版权声明:王小溪原创专属 https://blog.csdn.net/sinat_41196089/article/details/83934102
在docker容器中使用非root用户
默认情况下,docker 命令会使用 Unix socket 与 Docker 引擎通讯。而只有 root 用户和 docker 组的用户才可以访问 Docker 引擎的 Unix socket。出于安全考虑,一般 Linux 系统上不会直接使用 root 用户。因此,更好地做法是将需要使用 docker 的用户加入 docker 用户组。
- 1.构建镜像
FROM ubuntu:14.04
MAINTAINER wangliangjie
RUN groupadd drv &&
useradd -d /data -g drv -m drv &&
su - drv -c "mkdir -p /data"
WORKDIR /data
#chown -R drv:drv /data
#CMD ["/usr/sbin/sshd", "-D"]
CMD ["su","drv"]
docker build -t eg_sshd .
- 2.进入docker操作
docker run -it -v /home/drv/logs:/data eg_sshd
drv@66d564c7b8ef:~$ mkdir 1
- 3.退出docker查看文件的权限
drv@66d564c7b8ef:~$ exit
exit
drv@drv-ubuntu:~/docker14$ ll /home/drv/logs/
total 16
drwxrwxr-x 3 drv drv 4096 8月 24 21:40 ./
drwxr-xr-x 24 drv drv 4096 8月 24 21:39 ../
drwxrwxr-x 2 drv drv 4096 8月 24 21:38 1/
-rw------- 1 drv drv 111 8月 24 21:40 .bash_history
Dockerfile方式创建镜像
FROM ubuntu:14.04
MAINTAINER wangxiaoxi
RUN echo "deb http://mirrors.163.com/ubuntu/ trusty main restricted universe multiverse" > /etc/apt/sources.list
RUN echo "deb http://mirrors.163.com/ubuntu/ trusty-security main restricted universe multiverse" >> /etc/apt/sources.list
RUN echo "deb http://mirrors.163.com/ubuntu/ trusty-updates main restricted universe multiverse" >> /etc/apt/sources.list
RUN echo "deb http://mirrors.163.com/ubuntu/ trusty-proposed main restricted universe multiverse" >> /etc/apt/sources.list
RUN echo "deb http://mirrors.163.com/ubuntu/ trusty-backports main restricted universe multiverse" >> /etc/apt/sources.list
RUN apt-get update
RUN apt-get install -y openssh-server
RUN apt-get clean
RUN apt-get autoclean
RUN apt-get autoremove
RUN mkdir -p /var/run/sshd
RUN mkdir -p /root/.ssh
#取消pam限制
#RUN echo 'root:123' | chpasswd
#RUN sed -i 's/PermitRootLogin prohibit-password/PermitRootLogin yes/' /etc/ssh/sshd_config
# SSH login fix. Otherwise user is kicked off after login
RUN sed 's@sessions*requireds*pam_loginuid.so@session optional pam_loginuid.so@g' -i /etc/pam.d/sshd
#复制配置文件到相应位置,并赋予脚本可执行权限
ADD authorized_keys /root/.ssh/authorized_keys
#RUN touch /root/.ssh/authorized_keys
#RUN cat id_rsa.pub >> /root/.ssh/authorized_keys
EXPOSE 22
CMD ["/usr/sbin/sshd", "-D"]
然后重启守护进程:
docker build -t eg_sshd .
docker run -itd -P --name test_sshd eg_sshd
docker port test_sshd 22
得到端口号后ssh连接:
ssh root@xxxx -p yyyy
docker中使用非root用户连ssh
一.ssh秘钥方式
- 1.构建镜像
FROM ubuntu:14.04
MAINTAINER wangliangjie
RUN echo "deb http://mirrors.163.com/ubuntu/ trusty main restricted universe multiverse" > /etc/apt/sources.list &&
echo "deb http://mirrors.163.com/ubuntu/ trusty-security main restricted universe multiverse" >> /etc/apt/sources.list &&
echo "deb http://mirrors.163.com/ubuntu/ trusty-updates main restricted universe multiverse" >> /etc/apt/sources.list &&
echo "deb http://mirrors.163.com/ubuntu/ trusty-proposed main restricted universe multiverse" >> /etc/apt/sources.list &&
echo "deb http://mirrors.163.com/ubuntu/ trusty-backports main restricted universe multiverse" >> /etc/apt/sources.list
RUN apt-get update &&
apt-get install -y openssh-server &&
apt-get clean &&
apt-get autoclean &&
apt-get autoremove &&
mkdir -p /var/run/sshd &&
sed 's@sessions*requireds*pam_loginuid.so@session optional pam_loginuid.so@g' -i /etc/pam.d/sshd &&
groupadd drv &&
useradd -d /data -g drv -m drv &&
su - drv -c "mkdir -p /data/.ssh"
WORKDIR /data
ADD authorized_keys /data/.ssh/authorized_keys
#ADD id_rsa.pub /data/.ssh/id_rsa.pub
#RUN cat /data/.ssh/id_rsa.pub >> /data/.ssh/authorized_keys
RUN chown -R drv:drv /data &&
chmod 664 /data/.ssh/authorized_keys
EXPOSE 22
CMD ["su","drv"]
CMD ["/usr/sbin/sshd", "-D"]
- 2.启动docker病连接ssh操作
docker build -t eg_sshd .
docker run -itd -p 1111:22 -v /home/drv/logs:/data/projects --name test_sshd eg_sshd
ssh [email protected] -p 1111
(docker)cd projects
(docker)mkdir 1
- 3.退出docker查看文件的权限
(docker)exit
ll /home/drv/logs/
total 12
drwxrwxr-x 3 drv drv 4096 8月 24 23:52 ./
drwxr-xr-x 26 drv drv 4096 8月 24 23:39 ../
drwxrwxr-x 2 drv drv 4096 8月 24 23:52 1/
二.ssh密码方式
- 1.构建镜像
FROM ubuntu:14.04
MAINTAINER wangliangjie
RUN echo "deb http://mirrors.163.com/ubuntu/ trusty main restricted universe multiverse" > /etc/apt/sources.list &&
echo "deb http://mirrors.163.com/ubuntu/ trusty-security main restricted universe multiverse" >> /etc/apt/sources.list &&
echo "deb http://mirrors.163.com/ubuntu/ trusty-updates main restricted universe multiverse" >> /etc/apt/sources.list &&
echo "deb http://mirrors.163.com/ubuntu/ trusty-proposed main restricted universe multiverse" >> /etc/apt/sources.list &&
echo "deb http://mirrors.163.com/ubuntu/ trusty-backports main restricted universe multiverse" >> /etc/apt/sources.list &&
apt-get update &&
apt-get install -y openssh-server &&
apt-get clean &&
apt-get autoclean &&
apt-get autoremove &&
mkdir -p /var/run/sshd &&
sed 's/^#PasswordAuthentication yes/PasswordAuthentication yes/' -i /etc/ssh/sshd_config &&
groupadd drv &&
useradd -d /data -g drv -m drv &&
echo "drv:123" | chpasswd &&
chown -R drv:drv /data &&
usermod -s /bin/bash drv
WORKDIR /data
EXPOSE 22
CMD ["su","drv"]
CMD ["/usr/sbin/sshd", "-D"]
- 2.启动docker病连接ssh操作
docker build -t eg_sshd .
docker run -itd -p 1111:22 -v /home/drv/logs:/data/projects --name test_sshd eg_sshd
ssh [email protected] -p 1111