作者:陈可1993_532 | 来源:互联网 | 2023-05-17 19:45
Imusingdockertorunanapacheinstance.Mydockerfilegoessomethinglikethis:我正在使用docker来运行一
I'm using docker to run an apache instance. My docker file goes something like this:
我正在使用docker来运行一个apache实例。我的docker文件是这样的:
FROM ubuntu
MAINTAINER your.face@gmail.com
RUN cat /etc/passwd
RUN cat /etc/group
RUN apt-get update && apt-get install -yq apache2 php5 libapache2-mod-php5 php5-mysql
RUN apt-get install -yq openssh-server
RUN mkdir /var/run/sshd
ENV APACHE_RUN_USER www-data
ENV APACHE_RUN_GROUP www-data
ENV APACHE_LOG_DIR /var/log/apache2
EXPOSE 80
ADD config/apache2/000-default.conf /etc/apache2/sites-available/000-default.conf
ADD config/php5/php.ini /etc/php5/apache2/php.ini
ADD config/start.sh /tmp/start.sh
ADD src /var/www
RUN chown -R root:www-data /var/www
RUN chmod u+rwx,g+rx,o+rx /var/www
RUN find /var/www -type d -exec chmod u+rwx,g+rx,o+rx {} +
RUN find /var/www -type f -exec chmod u+rw,g+rw,o+r {} +
#essentially: CMD ["/usr/sbin/apache2ctl", "-D", "FOREGROUND"]
CMD ["/tmp/start.sh"]
However, when I build the container and run it, I only ever get 403 errors.
然而,当我构建容器并运行它时,我只会得到403个错误。
Notice that I've specified that apache should run as www-data
in www-data
group, and that /var/www has been recursively chown
d to belong to root:www-data
.
请注意,我已经指定apache应该作为www-data组中的www-data运行,并且/var/www已经被递归地分配到属于根:www-data的chownd中。
Also, all directories are searchable and readable, and all files are readable and writeable by the www-data group (well, according to ls -la and namei -m they are anyways).
此外,所有目录都是可搜索和可读的,所有文件都是可读和可写的。
How do I fix these permissions issues? I cant figure it out.
如何修复这些权限问题?我搞不懂。
Actual error from apache error.log:
来自apache error.log的实际错误:
[Fri May 23 18:33:27.663087 2014] [core:error] [pid 14] (13)Permission denied: [client 11.11.11.11:61689] AH00035: access to /index.php denied (filesystem path '/var/www/index.php') because search permissions are missing on a component of the path
EDIT:
编辑:
output of ls -laR /var/www
at the end of the Dockerfile:
l -laR /var/www在Dockerfile末尾的输出:
Step 21 : RUN ls -laR /var/www
---> Running in 74fd3609dfc8
/var/www:
total 1036
drwxr-xr-x 67 root www-data 4096 May 23 18:38 .
drwxr-xr-x 26 root root 4096 May 23 18:38 ..
-rw-rw-r-- 1 root www-data 28 May 23 12:22 .gitignore
-rw-rw-r-- 1 root www-data 501 May 23 12:22 .htaccess
-rw-rw-r-- 1 root www-data 7566 May 23 12:22 index.php
output of namei -m /var/www/index.php
at the end of the Dockerfile:
namei -m /var/www/index的输出。在Dockerfile末尾的php:
Step 22 : RUN namei -m /var/www/index.php
---> Running in 1203f0353090
f: /var/www/index.php
drwxr-xr-x /
drwxr-xr-x var
drwxr-xr-x www
-rw-rw-r-- index.php
EDIT2
EDIT2
After trying a whole bunch of things, including chmod -R 777
just to see if I could get anything to work, I tried putting the source files added from the Dockerfile into /var/www/html
, the default location for apache files to be served.
在尝试了一大堆东西(包括chmod - r777)之后,我试着把从Dockerfile中添加的源文件添加到/var/www/html中,这是apache文件的默认位置。
I matched the default file permissions exactly (I think), and it still isn't working. The default index.html that comes with apache loads just fine, but the added src
folder still have a 403
access denied error.
我完全匹配了默认的文件权限(我认为),但它仍然不能工作。默认的索引。apache附带的html加载很好,但是添加的src文件夹仍然有一个403访问拒绝错误。
I changed the Dockerfile to ADD src /var/www/html/src
and the permissions were set using:
我更改了Dockerfile以添加src /var/www/html/src,并使用以下设置权限:
RUN find /var/www/html -type d -exec chmod u+rwx,g+rx,o+rx {} +
RUN find /var/www/html -type f -exec chmod u+rw,g+r,o+r {} +
No luck. Below is some of the output of ls -laR
on /var/www
. Notice that the permissions for the html
folder and index.html
that come with an apache2 install match those of the added src
folder:
没有运气。下面是ls -laR在/var/www上的一些输出注意html文件夹和索引的权限。带有apache2安装的html与添加的src文件夹匹配:
Step 19 : RUN ls -laR /var/www/
---> Running in 0520950d0426
/var/www/:
total 12
drwxr-xr-x 6 root root 4096 May 23 19:23 .
drwxr-xr-x 24 root root 4096 May 23 19:23 ..
drwxr-xr-x 5 root root 4096 May 23 19:23 html
/var/www/html:
total 24
drwxr-xr-x 5 root root 4096 May 23 19:23 .
drwxr-xr-x 6 root root 4096 May 23 19:23 ..
-rw-r--r-- 1 root root 11510 May 23 18:28 index.html
drwxr-xr-x 47 root root 4096 May 23 19:23 src
/var/www/html/src:
total 1032
drwxr-xr-x 47 root root 4096 May 23 19:23 .
drwxr-xr-x 5 root root 4096 May 23 19:23 ..
-rw-r--r-- 1 root root 28 May 23 12:22 .gitignore
-rw-r--r-- 1 root root 501 May 23 12:22 .htaccess
-rw-r--r-- 1 root root 7566 May 23 12:22 index.php
Perhaps chmod
doesn't work quite the way I thought it does??
也许chmod不像我想的那样工作?
EDIT3
EDIT3
A final bit of information. The Docker container is being built by buildbot, which I've been assuming runs as root. I haven't been able to reproduce this scenario without using buildbot to do the building.
最后一点信息。Docker容器是由buildbot构建的,我一直假设它作为根运行。我还没有使用buildbot来复制这个场景。
Building everything via sudo docker build -t apache .
type commands on my laptop works fine, but the problems arise when buildbot does it. No idea why :^/
通过sudo docker build -t apache构建所有内容。在我的笔记本电脑上键入命令很好,但是当buildbot完成时,问题就出现了。不知道为什么:^ /
2 个解决方案