我想要实现的是准备 Docker 映像,其中每个非 root 用户都可以进行 SSHF 挂载。MWE 如下:
Dockerfile:
FROM rocker/rstudio:4.0.3
USER root
RUN apt-get update && apt-get install -y udev sshfs
RUN mkdir -p /mnt/vol
## also tried with following:
#RUN sudo mkdir -p /etc/udev/rules.d/ && sudo echo "KERNEL==fuse, MODE=0777" >> /etc/udev/rules.d/99-fuse.rules
USER rstudio
构建图像:
docker build -f Dockerfile -t fuse:test2 .
SSHFS 挂载适用于root以下用户:
$ docker run -u root --device /dev/fuse --cap-add SYS_ADMIN -it fuse:test2 sshfs -o StrictHostKeyChecking=no <mylogin>@<mynodename.com>:/gstore/home/foltynsk/batchtools_registry/test /mnt/vol
<mylogin>@<mynodename.com>'s password:
但非 root 用户操作失败rstudio:
$ docker run -u 1000:1000 --device /dev/fuse --cap-add SYS_ADMIN -it fuse:test2 id
uid=1000(rstudio) gid=1000(rstudio) groups=1000(rstudio)
$ docker run -u 1000:1000 --device /dev/fuse --cap-add SYS_ADMIN -it fuse:test2 ls -la /dev/fuse
crw-rw---- 1 root root 10, 229 Mar 23 21:45 /dev/fuse
$ docker run -u 1000:1000 --device /dev/fuse --cap-add SYS_ADMIN -it fuse:test2 sshfs -o StrictHostKeyChecking=no <mylogin>@<mynodename.com>:/home/<mylogin>/somedir /mnt/vol
fuse: failed to open /dev/fuse: Permission denied