Dockerfile中的变量似乎被认可了吗?
我正在使用DockFile构建图像。我想通过命令行设置容器的用户名,以避免权限问题。
DockFile如下所示,我使用了user_name,group_id的变量。但是当我构建时,问题不断出现。 错误是:groupAdd:option' - gid'需要一个参数 我猜想$ {group_id}和$ {user_name}都被识别为空字符串,但是在创建容器时,不应该分配它们的值吗? 我已经搜索了一些示例,并且根据示例,我不太了解问题在哪里?
请帮我! 谢谢!
FROM matthewfeickert/docker-python3-ubuntu:latest
ARG USER_NAME
ARG USER_ID
ARG GROUP_ID
RUN groupadd -r --gid ${GROUP_ID} ${USER_NAME}
RUN useradd --no-log-init -r -g ${GROUP_ID} -u ${USER_ID} ${USER_NAME}
USER ${USER_NAME}
WORKDIR /usr/local/src
I am building an image using Dockfile. I would like to set the Username of the container via the command line to avoid permission issues.
The Dockfile is shown below, I used the variables of USER_NAME, GROUP_ID. But when I build, the problem keeps appearing.
The error is: groupadd: option '--gid' requires an argument
I'm guessing that both ${GROUP_ID} and ${USER_NAME} are recognized as empty strings, but shouldn't they be assigned values when the container is created?
I've googled a few examples and based on the examples, I don't quite see where the problem is?
Please help me!
Thanks!
FROM matthewfeickert/docker-python3-ubuntu:latest
ARG USER_NAME
ARG USER_ID
ARG GROUP_ID
RUN groupadd -r --gid ${GROUP_ID} ${USER_NAME}
RUN useradd --no-log-init -r -g ${GROUP_ID} -u ${USER_ID} ${USER_NAME}
USER ${USER_NAME}
WORKDIR /usr/local/src
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(2)
运行容器时,您可以使用
Docker Run -U选项指定任意用户ID。这不需要图像中的任何特殊设置。在容器的
/etc/passwd文件中,用户ID不存在,但是除了某些化妆品问题外,还没有任何后果,还没有交互式调试外壳的提示。典型的用途是使您的容器访问绑定的数据目录:
我通常建议将特定的用户ID传递到图像构建中。这将使用户ID“烘烤”,并且如果有人想运行图像,则必须重建图像。
设置一些非root用户通常是一个好习惯,但是只要它不是零,它的用户ID就无关紧要。反过来,通常也是一个很好的做法,最好将大部分应用程序源代码保留由根用户拥有,以便该应用程序不能意外地覆盖本身。
此设置仍将与最初显示的扩展
Docker Run命令一起使用:Docker Run -V选项将导致容器的/data目录在主机上的数字UID所有者上(希望)匹配Docker Run -Uuid。When you run the container, you can specify an arbitrary user ID with the
docker run -uoption.This doesn't require any special setup in the image. The user ID won't exist in the container's
/etc/passwdfile but there aren't really any consequences to this, beyond some cosmetic issues with prompts in interactive debugging shells.A typical use of this is to give your container access to a bind-mounted data directory:
I'd generally recommend not passing a specific user ID into your image build. This would make the user ID "baked in", and if someone with a different host uid wanted to run the image, they'd have to rebuild it.
It's often a good practice to set up some non-root user, but it doesn't matter what its user ID is so long as it's not zero. In turn, it's also typically a good practice to leave most of your application source code owned by the root user so that the application can't accidentally overwrite itself.
This setup will still work with the extended
docker runcommand shown initially: thedocker run -voption will cause the container's/datadirectory to take on its numeric uid owner from the host, which (hopefully) matches thedocker run -uuid.您可以通过如下所示传递构建ARG。
另外,作为最佳实践,请考虑在ARGS中添加默认阀。因此,如果用户未指定ARG,则将选择默认值。
You can pass the build args as shown below.
Also, as a best practice consider adding default vales to the args. So if the user doesn't specify the args the default values will be picked.