Permission issue on Alpine Linux when Spring Boot app with Logback trying to write logs to /var/log/

huangapple go评论57阅读模式
英文:

Permission issue on Alpine Linux when Spring Boot app with Logback trying to write logs to /var/log/

问题

我有一个Spring Boot Java应用程序,我正在使用logback日志框架。我已经通过spring配置文件进行了设置,所以当我使用特定配置文件运行容器化的应用程序实例(通过指定SPRING_PROFILES_ACTIVE环境变量),logback会包含一个滚动文件附加器,将日志写入/var/log/log.txt

我使用的基本Docker镜像是amazoncorretto:17-alpine-jdk(在内部使用的是Alpine),并且我以非root用户身份运行容器。

当我运行时,尝试记录到/var/log/log.txt时,我遇到了权限被拒绝的错误。

我在我的Dockerfile中设置了非root用户,如下所示:

RUN apk add doas
RUN adduser -D myuser && addgroup mygroup && addgroup myuser mygroup
RUN echo 'myuser:123' | chpasswd
RUN echo 'permit persist :wheel' > /etc/doas.d/doas.conf

USER myuser

如果我进入正在运行的容器,并切换到/var/log目录,如果我执行touch test.txt,我也会得到权限被拒绝的错误。

我尝试了各种方法,例如echo 'permit :wheel as root' > /etc/doas.d/doas.conf,但似乎无法使其正常工作(除了以root用户身份运行容器外,但我想要使用非root用户)。

英文:

I have a Spring Boot Java app and I'm using the logback logging framework. I've set this up with spring profiles, so that when I run a containerized instance of the app with a specific profile (by specifying the SPRING_PROFILES_ACTIVE environment var), logback will include a rolling file appender that write logs to /var/log/log.txt.

The base docker image I'm using is amazoncorretto:17-alpine-jdk (which is Alpine under the hood) and I'm run the container as a non-root user.

When I run this I'm getting a permission denied error when trying to log to /var/log/log.txt.

I set up the non-root user in my Dockerfile as follows:

RUN apk add doas
RUN adduser -D myuser && addgroup mygroup && addgroup myuser mygroup
RUN echo 'myuser:123' | chpasswd
RUN echo 'permit persist :wheel' > /etc/doas.d/doas.conf

USER myuser

If I exec into the running container, and cd into /var/log, if I execute touch test.txt I also get a permission denied error.

I've tried various things e.g. echo 'permit :wheel as root' > /etc/doas.d/doas.conf, but can't seem to get this working (aside from just running the container as the root user, but I want to use a non-root user).

答案1

得分: 1

默认情况下,/var/log/ 具有以下定义的权限:

drwxrwxr-x 15 root syslog

这里阅读更多信息。

将应用程序日志附加到Linux系统使用的日志文件夹中并不是一个好主意

但是,如果您想尝试上述操作,您可以登录容器并执行 sudo su - syslog,然后您可以在 var/log/ 中执行 touch test.txt

英文:

By default the /var/log/ has the following permissions defined

drwxrwxr-x 15 root syslog

Read a bit more here.

It is not really a good idea to append the application logs inside the Linux logs folder which is used by the system.

But if you want to try the above you can login the container and execute sudo su - syslog and then you could execute touch test.txt inside var/log/.

huangapple
  • 本文由 发表于 2023年5月11日 10:53:36
  • 转载请务必保留本文链接:https://go.coder-hub.com/76223847.html
匿名

发表评论

匿名网友

:?: :razz: :sad: :evil: :!: :smile: :oops: :grin: :eek: :shock: :???: :cool: :lol: :mad: :twisted: :roll: :wink: :idea: :arrow: :neutral: :cry: :mrgreen:

确定