核心问题是,当容器创建持久性文件时,它们实际上由 root 拥有,并且需要我输入 sudo 密码才能删除。我希望所有容器都以我的用户身份运行,或者至少以一种可以删除容器创建的临时文件的方式运行。看这个最小的例子:
\n# docker-compose.yml\nversion: "2.2"\nservices:\n app:\n build: .\n container_name: app\n environment:\n - UID=${UID}\n - GID=${GID}\n - USER=${USER}\n# Dockerfile\nFROM alpine\n\nRUN apk update\nRUN apk upgrade\nRUN apk add shadow\n\nRUN useradd -G root,wheel -u ${UID} -g ${GID} -s /bin/ash -d /home/${USER} ${USER}\nUSER ${USER}\nCMD /bin/ash\n# output\n\xe2\x9d\xaf docker-compose up -d --remove-orphans --build\n[+] Building 0.4s (8/8) FINISHED \n => [internal] load build definition from Dockerfile 0.0s\n => => transferring dockerfile: 212B 0.0s\n => [internal] load .dockerignore 0.0s\n => => …