG adm webuser

更多详细信息:https://askubuntu.com/questions/421684/cant-access-apache-error-logs

原文链接:https://www.f2er.com/nginx/532318.html

猜你在找的Nginx相关文章