[root@test annabelle]# docker container ls
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
dc0c22555e4a xx.ops.xx.cn/ytc_cloud_scan/box/php "docker-php-entrypoi…" 2 weeks ago Up 2 weeks 9000/tcp, 0.0.0.0:9002->9002/tcp files_php-fpm_1
dda11ec71a2c xx.ops.xx.cn/ytc_cloud_scan/box/mysql "docker-entrypoint.s…" 2 weeks ago Up 2 weeks 0.0.0.0:3306->3306/tcp, 33060/tcp files_mysql-db_1
3f9808303250 xx.ops.xx.cn/ytc_cloud_scan/box/es:5.2.2 "/bin/bash bin/es-do…" 2 weeks ago Up 2 weeks 0.0.0.0:9200->9200/tcp, 9300/tcp files_elasticsearch_1
b557717de77a 4a29303d6783 "/usr/sbin/init" 2 weeks ago Up 2 weeks 0.0.0.0:443->443/tcp, 0.0.0.0:8834->8834/tcp jovial_jennings
8d00e667c223 xx.ops.xx.cn/ytc_cloud_scan/box/nginx "nginx -g 'daemon of…" 2 weeks ago Up 18 hours 0.0.0.0:8009-8010->8009-8010/tcp, 0.0.0.0:10080->10080/tcp, 80/tcp, 0.0.0.0:10443->10443/tcp files_nginx_1
025baed30362 xx.ops.xx.cn/ytc_cloud_scan/box/redis "docker-entrypoint.s…" 2 weeks ago Up 2 weeks 0.0.0.0:6379->6379/tcp files_redis-db_1
进入到nginx容器内, 发现存在用户编号和组编号均为33的用户www-data
[root@test annabelle]# docker exec -it 8d00e667c223 /bin/bash
root@8d00e667c223:/# cat /etc/passwd
root:x:0:0:root:/root:/bin/bash
daemon:x:1:1:daemon:/usr/sbin:/usr/sbin/nologin
bin:x:2:2:bin:/bin:/usr/sbin/nologin
sys:x:3:3:sys:/dev:/usr/sbin/nologin
sync:x:4:65534:sync:/bin:/bin/sync
games:x:5:60:games:/usr/games:/usr/sbin/nologin
man:x:6:12:man:/var/cache/man:/usr/sbin/nologin
lp:x:7:7:lp:/var/spool/lpd:/usr/sbin/nologin
mail:x:8:8:mail:/var/mail:/usr/sbin/nologin
news:x:9:9:news:/var/spool/news:/usr/sbin/nologin
uucp:x:10:10:uucp:/var/spool/uucp:/usr/sbin/nologin
proxy:x:13:13:proxy:/bin:/usr/sbin/nologin
www-data:x:33:33:www-data:/var/www:/usr/sbin/nologin
backup:x:34:34:backup:/var/backups:/usr/sbin/nologin
list:x:38:38:Mailing List Manager:/var/list:/usr/sbin/nologin
irc:x:39:39:ircd:/var/run/ircd:/usr/sbin/nologin
gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/usr/sbin/nologin
nobody:x:65534:65534:nobody:/nonexistent:/usr/sbin/nologin
_apt:x:100:65534::/nonexistent:/bin/false
nginx:x:101:101:nginx user,,,:/nonexistent:/bin/false
root@8d00e667c223:/# exit
exit进入到php-fpm容器内, 发现存在用户编号和组编号均为33的用户www-data
[root@test annabelle]# docker exec -it dc0c22555e4a /bin/bash
root@dc0c22555e4a:/wwwroot# cat /etc/passwd
root:x:0:0:root:/root:/bin/bash
daemon:x:1:1:daemon:/usr/sbin:/usr/sbin/nologin
bin:x:2:2:bin:/bin:/usr/sbin/nologin
sys:x:3:3:sys:/dev:/usr/sbin/nologin
sync:x:4:65534:sync:/bin:/bin/sync
games:x:5:60:games:/usr/games:/usr/sbin/nologin
man:x:6:12:man:/var/cache/man:/usr/sbin/nologin
lp:x:7:7:lp:/var/spool/lpd:/usr/sbin/nologin
mail:x:8:8:mail:/var/mail:/usr/sbin/nologin
news:x:9:9:news:/var/spool/news:/usr/sbin/nologin
uucp:x:10:10:uucp:/var/spool/uucp:/usr/sbin/nologin
proxy:x:13:13:proxy:/bin:/usr/sbin/nologin
www-data:x:33:33:www-data:/var/www:/usr/sbin/nologin
backup:x:34:34:backup:/var/backups:/usr/sbin/nologin
list:x:38:38:Mailing List Manager:/var/list:/usr/sbin/nologin
irc:x:39:39:ircd:/var/run/ircd:/usr/sbin/nologin
gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/usr/sbin/nologin
nobody:x:65534:65534:nobody:/nonexistent:/usr/sbin/nologin
_apt:x:100:65534::/nonexistent:/usr/sbin/nologin
Debian-exim:x:101:101::/var/spool/exim4:/usr/sbin/nologin
www:x:1000:1000::/home/www:/bin/sh
root@dc0c22555e4a:/wwwroot# exit
exit
那么此时的 nignx 和 php-fpm 的启动用户都设置为 www-data, 因为在各自的容器中的 uid 和 gid 都是对的上的。
看下面这段代码发现,挂载到容器内的文件的权限是和宿主机的权限配置一致的。
其中 app 挂载到了容器中
[annabelle@test ~]$ ll /home/docker/app
total 4
drwxrwxrwx 7 root root 120 Dec 26 20:16 zctc_asset_front
drwxrwxrwx 14 root root 4096 Jan 3 12:39 zctc_asset_manage
[root@test annabelle]# docker exec -it dc0c22555e4a /bin/bash
root@dc0c22555e4a:/wwwroot# ls -alh
total 4.0K
drwxrwxrwx 4 root root 55 Dec 26 10:07 .
drwxr-xr-x 1 root root 73 Dec 26 20:17 ..
drwxrwxrwx 7 root root 120 Dec 26 20:16 zctc_asset_front
drwxrwxrwx 14 root root 4.0K Jan 3 12:39 zctc_asset_manage
所以在宿主机上也创建一个 uid 和 gid 和容器中 uid 和 gid 相同的用户,
并且让该用户成为共享文件的所有者,就不会出现权限问题了。