英文:
Permission issue on Alpine Linux when Spring Boot app with Logback trying to write logs to /var/log/
问题
我有一个Spring Boot Java应用程序,我正在使用logback日志框架。我已经通过spring配置文件进行了设置,所以当我使用特定配置文件运行容器化的应用程序实例(通过指定SPRING_PROFILES_ACTIVE环境变量),logback会包含一个滚动文件附加器,将日志写入/var/log/log.txt。
我使用的基本Docker镜像是amazoncorretto:17-alpine-jdk(在内部使用的是Alpine),并且我以非root用户身份运行容器。
当我运行时,尝试记录到/var/log/log.txt时,我遇到了权限被拒绝的错误。
我在我的Dockerfile中设置了非root用户,如下所示:
RUN apk add doas
RUN adduser -D myuser && addgroup mygroup && addgroup myuser mygroup
RUN echo 'myuser:123' | chpasswd
RUN echo 'permit persist :wheel' > /etc/doas.d/doas.conf
USER myuser
如果我进入正在运行的容器,并切换到/var/log目录,如果我执行touch test.txt,我也会得到权限被拒绝的错误。
我尝试了各种方法,例如echo 'permit :wheel as root' > /etc/doas.d/doas.conf,但似乎无法使其正常工作(除了以root用户身份运行容器外,但我想要使用非root用户)。
英文:
I have a Spring Boot Java app and I'm using the logback logging framework. I've set this up with spring profiles, so that when I run a containerized instance of the app with a specific profile (by specifying the SPRING_PROFILES_ACTIVE environment var), logback will include a rolling file appender that write logs to /var/log/log.txt.
The base docker image I'm using is amazoncorretto:17-alpine-jdk (which is Alpine under the hood) and I'm run the container as a non-root user.
When I run this I'm getting a permission denied error when trying to log to /var/log/log.txt.
I set up the non-root user in my Dockerfile as follows:
RUN apk add doas
RUN adduser -D myuser && addgroup mygroup && addgroup myuser mygroup
RUN echo 'myuser:123' | chpasswd
RUN echo 'permit persist :wheel' > /etc/doas.d/doas.conf
USER myuser
If I exec into the running container, and cd into /var/log, if I execute touch test.txt I also get a permission denied error.
I've tried various things e.g. echo 'permit :wheel as root' > /etc/doas.d/doas.conf, but can't seem to get this working (aside from just running the container as the root user, but I want to use a non-root user).
答案1
得分: 1
默认情况下,/var/log/ 具有以下定义的权限:
drwxrwxr-x 15 root syslog
在这里阅读更多信息。
将应用程序日志附加到Linux系统使用的日志文件夹中并不是一个好主意。
但是,如果您想尝试上述操作,您可以登录容器并执行 sudo su - syslog,然后您可以在 var/log/ 中执行 touch test.txt。
英文:
By default the /var/log/ has the following permissions defined
drwxrwxr-x 15 root syslog
Read a bit more here.
It is not really a good idea to append the application logs inside the Linux logs folder which is used by the system.
But if you want to try the above you can login the container and execute sudo su - syslog and then you could execute touch test.txt inside var/log/.
通过集体智慧和协作来改善编程学习和解决问题的方式。致力于成为全球开发者共同参与的知识库,让每个人都能够通过互相帮助和分享经验来进步。
评论