From 3d536297a1a782a86af5b4903c83e7cae451c0a8 Mon Sep 17 00:00:00 2001 From: whyour Date: Sat, 30 May 2026 15:27:25 +0800 Subject: [PATCH] =?UTF-8?q?fix:=20=E4=BF=AE=E5=A4=8D=E9=9D=9E=20root=20?= =?UTF-8?q?=E7=94=A8=E6=88=B7=E5=90=AF=E5=8A=A8?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- docker/310.Dockerfile | 2 +- docker/Dockerfile | 2 +- docker/docker-entrypoint.sh | 72 +++++++++++++++++++++++++++++++++++-- 3 files changed, 72 insertions(+), 4 deletions(-) diff --git a/docker/310.Dockerfile b/docker/310.Dockerfile index cffc445c..194a6faa 100644 --- a/docker/310.Dockerfile +++ b/docker/310.Dockerfile @@ -68,7 +68,7 @@ RUN set -x && \ rm -rf /etc/apt/apt.conf.d/docker-clean && \ ulimit -c 0 -RUN mkdir -p ${QL_DIR} && \ +RUN mkdir -p ${QL_DIR} ${QL_DIR}/data && \ chown -R ${QL_UID}:${QL_GID} ${QL_DIR} USER qinglong diff --git a/docker/Dockerfile b/docker/Dockerfile index 80ba1841..45ba5104 100644 --- a/docker/Dockerfile +++ b/docker/Dockerfile @@ -69,7 +69,7 @@ RUN set -x && \ rm -rf /etc/apt/apt.conf.d/docker-clean && \ ulimit -c 0 -RUN mkdir -p ${QL_DIR} && \ +RUN mkdir -p ${QL_DIR} ${QL_DIR}/data && \ chown -R ${QL_UID}:${QL_GID} ${QL_DIR} USER qinglong diff --git a/docker/docker-entrypoint.sh b/docker/docker-entrypoint.sh index 83b9b3c8..8eab6ca8 100755 --- a/docker/docker-entrypoint.sh +++ b/docker/docker-entrypoint.sh @@ -15,9 +15,68 @@ log_with_style() { printf "\n[%s] [%7s] %s\n" "${timestamp}" "${level}" "${message}" } +# ============================================ +# 确保当前用户对 /ql 和 /ql/data 目录有写入权限 +# /ql/data 是 Docker Volume 挂载点,权限可能与 /ql 不同,需单独检测 +# ============================================ +ensure_ql_permissions() { + local current_uid + local current_gid + current_uid=$(id -u) + current_gid=$(id -g) + + if [ "$current_uid" -eq 0 ]; then + return 0 + fi + + # ---- 检查 /ql 目录 ---- + if ! mkdir -p "$QL_DIR/.tmp" 2>/dev/null; then + if chown -R "$current_uid:$current_gid" "$QL_DIR" 2>/dev/null; then + log_with_style "INFO" "已修正 /ql 目录权限: UID=$current_uid GID=$current_gid" + else + local ql_owner + ql_owner=$(stat -c '%u' "$QL_DIR" 2>/dev/null || stat -f '%u' "$QL_DIR" 2>/dev/null) + log_with_style "ERROR" "=============================================" + log_with_style "ERROR" " 权限错误:无法写入 /ql 目录" + log_with_style "ERROR" " 当前用户 UID: $current_uid" + log_with_style "ERROR" " /ql 目录所有者 UID: ${ql_owner:-未知}" + log_with_style "ERROR" "" + log_with_style "ERROR" " 解决方案:" + log_with_style "ERROR" " 1. 使用镜像内置用户: docker run --user ${ql_owner:-5432}:${ql_owner:-5432} ..." + log_with_style "ERROR" " 2. 使用 root 运行: 移除 --user 参数" + log_with_style "ERROR" " 3. 修正宿主机数据目录: chown -R $current_uid:$current_gid /path/to/ql/data" + log_with_style "ERROR" "=============================================" + exit 1 + fi + fi + rmdir "$QL_DIR/.tmp" 2>/dev/null || true + + # ---- 检查 /ql/data 目录(Volume 挂载点,不在用户数据卷内创建临时文件) ---- + if [ ! -w "$QL_DIR/data" ] || [ ! -x "$QL_DIR/data" ]; then + if chown "$current_uid:$current_gid" "$QL_DIR/data" 2>/dev/null; then + log_with_style "INFO" "已修正 /ql/data 目录权限: UID=$current_uid GID=$current_gid" + if [ ! -w "$QL_DIR/data" ] || [ ! -x "$QL_DIR/data" ]; then + log_with_style "ERROR" "修正后仍无法写入 /ql/data,请检查挂载的数据卷权限" + log_with_style "ERROR" "确保宿主机目录: chown -R $current_uid:$current_gid /your/data" + exit 1 + fi + else + local data_owner + data_owner=$(stat -c '%u' "$QL_DIR/data" 2>/dev/null || stat -f '%u' "$QL_DIR/data" 2>/dev/null) + log_with_style "ERROR" "=============================================" + log_with_style "ERROR" " 权限错误:无法写入 /ql/data (Volume 挂载点)" + log_with_style "ERROR" " 当前用户 UID: $current_uid" + log_with_style "ERROR" " /ql/data 所有者 UID: ${data_owner:-未知}" + log_with_style "ERROR" "" + log_with_style "ERROR" " 请修正宿主机数据目录权限:" + log_with_style "ERROR" " chown -R $current_uid:$current_gid /your/ql/data" + log_with_style "ERROR" "=============================================" + exit 1 + fi + fi +} + # Fix DNS resolution issues in Alpine Linux -# Alpine uses musl libc which has known DNS resolver issues with certain domains -# Adding ndots:0 prevents unnecessary search domain appending if [ -f /etc/alpine-release ]; then if ! grep -q "^options ndots:0" /etc/resolv.conf 2>/dev/null; then echo "options ndots:0" >> /etc/resolv.conf @@ -35,6 +94,15 @@ if ! grep -qE '^::1[[:space:]]+.*localhost' /etc/hosts 2>/dev/null; then log_with_style "INFO" "🔧 0. 已添加 IPv6 localhost 解析" fi +# 在一切操作之前检查目录权限 +ensure_ql_permissions + +# Dockerfile 中 HOME=/root,非 root 用户无法写入 +# 将 HOME 修正为临时目录,PM2/npm/pip 等工具的运行时数据无需持久化 +if [ ! -w "$HOME" ]; then + export HOME="$QL_DIR/.tmp" +fi + log_with_style "INFO" "🚀 1. 检测配置文件..." load_ql_envs export_ql_envs