[{"data":1,"prerenderedAt":491},["ShallowReactive",2],{"post-docker-user-start":3},{"id":4,"title":5,"author":6,"body":7,"description":477,"draft":478,"extension":479,"image":480,"meta":481,"navigation":85,"path":482,"pinned":478,"published":483,"seo":484,"stem":485,"tags":486,"__hash__":490},"posts\u002Fposts\u002Fdocker-user-start\u002Findex.md","Docker 构建时指定用户启动",null,{"type":8,"value":9,"toc":467},"minimark",[10,14,18,21,26,29,59,63,101,105,112,173,176,422,425,428,460,463],[11,12,13],"h2",{"id":13},"前言",[15,16,17],"p",{},"我们在 Linux 使用应用时，往往不会直接使用 root 用户作为应用启动项，但 Dockerfile 默认就是 root 用户，导致挂载生成的文件路径往往是 root 权限，非 root 用户访问就很不方便。",[11,19,20],{"id":20},"解决方案",[22,23,25],"h3",{"id":24},"_1-安装用户管理工具","1. 安装用户管理工具",[15,27,28],{},"若镜像非自带用户管理：",[30,31,36],"pre",{"className":32,"code":33,"language":34,"meta":35,"style":35},"language-dockerfile shiki shiki-themes github-light github-dark","# 权限管理\nRUN apk add --no-cache shadow\n","dockerfile","",[37,38,39,48],"code",{"__ignoreMap":35},[40,41,44],"span",{"class":42,"line":43},"line",1,[40,45,47],{"class":46},"sHbNN","# 权限管理\n",[40,49,51,55],{"class":42,"line":50},2,[40,52,54],{"class":53},"siTax","RUN",[40,56,58],{"class":57},"sIX_F"," apk add --no-cache shadow\n",[22,60,62],{"id":61},"_2-创建用户并修改权限","2. 创建用户并修改权限",[30,64,66],{"className":32,"code":65,"language":34,"meta":35,"style":35},"# 创建用户组和用户\nRUN addgroup -S \u003Capp_user_group> && adduser -S -G \u003Capp_user_group> \u003Capp_user>\n\n# 修改目录权限\nRUN chown -R \u003Capp_user_group>:\u003Capp_user> \u002Fdata\n",[37,67,68,73,80,87,93],{"__ignoreMap":35},[40,69,70],{"class":42,"line":43},[40,71,72],{"class":46},"# 创建用户组和用户\n",[40,74,75,77],{"class":42,"line":50},[40,76,54],{"class":53},[40,78,79],{"class":57}," addgroup -S \u003Capp_user_group> && adduser -S -G \u003Capp_user_group> \u003Capp_user>\n",[40,81,83],{"class":42,"line":82},3,[40,84,86],{"emptyLinePlaceholder":85},true,"\n",[40,88,90],{"class":42,"line":89},4,[40,91,92],{"class":46},"# 修改目录权限\n",[40,94,96,98],{"class":42,"line":95},5,[40,97,54],{"class":53},[40,99,100],{"class":57}," chown -R \u003Capp_user_group>:\u003Capp_user> \u002Fdata\n",[22,102,104],{"id":103},"_3-指定用户启动","3. 指定用户启动",[15,106,107,108,111],{},"执行 docker 时加 ",[37,109,110],{},"--user"," 参数：",[30,113,117],{"className":114,"code":115,"language":116,"meta":35,"style":35},"language-bash shiki shiki-themes github-light github-dark","docker run -it --user \u003Capp_user> \u003Capp_image>:\u003Cimage_version>\n","bash",[37,118,119],{"__ignoreMap":35},[40,120,121,125,129,133,136,139,142,145,148,150,153,156,158,161,164,167,170],{"class":42,"line":43},[40,122,124],{"class":123},"sw2iP","docker",[40,126,128],{"class":127},"scXbn"," run",[40,130,132],{"class":131},"suQ91"," -it",[40,134,135],{"class":131}," --user",[40,137,138],{"class":53}," \u003C",[40,140,141],{"class":127},"app_use",[40,143,144],{"class":57},"r",[40,146,147],{"class":53},">",[40,149,138],{"class":53},[40,151,152],{"class":127},"app_imag",[40,154,155],{"class":57},"e",[40,157,147],{"class":53},[40,159,160],{"class":127},":",[40,162,163],{"class":53},"\u003C",[40,165,166],{"class":127},"image_versio",[40,168,169],{"class":57},"n",[40,171,172],{"class":53},">\n",[11,174,175],{"id":175},"完整示例",[30,177,179],{"className":32,"code":178,"language":34,"meta":35,"style":35},"FROM alpine:latest\n\n# 国内源\nRUN sed -i 's\u002Fdl-cdn.alpinelinux.org\u002Fmirrors.ustc.edu.cn\u002Fg' \u002Fetc\u002Fapk\u002Frepositories\n\nRUN apk update --no-cache\n# 权限管理\nRUN apk add --no-cache shadow\n# 调试\nRUN apk add --no-cache bash\n# 设置时区\nRUN apk add --no-cache tzdata\n\nENV TZ=Asia\u002FShanghai\n\n# 创建用户组和用户\nRUN addgroup -S glog && adduser -S -G glog glog\n\nCOPY .\u002Fglog_static_musl_1 \u002Fapp\u002F\n\nRUN mkdir \u002Fdata\n\nVOLUME [ \"\u002Fdata\" ]\nWORKDIR \u002Fdata\n\n# 修改权限\nRUN chown -R glog:glog \u002Fdata\nRUN chown -R glog:glog \u002Fapp\n\n# 指定用户启动\nUSER glog\nCMD [ \"\u002Fapp\u002Fglog_static_musl_1\", \"logsweb\", \".\u002Fconf.ini\" ]\n",[37,180,181,189,193,198,211,215,223,228,235,241,249,255,263,268,277,282,287,295,300,309,314,322,327,342,351,356,362,370,378,383,389,398],{"__ignoreMap":35},[40,182,183,186],{"class":42,"line":43},[40,184,185],{"class":53},"FROM",[40,187,188],{"class":57}," alpine:latest\n",[40,190,191],{"class":42,"line":50},[40,192,86],{"emptyLinePlaceholder":85},[40,194,195],{"class":42,"line":82},[40,196,197],{"class":46},"# 国内源\n",[40,199,200,202,205,208],{"class":42,"line":89},[40,201,54],{"class":53},[40,203,204],{"class":57}," sed -i ",[40,206,207],{"class":127},"'s\u002Fdl-cdn.alpinelinux.org\u002Fmirrors.ustc.edu.cn\u002Fg'",[40,209,210],{"class":57}," \u002Fetc\u002Fapk\u002Frepositories\n",[40,212,213],{"class":42,"line":95},[40,214,86],{"emptyLinePlaceholder":85},[40,216,218,220],{"class":42,"line":217},6,[40,219,54],{"class":53},[40,221,222],{"class":57}," apk update --no-cache\n",[40,224,226],{"class":42,"line":225},7,[40,227,47],{"class":46},[40,229,231,233],{"class":42,"line":230},8,[40,232,54],{"class":53},[40,234,58],{"class":57},[40,236,238],{"class":42,"line":237},9,[40,239,240],{"class":46},"# 调试\n",[40,242,244,246],{"class":42,"line":243},10,[40,245,54],{"class":53},[40,247,248],{"class":57}," apk add --no-cache bash\n",[40,250,252],{"class":42,"line":251},11,[40,253,254],{"class":46},"# 设置时区\n",[40,256,258,260],{"class":42,"line":257},12,[40,259,54],{"class":53},[40,261,262],{"class":57}," apk add --no-cache tzdata\n",[40,264,266],{"class":42,"line":265},13,[40,267,86],{"emptyLinePlaceholder":85},[40,269,271,274],{"class":42,"line":270},14,[40,272,273],{"class":53},"ENV",[40,275,276],{"class":57}," TZ=Asia\u002FShanghai\n",[40,278,280],{"class":42,"line":279},15,[40,281,86],{"emptyLinePlaceholder":85},[40,283,285],{"class":42,"line":284},16,[40,286,72],{"class":46},[40,288,290,292],{"class":42,"line":289},17,[40,291,54],{"class":53},[40,293,294],{"class":57}," addgroup -S glog && adduser -S -G glog glog\n",[40,296,298],{"class":42,"line":297},18,[40,299,86],{"emptyLinePlaceholder":85},[40,301,303,306],{"class":42,"line":302},19,[40,304,305],{"class":53},"COPY",[40,307,308],{"class":57}," .\u002Fglog_static_musl_1 \u002Fapp\u002F\n",[40,310,312],{"class":42,"line":311},20,[40,313,86],{"emptyLinePlaceholder":85},[40,315,317,319],{"class":42,"line":316},21,[40,318,54],{"class":53},[40,320,321],{"class":57}," mkdir \u002Fdata\n",[40,323,325],{"class":42,"line":324},22,[40,326,86],{"emptyLinePlaceholder":85},[40,328,330,333,336,339],{"class":42,"line":329},23,[40,331,332],{"class":53},"VOLUME",[40,334,335],{"class":57}," [ ",[40,337,338],{"class":127},"\"\u002Fdata\"",[40,340,341],{"class":57}," ]\n",[40,343,345,348],{"class":42,"line":344},24,[40,346,347],{"class":53},"WORKDIR",[40,349,350],{"class":57}," \u002Fdata\n",[40,352,354],{"class":42,"line":353},25,[40,355,86],{"emptyLinePlaceholder":85},[40,357,359],{"class":42,"line":358},26,[40,360,361],{"class":46},"# 修改权限\n",[40,363,365,367],{"class":42,"line":364},27,[40,366,54],{"class":53},[40,368,369],{"class":57}," chown -R glog:glog \u002Fdata\n",[40,371,373,375],{"class":42,"line":372},28,[40,374,54],{"class":53},[40,376,377],{"class":57}," chown -R glog:glog \u002Fapp\n",[40,379,381],{"class":42,"line":380},29,[40,382,86],{"emptyLinePlaceholder":85},[40,384,386],{"class":42,"line":385},30,[40,387,388],{"class":46},"# 指定用户启动\n",[40,390,392,395],{"class":42,"line":391},31,[40,393,394],{"class":53},"USER",[40,396,397],{"class":57}," glog\n",[40,399,401,404,406,409,412,415,417,420],{"class":42,"line":400},32,[40,402,403],{"class":53},"CMD",[40,405,335],{"class":57},[40,407,408],{"class":127},"\"\u002Fapp\u002Fglog_static_musl_1\"",[40,410,411],{"class":57},", ",[40,413,414],{"class":127},"\"logsweb\"",[40,416,411],{"class":57},[40,418,419],{"class":127},"\".\u002Fconf.ini\"",[40,421,341],{"class":57},[11,423,424],{"id":424},"总结",[15,426,427],{},"关键步骤：",[429,430,431,438,448,454],"ol",{},[432,433,434,437],"li",{},[37,435,436],{},"apk add --no-cache shadow"," - 安装用户管理工具",[432,439,440,443,444,447],{},[37,441,442],{},"addgroup"," + ",[37,445,446],{},"adduser"," - 创建用户",[432,449,450,453],{},[37,451,452],{},"chown -R"," - 修改目录权限",[432,455,456,459],{},[37,457,458],{},"USER \u003Cusername>"," - 指定运行用户",[15,461,462],{},"这样容器内的应用就不再以 root 身份运行，更加安全。",[464,465,466],"style",{},"html pre.shiki code .sHbNN, html code.shiki .sHbNN{--shiki-light:#6A737D;--shiki-dark:#6A737D}html pre.shiki code .siTax, html code.shiki .siTax{--shiki-light:#D73A49;--shiki-dark:#F97583}html pre.shiki code .sIX_F, html code.shiki .sIX_F{--shiki-light:#24292E;--shiki-dark:#E1E4E8}html .light .shiki span {color: var(--shiki-light);background: var(--shiki-light-bg);font-style: var(--shiki-light-font-style);font-weight: var(--shiki-light-font-weight);text-decoration: var(--shiki-light-text-decoration);}html.light .shiki span {color: var(--shiki-light);background: var(--shiki-light-bg);font-style: var(--shiki-light-font-style);font-weight: var(--shiki-light-font-weight);text-decoration: var(--shiki-light-text-decoration);}html .dark .shiki span {color: var(--shiki-dark);background: var(--shiki-dark-bg);font-style: var(--shiki-dark-font-style);font-weight: var(--shiki-dark-font-weight);text-decoration: var(--shiki-dark-text-decoration);}html.dark .shiki span {color: var(--shiki-dark);background: var(--shiki-dark-bg);font-style: var(--shiki-dark-font-style);font-weight: var(--shiki-dark-font-weight);text-decoration: var(--shiki-dark-text-decoration);}html pre.shiki code .sw2iP, html code.shiki .sw2iP{--shiki-light:#6F42C1;--shiki-dark:#B392F0}html pre.shiki code .scXbn, html code.shiki .scXbn{--shiki-light:#032F62;--shiki-dark:#9ECBFF}html pre.shiki code .suQ91, html code.shiki .suQ91{--shiki-light:#005CC5;--shiki-dark:#79B8FF}",{"title":35,"searchDepth":50,"depth":82,"links":468},[469,470,475,476],{"id":13,"depth":50,"text":13},{"id":20,"depth":50,"text":20,"children":471},[472,473,474],{"id":24,"depth":82,"text":25},{"id":61,"depth":82,"text":62},{"id":103,"depth":82,"text":104},{"id":175,"depth":50,"text":175},{"id":424,"depth":50,"text":424},"解决 Docker 容器默认以 root 用户运行导致的权限问题，指定非 root 用户启动应用。",false,"md","\u002Fposts\u002Fdocker-user-start\u002Fimg\u002Fcover.svg",{},"\u002Fposts\u002Fdocker-user-start","2025-04-01",{"title":5,"description":477},"posts\u002Fdocker-user-start\u002Findex",[487,488,489],"Docker","运维","Linux","dmdN3xMJ1ot--Vvs0h6h9egmqMb5VzGZ3-KkAEBbV04",1780733791991]