英文:
PHP file_put_contents() in docker container can not write to underlying ubuntu operating system
问题
以下是您提供的内容的翻译:
我正在学习使用Docker来托管一个PHP应用程序。我尝试创建一个简单的index.php文件,它将向我的底层Ubuntu操作系统的test.txt文件写入hello world,但无论我尝试什么,都遇到了很多问题。我从以下3个文件开始:
// ~/docker/docker-compose.yml
version: "3.8"
services:
website:
container_name: website
build:
context: ./
dockerfile: Dockerfile
ports:
- "80:80"
volumes:
- ../public_html:/var/www/html
logging:
options:
max-file: "10"
max-size: 10m
// ~/docker/Dockerfile
FROM php:5.4-apache
RUN chown -R www-data:www-data /var/www/html
CMD ["/usr/sbin/apachectl", "-D", "FOREGROUND"]
// ~/public_html/index.php
<?php file_put_contents('test.txt', 'hello world');
我使用以下"启动"命令启动项目:
john@localhost: sudo su
root@localhost: systemctl start docker
root@localhost: exit
john@localhost: sudo chown -R john:john ~/docker
john@localhost: sudo chown -R john:john ~/public_html
john@localhost: sudo chmod -R 755 ~/public_html
john@localhost: cd ~/docker
john@localhost: sudo docker-compose up --build -d;
用户john具有sudo特权。
当我访问我的网页http://192.168.0.10/index.php时,我看到以下错误消息:
Warning: file_put_contents(test.txt): failed to open stream: Permission denied in /var/www/html/index.php on line 1
我可以通过从我的Ubuntu主机机器运行以下命令来解决这个问题:
touch ~/public_html/test.txt && chmod 777 ~/public_html/test.txt
但我真的想保持权限为755。
我读到我必须保持主机Ubuntu机器和容器之间的所有“用户ID”对齐。因此,我尝试了一些方法,但我每次尝试都会导致Docker容器无法启动。这是我最近的一次尝试,以及看到的错误:
// ~/docker/.env
// 当我运行`id -u`时,我看到值为1000。所以我将其分配给一个环境变量
CURRENT_UID=1000
// ~/docker/docker-compose.yml
version: "3.8"
services:
website:
container_name: website
user: ${CURRENT_UID}
environment:
CURRENT_UID: ${CURRENT_UID}
build:
context: ./
dockerfile: Dockerfile
ports:
- "80:80"
volumes:
- ../public_html:/var/www/html
logging:
options:
max-file: "10"
max-size: 10m
// ~/docker/Dockerfile
FROM php:5.4-apache
USER ${CURRENT_UID}:${CURRENT_UID}
RUN chown -R ${CURRENT_UID}:${CURRENT_UID} /var/www/html
RUN chown -R ${CURRENT_UID}:${CURRENT_UID} /etc/apache2
RUN chown -R ${CURRENT_UID}:${CURRENT_UID} /var/log/apache2
RUN chown -R ${CURRENT_UID}:${CURRENT_UID} /var/run/apache2
CMD ["/usr/sbin/apachectl", "-D", "FOREGROUND"]
当我运行"启动"命令时,容器无法启动。我运行了sudo docker logs website并显示以下内容:
[Wed Jun 28 23:01:18.623744 2023] [core:error] [pid 7] (13)Permission denied: AH00099: could not create /var/run/apache2/apache2.pid
[Wed Jun 28 23:01:18.623918 2023] [core:error] [pid 7] AH00100: apache2: could not log pid to file /var/run/apache2/apache2.pid
Action 'D FOREGROUND' failed.
The Apache error log may have more information
有人可以告诉我我做错了什么吗?在容器失败后是否有查看Apache错误日志的方法?
英文:
I am learning to use Docker to host a php application. I tried making a simple index.php that will write a hello world to a test.txt file to my underlying ubuntu operating system. But I am running into a lot of issues no matter what I try. I started off with these 3 files:
// ~/docker/docker-compose.yml
version: "3.8"
services:
website:
container_name: website
build:
context: ./
dockerfile: Dockerfile
ports:
- "80:80"
volumes:
- ../public_html:/var/www/html
logging:
options:
max-file: "10"
max-size: 10m
// ~/docker/Dockerfile
FROM php:5.4-apache
RUN chown -R www-data:www-data /var/www/html
CMD ["/usr/sbin/apachectl", "-D", "FOREGROUND"]
// ~/public_html/index.php
<?php file_put_contents('test.txt', 'hello world');
I start up the project with these "start up" commands:
john@localhost: sudo su
root@localhost: systemctl start docker
root@localhost: exit
john@localhost: sudo chown -R john:john ~/docker
john@localhost: sudo chown -R john:john ~/public_html
john@localhost: sudo chmod -R 755 ~/public_html
john@localhost: cd ~/docker
john@localhost: sudo docker-compose up --build -d;
The user john has sudo privileges.
When I visit my web page at http://192.168.0.10/index.php, I see the error message
Warning: file_put_contents(test.txt): failed to open stream: Permission denied in /var/www/html/index.php on line 1
I can work around the problem by running this command from my ubuntu host machine:
touch ~/public_html/test.txt && chmod 777 ~/public_html/test.txt
But I really want to keep permissions to 755.
I read that I have to keep the all the user ids aligned between my host ubuntu machine and guest containers. So I tried a few things, but everyone of my attempts causes the docker container to fail and not even start up. This was my most recent attempt along with the error seen:
// ~/docker/.env
// when I did `id -u`, i saw the value 1000. So I will assign it to an env variable
CURRENT_UID=1000
// ~/docker/docker-compose.yml
version: "3.8"
services:
website:
container_name: website
user: ${CURRENT_UID}
environment:
CURRENT_UID: ${CURRENT_UID}
build:
context: ./
dockerfile: Dockerfile
ports:
- "80:80"
volumes:
- ../public_html:/var/www/html
logging:
options:
max-file: "10"
max-size: 10m
// ~/docker/Dockerfile
FROM php:5.4-apache
USER ${CURRENT_UID}:${CURRENT_UID}
RUN chown -R ${CURRENT_UID}:${CURRENT_UID} /var/www/html
RUN chown -R ${CURRENT_UID}:${CURRENT_UID} /etc/apache2
RUN chown -R ${CURRENT_UID}:${CURRENT_UID} /var/log/apache2
RUN chown -R ${CURRENT_UID}:${CURRENT_UID} /var/run/apache2
CMD ["/usr/sbin/apachectl", "-D", "FOREGROUND"]
The container fails to start when I run the "start up" commands. I do a sudo docker logs website and it shows:
[Wed Jun 28 23:01:18.623744 2023] [core:error] [pid 7] (13)Permission denied: AH00099: could not create /var/run/apache2/apache2.pid
[Wed Jun 28 23:01:18.623918 2023] [core:error] [pid 7] AH00100: apache2: could not log pid to file /var/run/apache2/apache2.pid
Action '-D FOREGROUND' failed.
The Apache error log may have more information
Can anyone tell me what am I doing wrong? Is there a way to look at the Apache error logs after the container fails?
答案1
得分: 1
Docker不遵循主机系统的passwd配置,也不以您的UID身份运行,而是以映像中配置的用户身份运行,映射到映像的passwd文件中的UID。在这种情况下,映像以root用户身份启动apache,然后根据其配置执行setuid/setgid到www-data [UID/GID 33]。
在使用chmod 777的临时解决方法后,您应该能够使用ls -an命令查看文件的创建UID/GID。
您需要执行以下操作之一:
- 将挂载卷的所有权更改为UID/GID 33,例如
chown -R 33:33 ~/public_html - 自定义映像以添加具有所需主机UID/GID的用户/组,然后配置apache以该用户身份运行。
英文:
Docker does not respect the host system's passwd config, and does not run as your UID, it runs as whatever user happens to be configured in the image, which maps to whatever UID is in the image's passwd file. In this case the image runs as root to start apache, which then does a setuid/setgid to www-data [UID/GID 33] according to it's configuration.
After using the chmod 777 kludge you should be able to see the UID/GID that the files were created under with ls -an.
You'll either need to:
- Change the ownership of the mounted volumes to UID/GID 33, eg
chown -R 33:33 ~/public_html - Customize the image to add a user/group with UID/GID matching the host UID/GID you want to use, and then configure apache to run as that user.
通过集体智慧和协作来改善编程学习和解决问题的方式。致力于成为全球开发者共同参与的知识库,让每个人都能够通过互相帮助和分享经验来进步。
评论