郑天一
⽂件权限问题
投产后,程序产⽣的⽂件按权限是644。原因是docker容器⾥⾯,umask值是0022。
[root@hostname logs]<20200423 20:47:57># umask
0002
[root@hostname logs]<20200423 20:46:02># docker exec -it 18becb148a65 /bin/bash
bash-4.2$ umask
0022
宿主机umask是0002,容器⾥⾯是0022,为什么会这样呢?
进⼊容器⾥⾯,查看/etc/bashrc⽂件
bash-4.2$ cat /etc/bashrc
# /etc/bashrc
# System wide functions and aliases
# Environment stuff goes in /etc/profile
# It's NOT a good idea to change this file unless you know what you
# are doing. It's much better to create a custom.sh shell script in
微冻技术
# /etc/profile.d/ to make custom changes to your environment, as this
# will prevent the need for merging in future updates.
# are we an interactive shell?
if["$PS1"];then
if[ -z "$PROMPT_COMMAND"];then
case$TERM in
xterm*|vte*)
if[ -e /etc/sysconfig/bash-prompt-xterm ];then
PROMPT_COMMAND=/etc/sysconfig/bash-prompt-xterm
elif["${VTE_VERSION:-0}" -ge 3405 ];then
PROMPT_COMMAND="__vte_prompt_command"
else
PROMPT_COMMAND='printf "\033]0;%s@%s:%s\007" "${USER}" "${HOSTNAME%%.*}" "${PWD/#$HOME/~}"' fi
;;
screen*)
if[ -e /etc/sysconfig/bash-prompt-screen ];then连云港核废料
PROMPT_COMMAND=/etc/sysconfig/bash-prompt-screen
else
PROMPT_COMMAND='printf "\033k%s@%s:%s\033\\" "${USER}" "${HOSTNAME%%.*}" "${PWD/#$HOME/~}"' fi
;;
*)
[ -e /etc/sysconfig/bash-prompt-default ]&& PROMPT_COMMAND=/etc/sysconfig/bash-prompt-default
;;
esac
fi
# Turn on parallel history
shopt -s histappend
history -a
# Turn on checkwinsize
shopt -s checkwinsize硬件加密
["$PS1"="\\s-\\v\\\$ "]&& PS1="[\u@\h \W]\\$ "
# You might want to tty in prompt (e.g. more virtual machines)
# and console windows
# If you want to do so, just
# if [ "$PS1" ]; then
# PS1="[\u@\h:\l \W]\\$ "
# fi
# to your custom modification shell script in /etc/profile.d/ directory
# to your custom modification shell script in /etc/profile.d/ directory
fi
if!shopt -q login_shell ;then# We're not a login shell
# Need to redefine pathmunge, it get's undefined at the end of /etc/profile
pathmunge (){
case":${PATH}:"in
*:"$1":*)
;;
*)
if["$2"="after"];then
PATH=$PATH:$1
else
PATH=$1:$PATH
fi
esac
}
# By default, we want umask to get set. This sets it for non-login shell.
# Current threshold for system reserved uid/gids is 200
# You could check uidgid reservation validity in
# /usr/share/doc/setup-*/uidgid file
if[$UID -gt 199 ]&&["`/usr/bin/id -gn`"="`/usr/bin/id -un`"];then
香港成人电视台
umask 002
else青斑蝶
umask 022
fi
SHELL=/bin/bash
# Only display echos from profile.d scripts if we are no login shell
# and interactive - otherwise just process them to set envvars
for i in /etc/profile.d/*.sh;do
if[ -r "$i"];then
if["$PS1"];then
."$i"
else
.
"$i">/dev/null
fi
fi
done
unset i
unset -f pathmunge
fi
# vim:ts=4:sw=4
从71-75⾏,可以发现当uid和gid不等时,执⾏ umask 0022。
设置容器⾥⾯应⽤的umask值为0002
容器启动后,在应⽤的启动脚本中添加umask 0002如下:
#!/bin/sh
umask 0002
#省略其他启动内容
添加第三⾏。
修改后,进⼊容器,发现umask值仍然是0022,但是应⽤写出来的⽂件权限变成了664。-rw-rw-r-- 1 testuser testuser 8772 Apr 23 21:log
豫公网安备41160202000603
站长QQ:729038198
关于我们
投诉建议