, CTO yedu, inoda, inoshingaira inoshandisa uye inosimudzira Docker. Mune chinyorwa chitsva, anotsanangura maitiro ekugadzira vashandisi muDocker. Rora basa navo, nei vashandisi vasingafanire kusiiwa vaine kodzero dzemidzi uye nzira yekugadzirisa dambudziko rezviratidziro zvisina kufananidzwa muDockerfile.
Maitiro ese ari mumudziyo anomhanya semudzi wemushandisi, kunze kwekunge iwe wautsanangura nenzira yakakosha. Izvi zvinoita sezviri nyore, nekuti mushandisi uyu haana zvirambidzo. Ichi ndicho chikonzero kushanda semudzi kwakaipa kubva pakuchengetedza maonero. Kana pasina munhu ane pfungwa dzakakwana anoshanda pakombuta yemuno ane kodzero dzemidzi, saka vazhinji vanomhanyisa maitiro pasi pemidzi mumidziyo.
Kune nguva dzose tsikidzi dzinobvumira malware kutiza kubva mumudziyo uye kupinda pakombiyuta inotambira. Tichifunga zvakanyanya, isu tinofanirwa kuona kuti maitiro mukati memudziyo anofambiswa nemushandisi asina kodzero pamushini wekutambira.
Kugadzira mushandisi
Kugadzira mushandisi mumudziyo hakuna kusiyana nekuigadzira muLinux kugovera. Nekudaro, iyo mirairo inogona kusiyanisa kune akasiyana base mifananidzo.
Kune debian-based distributions, unofanirwa kuwedzera zvinotevera kuDockerfile:
RUN groupadd --gid 2000 node
&& useradd --uid 2000 --gid node --shell /bin/bash --create-home nodeKune alpine:
RUN addgroup -g 2000 node
&& adduser -u 2000 -G node -s /bin/sh -D node
Kumhanya maitiro kubva kumushandisi
Kumhanyisa maitiro ese anotevera semushandisi ane UID 2000, mhanya:
USER 2000Kumhanyisa maitiro ese anotevera semushandisi wenode, mhanya:
USER nodeZvimwe mukati .
Kuisa mavhoriyamu
Paunenge uchikwidza mavhoriyamu mukati memudziyo, ipa mushandisi kugona kuverenga uye / kana kunyora mafaera. Kuti uite izvi, iyo UID (GID) yemushandisi mumudziyo uye mushandisi ari kunze kwemudziyo ane mvumo yakakodzera yekuwana faira inofanirwa kuenderana. Muchiitiko ichi, mazita ekushandisa haana basa.
Kazhinji pakombiyuta yeLinux, UID yevashandisi neGID zvakaenzana ne1000. Izvi zviziviso zvinopihwa kune wekutanga mushandisi wekombuta.
Kutsvaga zvitupa zviri nyore:
idIwe uchagamuchira ruzivo rwakakwana nezvemushandisi wako.
Tsiva 2000 kubva pamienzaniso nechiziviso chako uye zvese zvichanaka.
Kugovera UID uye GID kumushandisi
Kana mushandisi akagadzirwa kare, asi iwe unofanirwa kushandura zviziviso, unogona kuzviita seizvi:
RUN usermod -u 1000 node
&& groupmod -g 1000 node
Kana iwe uri kushandisa iyo alpine base image, unofanirwa kuisa iyo mumvuri package:
RUN apk add βno-cache shadowKupfuudza mushandisi ID mukati memudziyo paunenge uchivaka mufananidzo
Kana ID yako uye zvitupa zvevanhu vese vanoshanda pachirongwa ichi mechi, ingo tsanangura iyi ID muDockerfile. Nekudaro, kazhinji maID ID haaenderane.
Nzira yekuzadzisa zvaunoda haina kujeka pakarepo. Kwandiri, ichi chaive chinhu chakanyanya kuoma mukugadzirisa Docker. Vazhinji vashandisi ve docker havazive kuti kune matanho akasiyana muhupenyu hwechifananidzo. Kutanga, mufananidzo wacho unounganidzwa uchishandisa Dockerfile. Paunenge uchimhanyisa mudziyo kubva pamufananidzo, iyo Dockerfile haichashandiswa.
Kusikwa kwemushandisi kunofanirwa kuitika kana mufananidzo wagadzirwa. Izvi zvinoshandawo pakusarudza mushandisi uyo maitiro anotangwa. Izvi zvinoreva kuti isu tinofanira neimwe nzira kupfuudza iyo UID (GID) mukati memudziyo.
Madhairekitori anoshandiswa kushandisa ekunze akasiyana muDockerfile ΠΈ . Kuenzanisa kwakadzama kwemirairo .
dockerfile
ARG UID=1000
ARG GID=1000
ENV UID=${UID}
ENV GID=${GID}
RUN usermod -u $UID node
&& groupmod -g $GID node
Unogona kupfuudza nharo kuburikidza ne docker-compose seizvi:
docker-compose
build:
context: ./src/backend
args:
UID: 1000
GID: 1000
PS Kugona zvese zvakaomarara zveDocker, hazvina kukwana kuverenga zvinyorwa kana zvinyorwa. Iwe unofanirwa kudzidzira zvakanyanya, iwe unofanirwa kunzwa kune Docker.
Source: www.habr.com