The post “Handling Permissions with Docker Volumes” explains clearly the problem: when you run a docker container bound to a directory, all files are accessed/written with the UID of the docker user.
For instance, let us bind our ~/temp
directory to the /data
directory inside the container, and create the file /data/test
inside the container with:
docker run -it -v ~/temp:/data ubuntu:16.04 "touch" "/data/test"
Then ls -lhF ~/temp
gives:
total 8,0K
-rw-r--r-- 1 root root 0 set 4 19:23 test
because the command touch
has been run with UID 0
inside the container. Usually, I want to run a container with my UID, so that running a container is undistinguishable from running any other program. The first element of the solution is the gosu package that must be installed via the Dockerfile command: RUN apt-get update && apt-get install -y gosu
.
The second element is a trivial script gosu.sh that computes the UID and GID of the owner of the /data directory inside the container and runs the program with that UID/GID. The gosu.sh
for our HapCHAT program is:
#!/bin/bash
# Add local user
# with the same owner as /data
USER_ID=$(stat -c %u /data)
GROUP_ID=$(stat -c %g /data)
echo "Starting with UID:GID $USER_ID:$GROUP_ID"
groupadd -g "$GROUP_ID" group
useradd --shell /bin/bash -u "$USER_ID" -g group -o -c "" -m user
export HOME=/
chown --recursive "$USER_ID":"$GROUP_ID" /HapCHAT
exec gosu user "$@"
Copying and running that file is achieved with the following snippet of the Dockerfile
COPY gosu.sh /usr/local/bin/gosu.sh
ENTRYPOINT ["/usr/local/bin/gosu.sh"]
CMD ["/usr/bin/snakemake"]
We can run a docker container with the unprivileged permissions of our users with a simple script and a change to the Dockerfile. You can find the files at https://github.com/AlgoLab/HapCHAT/tree/master/docker
]]>I used to love XEmacs, but it has been declared dead years ago.
I used it to write papers and several programs. I even used it to write my Ph.D. thesis. I have read and appreciated jwz tirade against GNU Emacs, and I think he’s right.
Anyway, some years ago (I think about 10 years ago) I switched back to GNU Emacs and I’ve never looked back. Still, up until now I have seen XEmacs as a nice project. But now the leader of XEmacs states that he would oppose any improvement to Emacs that “makes it even harder for XEmacs to catch up“. That only means that it is time to stop thinking about XEmacs and go on.
]]>For some reasons that are totally unkown to me, some websites keep linking to my older website for a text of the Clarified Artistic License, so I decided to report it here. In 1998 I wrote the implementation of the Reduce-Expand algorithm for solving the LCS (Longest Common Subsequence) problem. At the time my understanding of free software licenses was pretty naive, so I settled for the Clarified Artistic License, which was the ncftp license with a few very minor rewordings. Today I feel quite a pain when I see a new software license, as I think that the fragmentation of the various license is a small but totally unnecessary hurdle towards world domination. As a consequence, I support only GPL/LGPL/AGPL/MIT. I understand that somebody might prefer adoption to preserving software freedom and consequently chooses a BSD license, but that is not my preferred choice. Especially after the JMRI trial I believe that copyleft licenses should really be the default option, so I changed the license of my implementation to the GPL.
Anyway, in case you find it useful, the text of the Clarified Artistic License is below.
The intent of this document is to state the conditions under which a Package may be copied, such that the Copyright Holder maintains some semblance of artistic control over the development of the package, while giving the users of the package the right to use and distribute the Package in a more-or-less customary fashion, plus the right to make reasonable modifications.
“Package” refers to the collection of files distributed by the Copyright Holder, and derivatives of that collection of files created through textual modification.
“Standard Version” refers to such a Package if it has not been modified, or has been modified in accordance with the wishes of the Copyright Holder as specified below.
“Copyright Holder” is whoever is named in the copyright or copyrights for the package.
“You” is you, if you’re thinking about copying or distributing this Package.
“Distribution fee” is a fee you charge for providing a copy of this Package to another party.
“Freely Available” means that no fee is charged for the right to use the item, though there may be fees involved in handling the item. It also means that recipients of the item may redistribute it under the same conditions they received it.