Zonke izinqubo esitsheni zizosebenza njengomsebenzisi wempande, ngaphandle kokuthi ucacise ngendlela ekhethekile. Lokhu kubonakala kulula kakhulu, ngoba lo msebenzisi akanayo imikhawulo. Yingakho ukusebenza njengempande kungalungile ngokombono wezokuphepha. Uma kungekho muntu onengqondo elungile osebenza ngamalungelo ezimpande kukhompuyutha yendawo, abaningi baqhuba izinqubo ngaphansi kwezimpande ezitsheni.
Kuhlala kukhona iziphazamisi ezizovumela uhlelo olungayilungele ikhompuyutha ukuthi lubaleke esitsheni futhi lungene kukhompuyutha engusokhaya. Uma sicabangela okubi kakhulu, kufanele siqinisekise ukuthi izinqubo ezingaphakathi kwesiqukathi ziqhutshwa umsebenzisi ongenawo amalungelo emshinini wokusingathwa.
Ukudala umsebenzisi
Ukudala umsebenzisi esitsheni akufani nokusidala ekusatshalalisweni kwe-Linux. Nokho, imiyalo ingase yehluke ezithombeni eziyisisekelo ezihlukene.
Ngokusatshalaliswa okususelwa ku-Debian, udinga ukwengeza okulandelayo ku-Dockerfile:
RUN groupadd --gid 2000 node
&& useradd --uid 2000 --gid node --shell /bin/bash --create-home node
Okwe-alpine:
RUN addgroup -g 2000 node
&& adduser -u 2000 -G node -s /bin/sh -D node
Isebenzisa izinqubo ezivela kumsebenzisi
Ukuze usebenzise zonke izinqubo ezilandelayo njengomsebenzisi nge-UID 2000, sebenzisa:
USER 2000
Ukuze usebenzise zonke izinqubo ezilandelayo njengomsebenzisi we-node, sebenzisa:
USER node
Okuningi ku
Ukukhweza amavolumu
Lapho ukhuphula amavolumu ngaphakathi kwesiqukathi, nikeza umsebenzisi ikhono lokufunda kanye/noma ukubhala amafayela. Ukuze wenze lokhu, i-UID (GID) yomsebenzisi osesitsheni kanye nomsebenzisi ongaphandle kwesiqukathi onamalungelo afanelekile okufinyelela ifayela kufanele kufane. Kulesi simo, amagama abasebenzisi awabalulekile.
Ngokuvamile kukhompuyutha ye-Linux, i-UID yomsebenzisi ne-GID zilingana no-1000. Lezi zihlonzi zinikezwa umsebenzisi wokuqala wekhompyutha.
Ukuthola izihlonzi zakho kulula:
id
Uzothola ulwazi oluphelele mayelana nomsebenzisi wakho.
Faka esikhundleni sezibonelo ezingu-2000 ngesihlonzi sakho futhi konke kuzolunga.
Yabela umsebenzisi i-UID ne-GID
Uma umsebenzisi adalwe ngaphambilini, kodwa udinga ukushintsha izihlonzi, khona-ke ungakwenza kanje:
RUN usermod -u 1000 node
&& groupmod -g 1000 node
Uma usebenzisa isithombe sesisekelo se-alpine, udinga ukufaka iphakheji yesithunzi:
RUN apk add βno-cache shadow
Ukudlulisa i-ID yomsebenzisi ngaphakathi kwesiqukathi lapho wakha isithombe
Uma isihlonzi sakho nezihlonzi zabo bonke abantu abasebenza kuphrojekthi zifana, kwanele ukukhombisa lesi sihlonzi ku-Dockerfile. Nokho, ngokuvamile ama-ID omsebenzisi awafani.
Indlela yokufeza lokho okufunayo akucaci ngokushesha. Kimina, lena bekuyingxenye enzima kakhulu yokufunda i-Docker. Abasebenzisi abaningi be-docker abacabangi ngeqiniso lokuthi kunezigaba ezahlukene empilweni yesithombe. Okokuqala, isithombe sihlanganiswa kusetshenziswa i-Dockerfile. Uma usebenzisa isiqukathi esivela esithombeni, i-Dockerfile ayisasetshenziswa.
Ukudalwa komsebenzisi kufanele kwenzeke uma isithombe sakhiwe. Okufanayo kuyasebenza ekunqumeni umsebenzisi lapho izinqubo ziqaliswa ngaphansi kwakhe. Lokhu kusho ukuthi kufanele ngandlela thize sidlule i-UID (GID) ngaphakathi kwesitsha.
Iziqondiso zisetshenziselwa ukusebenzisa okuguquguqukayo kwangaphandle ku-Dockerfile
I-Dockerfile
ARG UID=1000
ARG GID=1000
ENV UID=${UID}
ENV GID=${GID}
RUN usermod -u $UID node
&& groupmod -g $GID node
Ungadlulisa izingxabano nge-docker-compose kanje:
docker-compose
build:
context: ./src/backend
args:
UID: 1000
GID: 1000
P.S. Ukuze wazi zonke izingqinamba ze-Docker, akwanele ukufunda imibhalo noma izindatshana. Udinga ukuzilolonga kakhulu, udinga ukuzwa i-Docker.
Source: www.habr.com