Singularity changing user

976 views
Skip to first unread message

Mark Miesch

unread,
Mar 12, 2021, 2:55:09 PM3/12/21
to singularity

Hi all - question - as I enter a container, singularity is changing the user:

ubuntu@ip-172-31-9-105:~$ whoami

ubuntu

ubuntu@ip-172-31-9-105:~$ singularity exec -e jedi-tutorial_latest.sif whoami

jedi


This is for singularity version 3.6.4.  I could have sworn that this did not happen in earlier versions of singularity.  I thought one's username is the same inside and outside the container.  Despite this, the $HOME directory is the same inside and outside the container.

This is causing problems for ssh authentication.  For example, git is looking for ssh keys in /home/jedi/.ssh instead of $HOME/.ssh.

Desired behavior: I want my user id inside the container to be the same as it is outside the container.

Does anyone know why this is happening and how to achieve the desired behavior?

Thanks!



David Trudgian

unread,
Mar 12, 2021, 3:04:02 PM3/12/21
to 'Priedhorsky, Reid' via singularity
The effective user account isn't actually being changed here as that is fixed on the numeric uid/gid, not the username - but the username shown in the container isn't as expected.

Likely this means the container image you are using has an /etc/passwd entry for `jedi` that happens to have the same uid as your user account outside the container.

Singularity will append the entry for your user account from your host into the container's /etc/passwd when it runs, but if the container has a prior entry for 'jedi' with the same uid then that 'jedi' username will be picked up first. The uid / gid etc. will all be correct... you aren't a 'different user', but rather the container is using a different name for your same user account.

You should make sure that the container you are using doesn't include an /etc/passwd entry (user) that matches the uid of your account on the host.

--
You received this message because you are subscribed to the Google Groups "singularity" group.
To unsubscribe from this group and stop receiving emails from it, send an email to singularity...@lbl.gov.
To view this discussion on the web visit https://groups.google.com/a/lbl.gov/d/msgid/singularity/b5359e64-5626-437a-a574-158152ccd2f6n%40lbl.gov.


--
David Trudgian
Sylabs Inc.

Mark Miesch

unread,
Mar 12, 2021, 3:31:35 PM3/12/21
to singularity, David Trudgian

Thanks David for the prompt response.  You're absolutely right - there is a prior entry in the /etc/passwd account for jedi with the same uid.

This is done because the singularity container is built from a Docker container that we use for CI testing.  We introduce a new user called jedi in the docker container to avoid running our MPI CI tests as root.  

I guess 1000 is a common value for a user id.  The example I showed was on an AWS instance but we had another user who was reporting this on her own linux laptop.  

So, I guess the way around this is to create the jedi user with a more obscure user id.  Or, perhaps to remove the jedi user when we go from docker to singularity.

In any case, thank you for the explanation - very helpful.

Reply all
Reply to author
Forward
0 new messages