Skip to content

Instantly share code, notes, and snippets.

@meonkeys

meonkeys/user.md

Last active November 11, 2017 07:26
Show Gist options
  • Save meonkeys/39af31a4d2170799b68d1403f364c507 to your computer and use it in GitHub Desktop.
Save meonkeys/39af31a4d2170799b68d1403f364c507 to your computer and use it in GitHub Desktop.
Download ZIP

Revisions

  1. meonkeys revised this gist Nov 11, 2017. 1 changed file with 0 additions and 31 deletions.
    31 changes: 0 additions & 31 deletions user.md
    View file
    Original file line number Diff line number Diff line change
    @@ -51,37 +51,6 @@ Traceback (most recent call last):
    File "/usr/lib/python2.7/os.py", line 157, in makedirs
    mkdir(name, mode)
    OSError: [Errno 13] Permission denied: '/.local'
    💩 1 [adamm@butter tensorflow]$ docker run -u $UID:$(id -g) --rm -it tensorflow/tensorflow:nightlyTraceback (most recent call last):
    File "/usr/local/bin/jupyter-notebook", line 11, in <module>
    sys.exit(main())
    File "/usr/local/lib/python2.7/dist-packages/jupyter_core/application.py", line 266, in launch_instance
    return super(JupyterApp, cls).launch_instance(argv=argv, **kwargs)
    File "/usr/local/lib/python2.7/dist-packages/traitlets/config/application.py", line 657, in launch_instance
    app.initialize(argv)
    File "<decorator-gen-7>", line 2, in initialize
    File "/usr/local/lib/python2.7/dist-packages/traitlets/config/application.py", line 87, in catch_config_error
    return method(app, *args, **kwargs)
    File "/usr/local/lib/python2.7/dist-packages/notebook/notebookapp.py", line 1366, in initialize
    self.init_configurables()
    File "/usr/local/lib/python2.7/dist-packages/notebook/notebookapp.py", line 1100, in init_configurables
    connection_dir=self.runtime_dir,
    File "/usr/local/lib/python2.7/dist-packages/traitlets/traitlets.py", line 556, in __get__
    return self.get(obj, cls)
    File "/usr/local/lib/python2.7/dist-packages/traitlets/traitlets.py", line 535, in get
    value = self._validate(obj, dynamic_default())
    File "/usr/local/lib/python2.7/dist-packages/jupyter_core/application.py", line 99, in _runtime_dir_default
    ensure_dir_exists(rd, mode=0o700)
    File "/usr/local/lib/python2.7/dist-packages/jupyter_core/utils/__init__.py", line 13, in ensure_dir_exists
    os.makedirs(path, mode=mode)
    File "/usr/lib/python2.7/os.py", line 150, in makedirs
    makedirs(head, mode)
    File "/usr/lib/python2.7/os.py", line 150, in makedirs
    makedirs(head, mode)
    File "/usr/lib/python2.7/os.py", line 150, in makedirs
    makedirs(head, mode)
    File "/usr/lib/python2.7/os.py", line 157, in makedirs
    mkdir(name, mode)
    OSError: [Errno 13] Permission denied: '/.local'
    ```

    ### Links
  2. meonkeys created this gist Nov 11, 2017.
    91 changes: 91 additions & 0 deletions user.md
    View file
    Original file line number Diff line number Diff line change
    @@ -0,0 +1,91 @@
    Say I have a short-lived container that creates a file inside an attached volume. Most off-the-shelf images run stuff as root in containers, so unless I do extra stuff in the container the file ends up owned by root on the host. I want that file owned by me.

    ## Run container as specific user

    `docker run` has a `--user` argument that allows forcing a specific uid/gid of the first process started in the container. This seems to work in some cases. For example:

    ```
    host$ mkdir dockTmp
    host$ docker run -u $UID:$(id -g) -v $(pwd)/dockTmp:/tmp/dockTmp --rm -it ubuntu:16.04 /bin/bash
    groups: cannot find name for group ID 1000
    I have no name!@1f64238ff7d4:/$ touch /tmp/dockTmp/foo
    I have no name!@1f64238ff7d4:/$ ls -l /tmp/dockTmp/foo
    -rw-r--r-- 1 1000 1000 0 Nov 11 07:22 /tmp/dockTmp/foo
    (Ctrl-d)
    host$ ls -l dockTmp/foo
    -rw-r--r-- 1 adamm adamm 0 Nov 10 23:22 dockTmp/foo
    ```

    Other times, not so much:

    ```
    host$ docker run -u $UID:$(id -g) --rm -it tensorflow/tensorflow:nightly
    Traceback (most recent call last):
    File "/usr/local/bin/jupyter-notebook", line 11, in <module>
    sys.exit(main())
    File "/usr/local/lib/python2.7/dist-packages/jupyter_core/application.py", line 266, in launch_instance
    return super(JupyterApp, cls).launch_instance(argv=argv, **kwargs)
    File "/usr/local/lib/python2.7/dist-packages/traitlets/config/application.py", line 657, in launch_instance
    app.initialize(argv)
    File "<decorator-gen-7>", line 2, in initialize
    File "/usr/local/lib/python2.7/dist-packages/traitlets/config/application.py", line 87, in catch_config_error
    return method(app, *args, **kwargs)
    File "/usr/local/lib/python2.7/dist-packages/notebook/notebookapp.py", line 1366, in initialize
    self.init_configurables()
    File "/usr/local/lib/python2.7/dist-packages/notebook/notebookapp.py", line 1100, in init_configurables
    connection_dir=self.runtime_dir,
    File "/usr/local/lib/python2.7/dist-packages/traitlets/traitlets.py", line 556, in __get__
    return self.get(obj, cls)
    File "/usr/local/lib/python2.7/dist-packages/traitlets/traitlets.py", line 535, in get
    value = self._validate(obj, dynamic_default())
    File "/usr/local/lib/python2.7/dist-packages/jupyter_core/application.py", line 99, in _runtime_dir_default
    ensure_dir_exists(rd, mode=0o700)
    File "/usr/local/lib/python2.7/dist-packages/jupyter_core/utils/__init__.py", line 13, in ensure_dir_exists
    os.makedirs(path, mode=mode)
    File "/usr/lib/python2.7/os.py", line 150, in makedirs
    makedirs(head, mode)
    File "/usr/lib/python2.7/os.py", line 150, in makedirs
    makedirs(head, mode)
    File "/usr/lib/python2.7/os.py", line 150, in makedirs
    makedirs(head, mode)
    File "/usr/lib/python2.7/os.py", line 157, in makedirs
    mkdir(name, mode)
    OSError: [Errno 13] Permission denied: '/.local'
    💩 1 [adamm@butter tensorflow]$ docker run -u $UID:$(id -g) --rm -it tensorflow/tensorflow:nightlyTraceback (most recent call last):
    File "/usr/local/bin/jupyter-notebook", line 11, in <module>
    sys.exit(main())
    File "/usr/local/lib/python2.7/dist-packages/jupyter_core/application.py", line 266, in launch_instance
    return super(JupyterApp, cls).launch_instance(argv=argv, **kwargs)
    File "/usr/local/lib/python2.7/dist-packages/traitlets/config/application.py", line 657, in launch_instance
    app.initialize(argv)
    File "<decorator-gen-7>", line 2, in initialize
    File "/usr/local/lib/python2.7/dist-packages/traitlets/config/application.py", line 87, in catch_config_error
    return method(app, *args, **kwargs)
    File "/usr/local/lib/python2.7/dist-packages/notebook/notebookapp.py", line 1366, in initialize
    self.init_configurables()
    File "/usr/local/lib/python2.7/dist-packages/notebook/notebookapp.py", line 1100, in init_configurables
    connection_dir=self.runtime_dir,
    File "/usr/local/lib/python2.7/dist-packages/traitlets/traitlets.py", line 556, in __get__
    return self.get(obj, cls)
    File "/usr/local/lib/python2.7/dist-packages/traitlets/traitlets.py", line 535, in get
    value = self._validate(obj, dynamic_default())
    File "/usr/local/lib/python2.7/dist-packages/jupyter_core/application.py", line 99, in _runtime_dir_default
    ensure_dir_exists(rd, mode=0o700)
    File "/usr/local/lib/python2.7/dist-packages/jupyter_core/utils/__init__.py", line 13, in ensure_dir_exists
    os.makedirs(path, mode=mode)
    File "/usr/lib/python2.7/os.py", line 150, in makedirs
    makedirs(head, mode)
    File "/usr/lib/python2.7/os.py", line 150, in makedirs
    makedirs(head, mode)
    File "/usr/lib/python2.7/os.py", line 150, in makedirs
    makedirs(head, mode)
    File "/usr/lib/python2.7/os.py", line 157, in makedirs
    mkdir(name, mode)
    OSError: [Errno 13] Permission denied: '/.local'
    ```

    ### Links

    * <https://twitter.com/meonkeys/status/929019572157427712>
    * <https://www.jujens.eu/posts/en/2017/Jul/02/docker-userns-remap/>
    * <https://stackoverflow.com/questions/35291520/docker-and-userns-remap-how-to-manage-volume-permissions-to-share-data-betwee>