Fixing permissions for Docker

The post “Handling Permissions with Docker Volumes” explains clearly the problem: when you run a docker container bound to a directory, all files are accessed/written with the UID of the docker user.

For instance, let us bind our ~/temp directory to the /data directory inside the container, and create the file /data/test inside the container with:

docker run -it -v ~/temp:/data ubuntu:16.04 "touch" "/data/test"

Then ls -lhF ~/temp gives:

total 8,0K
-rw-r--r-- 1 root root 0 set 4 19:23 test

because the command touch has been run with UID 0 inside the container. Usually, I want to run a container with my UID, so that running a container is undistinguishable from running any other program. The first element of the solution is the gosu package that must be installed via the Dockerfile command: RUN apt-get update && apt-get install -y gosu.

The second element is a trivial script gosu.sh that computes the UID and GID of the owner of the /data directory inside the container and runs the program with that UID/GID. The gosu.sh for our HapCHAT program is:

#!/bin/bash
# Add local user
# with the same owner as /data
USER_ID=$(stat -c %u /data)
GROUP_ID=$(stat -c %g /data)

echo "Starting with UID:GID $USER_ID:$GROUP_ID"
groupadd -g "$GROUP_ID" group
useradd --shell /bin/bash -u "$USER_ID" -g group -o -c "" -m user
export HOME=/
chown --recursive "$USER_ID":"$GROUP_ID" /HapCHAT

exec gosu user "[email protected]"

Copying and running that file is achieved with the following snippet of the Dockerfile

COPY gosu.sh /usr/local/bin/gosu.sh
ENTRYPOINT ["/usr/local/bin/gosu.sh"]
CMD ["/usr/bin/snakemake"]

TL,DR

We can run a docker container with the unprivileged permissions of our users with a simple script and a change to the Dockerfile. You can find the files at https://github.com/AlgoLab/HapCHAT/tree/master/docker

Advertisements

XEmacs is dead and it smells badly

I used to love XEmacs, but it has been declared dead years ago.

I used it to write papers and several programs. I even used it to write my Ph.D. thesis. I have read and appreciated jwz tirade against GNU Emacs, and I think he’s right.

Anyway, some years ago (I think about 10 years ago) I switched back to GNU Emacs and I’ve never looked back. Still, up until now I have seen XEmacs as a nice project. But now the leader of XEmacs states that he would oppose any improvement to Emacs that “makes it even harder for XEmacs to catch up“. That only means that it is time to stop thinking about XEmacs and go on.

Introduzione a LaTeX

LaTeX è un sistema di composizione tipografica ideato nel 1985 per automatizzare tutte le operazioni più comuni che coinvolgono la realizzazione di un documento. LaTeX permette di ottenere eccellenti risultati tipografici, in particolare quando si tratta di testi di carattere scientifico e matematico in particolare. Esistono implementazioni gratuite e libere per tutti i sistemi operativi.

Verrà tenuta una introduzione a LaTeX secondo il programma che segue. Ulteriori informazioni

9-9.30 Introduzione e utilizzo basilare
9.30-10.15 Presentazioni (Beamer)
10.15-10.30 Bibliografie
10.30-11.00 Formule matematiche ed equazioni
11.00-11.30 Figure e grafici (Tikz)
11.30-12.00 Risorse e approfondimenti
12.00-12.30 Domande dei partecipanti

Aggiornamento:

A causa del basso numero di iscritti, l’incotro di introduzione a LaTeX è rinviato a data da destinarsi.

Endorsements

Or: What I like and support

  • FSFE: Free Software Foundation Europe.
  • PlayOgg: Don’t use DRM files
  • Wikipedia
  • Not f'd Not f’d – you won’t find me on Facebook
  • Open Document Format
  • Debian
  • Ubuntu
  • Emacs
  • No software patents. A program is a way to express algorithms, which are not patentable by the Bern convention. Then why should you want to patent a program?
  • Email Charter We’re drowning in email. We can reverse this spiral only by mutual agreement.
  • Science Code Manifesto Software is a cornerstone of science. Without software, twenty-first century science would be impossible. Without better software, science cannot progress. But the culture and institutions of science have not yet adjusted to this reality.
  • Electronic Frontier Foundation Member
  • Member of The Internet Defense League