linux docker root用户拉起非root权限应用 dockerfile: 1 2 3 4 5 6 7 8 9 10 FROM elasticsearch:8.8.1 USER root COPY entrypoint-root.sh /usr/local/bin/ RUN chmod +x /usr/local/bin/entrypoint-root.sh && \ apt update -y && \ apt install -y gosu ENTRYPOINT ["/bin/tini","--","/usr/local/bin/entrypoint-root.sh"] CMD ["eswrapper"] entrypoint-root.sh: 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 #!/bin/bash set -e DATA_DIR="/usr/share/elasticsearch/data" if [ "$(stat -c %U "$DATA_DIR")" != "elasticsearch" ]; then echo "Fixing ownership of $DATA_DIR" chown -R elasticsearch:elasticsearch "$DATA_DIR" fi if [ "$1" = "eswrapper" ]; then set -- elasticsearch fi exec gosu elasticsearch /usr/local/bin/docker-entrypoint.sh "$@"
