File-Permissions
在 docker 容器中使用主管執行 uWSGI 被拒絕授予權限
我有 Django 應用程序,我想使用 Supervisor 在 Docker 容器中執行 UWSGI。
我正在使用 OSX,以便成功地將我的 OSX 文件系統掛載在我的
boot2dockerVM 中(這樣我就可以使用 docker 掛載卷run -v /source/:/destination)我不得不使用sshfs它,我認為這會導致我掛載的文件系統出現一些奇怪的權限。我的
boot2docker虛擬機上有兩個掛載;一個指向我的應用程式碼庫,一個指向我主機上的任意位置以將持久日誌寫入Host: /Users/username/workspace/project --- > boot2docker: /home/docker/osx Host: /containers/project --- > boot2docker: /containers/project我用以下方式啟動我的 docker 容器:
docker run -t -i -p 80 -v /home/docker/osx/project/www:/var/www -v /containers/project:/host image-name /bin/bash我的應用程序的主管配置如下所示:
[program:app_name] command=uwsgi --ini /var/www/wsgi/uwsgi.ini directory=/var/www autostart=true autorestart=true stdout_logfile=/host/logs/app-name.log redirect_stderr=True我的
usgi.ini樣子是這樣的:[uwsgi] http = :3041 chdir = /var/www module = run.wsgi uid = www-data gid = 33 master = True processes = 4 threads = 1 pidfile = /var/run/uwsgi.pid touch-reload = /var/run/uwsgi.pid logto = /host/logs/uwsgi.log當我使用 supervisorctl 執行我的應用程序時,出現以下錯誤:
root@4237fd060a40:/var/www# supervisorctl app_name FATAL Exited too quickly (process log may have details) supervisor> start app_name 2014-06-15 10:22:16,559 INFO spawned: 'app_name' with pid 105 2014-06-15 10:22:16,633 INFO exited: app_name (exit status 1; not expected) 2014-06-15 10:22:17,658 INFO spawned: 'app_name' with pid 106 app_name: ERROR (abnormal termination)在我看到的 uWSGI 日誌中:
[uWSGI] getting INI configuration from /var/www/run/uwsgi.ini *** Starting uWSGI 1.9.10 (64bit) on [Sun Jun 15 10:22:22 2014] *** compiled with version: 4.6.3 on 13 June 2014 15:25:05 os: Linux-3.14.1-tinycore64 #1 SMP Mon Jun 9 16:21:23 UTC 2014 nodename: 4237fd060a40 machine: x86_64 clock source: unix detected number of CPU cores: 4 current working directory: /var/www writing pidfile to /var/run/uwsgi.pid detected binary path: /usr/local/bin/uwsgi setgid() to 33 setuid() to 33 chdir(): Permission denied [core/uwsgi.c line 2121]執行
id -g www-data顯示我的 gid 是正確的並且www-data存在:root@4237fd060a40:/var/www# id -g www-data 33在我的 docker 容器中,我看到的文件權限如下所示:
root@4237fd060a40:/var/www# ll total 76 drwxr-xr-x 1 10133 10000 578 Jun 15 09:55 ./ drwxr-xr-x 30 root root 4096 Jun 15 09:52 ../ drwxr-xr-x 1 10133 10000 714 Jun 13 10:55 some_folder/ drwxr-xr-x 1 10133 10000 1292 Jun 9 11:29 some_file.py因此,因為我在這裡看到
uids 和gids,所以文件/文件夾歸一個不存在的使用者所有(它們與我的主機 OSX 使用者名uid和匹配gid),並且我收到上面的權限錯誤,因為www-data使用者沒有’無權寫入已安裝的文件系統,我可以證明使用su:root@4237fd060a40:/var/www# su www-data $ pwd /var/www $ touch test2 touch: cannot touch `test2': Permission denied到目前為止是有道理的,但是當我嘗試以 root 身份編寫文件時:
root@4237fd060a40:/var/www# touch test root@4237fd060a40:/var/www# ll total 76 ... -rw-r--r-- 1 10133 10000 0 Jun 15 10:20 test寫文件可以正常工作,甚至有權限
uid和gid.所以,我本來希望用這個
uwsgi.ini文件以 root 身份執行 uWSGI:[uwsgi] http = :3041 chdir = /var/www module = run.wsgi uid = root gid = 10000 master = True processes = 4 threads = 1 pidfile = /var/run/uwsgi.pid touch-reload = /var/run/uwsgi.pid logto = /host/logs/uwsgi.log或作為 10133 使用此
uwsgi.ini文件:[uwsgi] http = :3041 chdir = /var/www module = run.wsgi uid = 10133 gid = 10000 master = True processes = 4 threads = 1 pidfile = /var/run/uwsgi.pid touch-reload = /var/run/uwsgi.pid logto = /host/logs/uwsgi.log會工作,但我沒有得到愛:
[uWSGI] getting INI configuration from /var/www/run/uwsgi.ini *** Starting uWSGI 1.9.10 (64bit) on [Sun Jun 15 10:30:05 2014] *** compiled with version: 4.6.3 on 13 June 2014 15:25:05 os: Linux-3.14.1-tinycore64 #1 SMP Mon Jun 9 16:21:23 UTC 2014 nodename: 4237fd060a40 machine: x86_64 clock source: unix detected number of CPU cores: 4 current working directory: /var/www writing pidfile to /var/run/uwsgi.pid detected binary path: /usr/local/bin/uwsgi setgid() to 10000 *** WARNING: you are running uWSGI as root !!! (use the --uid flag) *** chdir(): Permission denied [core/uwsgi.c line 2121]和
[uWSGI] getting INI configuration from /var/www/run/uwsgi.ini *** Starting uWSGI 1.9.10 (64bit) on [Sun Jun 15 10:30:36 2014] *** compiled with version: 4.6.3 on 13 June 2014 15:25:05 os: Linux-3.14.1-tinycore64 #1 SMP Mon Jun 9 16:21:23 UTC 2014 nodename: 4237fd060a40 machine: x86_64 clock source: unix detected number of CPU cores: 4 current working directory: /var/www writing pidfile to /var/run/uwsgi.pid detected binary path: /usr/local/bin/uwsgi uWSGI running as root, you can use --uid/--gid/--chroot options setgid() to 10000 setuid() to 10133 chdir(): Permission denied [core/uwsgi.c line 2121]我錯過了什麼?
我在這裡看到權限被拒絕錯誤,因為
guid容器內不存在。更改線路
guid=10000以guid=root修復它。