Re: [bids-discussion] Elevated permissions in BIDS Apps?!

[Chris Gorgolewski]

Hi Sajjad,

You can install packages using elevated permissions (in your Dockerfile), but you cannot rely on being root when you run the app (so make sure all the permissions are ok). Let me know if this makes sense.

Best,

Chris

On Mon, Jul 30, 2018 at 10:23 PM <torabia...@gmail.com> wrote:

Hi BIDS Community!

As you know, we should not rely on having elevated permissions inside the container image when developing a BIDS app. But I just found two BIDS apps (baracus & tracula) that does so, and have sudo in their Dockerfiles; and I guess that's why they don't include a Singularity container? I'm writing my app's Dockerfile and have the same issue too: as you can see from PyMVPA's installation guide (http://www.pymvpa.org/installation.html), there is an Ubuntu version of installing the package which I want to use, but requires sudo permission. I shouldn't do that, right? Then what would be my best alternative? Should I build from source? Thank you so much!

Best,

Sajjad

--
We are all colleagues working together to shape brain imaging for tomorrow, please be respectful, gracious, and patient with your fellow group members.
---
You received this message because you are subscribed to the Google Groups "bids-discussion" group.
To unsubscribe from this group and stop receiving emails from it, send an email to bids-discussi...@googlegroups.com.
To post to this group, send email to bids-di...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/bids-discussion/381a88c8-fab8-4c9e-9431-5e0941c2e685%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[Chris Gorgolewski]

Relying on root when building the containers (in Dockerfiles) is perfectly ok (actually I cannot think of a single app that does not do it - even though most do not explicitly call sudo). What matters is that when you run the container you can do it with any user (not just root). Please mind that when you run containers with singularity you do not rebuild the image using Dockerfile, but merely convert the already built image.

Best,

Chris

On Tue, Jul 31, 2018 at 12:05 AM Sajjad Torabian <torabia...@gmail.com> wrote:

Thank you so much Chris for your response! It does make sense, but what I don't understand is why those two apps for example are relying on being root. Shouldn't all the apps have a Singularity version as well so that people can run them on HPCs? (and with sudo in a recipe that cannot happen)

This is mentioned explicitly in your BIDS Apps paper too under Dockerfile creation. According to that, I shouldn't have sudo anywhere in my Dockerfile recipe. Please let me know if I'm thinking correctly about this.

Best,

Sajjad

To view this discussion on the web visit https://groups.google.com/d/msgid/bids-discussion/0c6bea92-85ae-4fbc-b7d6-a6e316a9cec8%40googlegroups.com.