Shulou(Shulou.com)06/02 Report--

Today, I will talk to you about how to use non-root users to execute scripts in the docker container. Many people may not know much about it. In order to make you understand better, the editor has summarized the following for you. I hope you can get something from this article.

1. Build an image:

I will use dockerfile to build the image, and the basic image uses ubuntu 14.04 (you need to pull the image first, docker pull ubuntu:14.04). The dockerfile content is as follows

[root@host09 test] # cat Dockerfile

FROM docker.io/ubuntu:14.04

MAINTAINER hepengfei

RUN groupadd hpf-create a user group

RUN useradd-d / data-g hpf-m hpf-create user

RUN su-hpf-c "mkdir-p / data/scripts"

RUN su-hpf-c "mkdir-p / data/logs"

WORKDIR / data/scripts

COPY test.sh / data/scripts/

RUN chown hpf:hpf test.sh

RUN chmod 755 test.sh

ENTRYPOINT su-hpf-c "/ data/scripts/test.sh"-use the created user to run the script

[root@host09 test] #

The script reads as follows:

[root@host09 test] # cat test.sh

While [1 = 1]

Do

Echo `id` > > / data/logs/hpf.log-- output the log to a file and persist it when you start the container

Sleep 1

Done

[root@host09 test] #

Next, let's build an image:

[root@host09 test] # docker build-t hpf:v2.

Sending build context to Docker daemon 3.072 kB

Step 1: FROM docker.io/ubuntu:14.04

-- > c69811d4e993

Step 2: MAINTAINER hepengfei

-- > Using cache

-- > b8401d2eb439

Step 3: RUN groupadd hpf

-- > Using cache

-- > 2e0d20802c41

Step 4: RUN useradd-d / data-g hpf-m hpf

-- > Using cache

-- > bac36ee97aba

Step 5: RUN su-hpf-c "mkdir-p / data/scripts"

-- > Using cache

-- > a92c3f5f8e34

Step 6: RUN su-hpf-c "mkdir-p / data/logs"

-- > Using cache

-- > 2e8665da7092

Step 7: WORKDIR / data/scripts

-- > Using cache

-- > 7cf84a5a8aca

Step 8: COPY test.sh / data/scripts/

-- > 7e4c24de2096

Removing intermediate container f96358d91c35

Step 9: RUN chown hpf:hpf test.sh

-- > Running in fc9ab290c56c

-- > f38afd1ea62c

Removing intermediate container fc9ab290c56c

Step 10: RUN chmod 755 test.sh

-- > Running in a35b507a1527

-- > 5b5223249f4c

Removing intermediate container a35b507a1527

Step 11: ENTRYPOINT su-hpf-c "/ data/scripts/test.sh"

-- > Running in 1ee7cc7fbec7

-- > 26e7d603dbac

Removing intermediate container 1ee7cc7fbec7

Successfully built 26e7d603dbac

[root@host09 test] #

View the built image:

[root@host09 test] # docker images

REPOSITORY TAG IMAGE ID CREATED SIZE

Hpf v2 26e7d603dbac 42 minutes ago 188.3 MB

Docker.io/ubuntu 14.04 c69811d4e993 3 weeks ago 188 MB

[root@host09 test] #

2. Start the container:

Note that before starting the container, you need to change the permissions of the / data/hepf/log directory on the host machine, otherwise, when the container starts, the logs in the script will not have permission to write to this directory. I directly changed the permissions of this directory to 777.

[root@host09 test] # chmod 777 / data/hepf/log

[root@host09 test] # docker run-it-v / data/hepf/log:/data/logs hpf:v2

Now look at the log file in the / data/hepf/log directory:

[root@host09 log] # pwd

/ data/hepf/log

[root@host09 log] # ll

Total 12

-rw-rw-r-- 1 1000 1000 10800 Sep 7 08:02 hpf.log

[root@host09 log] # tail-2 hpf.log

Uid=1000 (hpf) gid=1000 (hpf) groups=1000 (hpf)

Uid=1000 (hpf) gid=1000 (hpf) groups=1000 (hpf)

[root@host09 log] #

As you can see, the owner of the file is the same as the hpf user created in the container:

Hpf@ba688af3f598:~$ id

Uid=1000 (hpf) gid=1000 (hpf) groups=1000 (hpf)

Hpf@ba688af3f598:~$

If another user on the host is the same as the id that created the user in the container, the log file owner on the host will become that user, but no problem has been found for the time being.

[root@host09 log] # cat / etc/passwd | grep hpf1

Hpf1:x:1000:1000::/data1:/bin/bash [root@host09 log] # ll

Total 12

-rw-rw-r-- 1 hpf1 hpf1 11250 Sep 7 08:50 hpf.log

[root@host09 log] #

After reading the above, do you have any further understanding of how to use non-root users to execute scripts in the docker container? If you want to know more knowledge or related content, please follow the industry information channel, thank you for your support.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.