bids-apps - file permissions of produced artifacts
20 views
Skip to first unread message
Yaroslav Halchenko
Mar 14, 2017, 3:04:03 PM3/14/17
to bids-discussion
Dear BIDS-App experts,
Before all bids-apps become available as singularity containers --
is there any workflow/workaround (chmod g+s outputs, umask, ... some
other collection of steps without requiring actual root access) to get
results of the BIDS-app operation to be owned by originating user and
not root?
Having produced results owned by root really hinders utility of any
BIDS-app by regular mortals AKA users.
Thanks in advance for the clarification!
--
Yaroslav O. Halchenko
Center for Open Neuroscience http://centerforopenneuroscience.org
Dartmouth College, 419 Moore Hall, Hinman Box 6207, Hanover, NH 03755
Phone: +1 (603) 646-9834 Fax: +1 (603) 646-1419
WWW: http://www.linkedin.com/in/yarik
Before all bids-apps become available as singularity containers --
is there any workflow/workaround (chmod g+s outputs, umask, ... some
other collection of steps without requiring actual root access) to get
results of the BIDS-app operation to be owned by originating user and
not root?
Having produced results owned by root really hinders utility of any
BIDS-app by regular mortals AKA users.
Thanks in advance for the clarification!
--
Yaroslav O. Halchenko
Center for Open Neuroscience http://centerforopenneuroscience.org
Dartmouth College, 419 Moore Hall, Hinman Box 6207, Hanover, NH 03755
Phone: +1 (603) 646-9834 Fax: +1 (603) 646-1419
WWW: http://www.linkedin.com/in/yarik
Chris Gorgolewski
Mar 14, 2017, 3:11:34 PM3/14/17
to bids-discussion, bids-apps-dev
Hi,
To clarify - you are talking about running BIDS Apps with Docker right?
You can override the internal user name used by Docker from the command line. See: https://docs.docker.com/engine/reference/run/#user (I have not tried it, but it should do the trick).
Best,
Chris
PS Does this mean you have a multi-tenant system with Docker access for non-privileged users?
PPS You can convert any BIDS App to singularity for your users with docker2singularity (but I'm sure you are aware of this...)
--
You received this message because you are subscribed to the Google Groups "bids-discussion" group.
To unsubscribe from this group and stop receiving emails from it, send an email to bids-discussion+unsubscribe@googlegroups.com.
To post to this group, send email to bids-discussion@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/bids-discussion/20170314190350.wvdytpwsd5iq3wah%40hopa.kiewit.dartmouth.edu.
For more options, visit https://groups.google.com/d/optout.
yarikoptic
Mar 14, 2017, 3:59:58 PM3/14/17
to bids-discussion, samuel.a....@dartmouth.edu
On Tuesday, March 14, 2017 at 3:11:34 PM UTC-4, Chris Gorgolewski wrote:
To clarify - you are talking about running BIDS Apps with Docker right?
yeap
You can override the internal user name used by Docker from the command line. See: https://docs.docker.com/engine/reference/run/#user (I have not tried it, but it should do the trick).
ha -- not sure how I have missed it ;) but indeed it should do the trick:
$> docker run -it --rm --user $UID neurodebian whoami
whoami: cannot find name for user ID 47521
PS Does this mean you have a multi-tenant system with Docker access for non-privileged users?
nope -- it means I have multi-tenant system with Docker access for privileged users ;)
PPS You can convert any BIDS App to singularity for your users with docker2singularity (but I'm sure you are aware of this...)
yeap -- "working" on that ;) are BIDS apps coming as stock singularity containers any time soon, now that there is singularity hub is brewing up? ;)
Thanks Chris!
Chris Gorgolewski
Mar 14, 2017, 4:38:31 PM3/14/17
to bids-discussion, samuel.a....@dartmouth.edu
Ideally singularity should support importing and/or running conatiners directly from Docker Hub for unprivelaged users in the next release.
Vanessa is also working on Singualrity Hub, but there are still some issues with tagging and ability to do explicit pushing instead of autobuilds that need to be resolved.
Thanks Chris!
--
You received this message because you are subscribed to the Google Groups "bids-discussion" group.
To unsubscribe from this group and stop receiving emails from it, send an email to bids-discussion+unsubscribe@googlegroups.com.
To post to this group, send email to bids-discussion@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/bids-discussion/fc506f86-0024-4819-80a3-dcf7b351099b%40googlegroups.com.
Satrajit Ghosh
Mar 14, 2017, 5:41:15 PM3/14/17
to bids-di...@googlegroups.com, samuel.a....@dartmouth.edu
hi yarik,
this is what we do with any docker container from docker hub with singularity. (actual command example below).
singularity shell docker://container_name:tag
this will create a directory inside $SINGULARITY_CACHEDIR/singularity-container.someletters/containername/
in fact you can do:
mv $SINGULARITY_CACHEDIR/singularity-container.someletters/containername/ $LOCALSINGULARITYCACHE/containername
that's a like a chroot system. you can go in there and edit anything, including creating empty directories for mount points, changing the /environment script to source things for example.
then any user on the system can do: singularity exec/run/shell $LOCALSINGULARITYCACHE/containername
cheers,
satra
satra
example commands (using current release 2.2.1. - but of course i live with librefactor branch normally :) ):
cd /dev/shm/
mkdir satra
cd satra/
export SINGULARITY_CACHEDIR=$PWD
singularity shell docker://debian:8.5
> Exit from singularity
mv singularity-rundir.* mydebian
# create a new mountpoint
mkdir mydebian/debian\:8.5/om
singularity shell -B /om:/om -c mydebian/debian\:8.5/
To view this discussion on the web visit https://groups.google.com/d/msgid/bids-discussion/CAAQzouO5-10%2BDr%3D1Q9OQ_7_tW-66ugYMoFdEKsJjH%3Dz4Rtg8Ug%40mail.gmail.com.
Reply all
Reply to author
Forward
0 new messages