-
Notifications
You must be signed in to change notification settings - Fork 97
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Impossible to share enroot container between users #125
Comments
I guess you could do that by setting |
We have a common group: groupa and all users are part of that group. The ENROOT_DATA_PATH is set to /mnt/localdisk/enroot and the "groupa" has rwx permissions to the folder. How is enroot configured?
As opc user, who ran the "enroot create", the below works, but not when another user (pinkesh4) of the group "groupa" tries to do "enroot start xxxx".
As pinkesh4 user, it fails
The above files belong to the container are owned by opc, who created it and hence other users like pinkesh4 of the same group: groupa, don't have permissions and I don't think its best practice to just change permissions on the container files like below to give read and/or write access to the group.
|
You're going to have to adjust the permissions of your container if you want multiple users to use it, there is no way around that.
|
I tried "change the group permissions on files missing it", but enroot start overrides it again once it runs. chmod 660 /mnt/localdisk/enroot/ubuntu_opc/etc/passwd
Run
|
I tried
Even though I am setting the umask to rwx for group, it is getting ignored or overwritten by enroot.
Let me know if my test steps are correct. So seems like this is uncharted territory and it's not validated if containers can be shared by multiple users. Is the recommended best practice to share image sqsh file, but not the container among users ? |
This would be the responsibility of the shadow hook. |
Right now, on a cluster with many users, each user would need to run his own container from the shared image. When trying to run the container from another user, all kinds of permissions are missing. Would there be a way to enable permission on those files for a specific group rather than for a specific user? This would allow to avoid creating the same container multiple times.
The text was updated successfully, but these errors were encountered: