-
Notifications
You must be signed in to change notification settings - Fork 309
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Volume owned by root #453
Comments
Thank you for opening your first issue in this project! Engagement like this is essential for open source projects! 🤗 |
Maybe this has changed, but I think it's up to the docker volume provider to set initial permissions. We don't expose volume creation options in DockerSpawner, yet. I believe the If the empty Alternately, you can manage creation of the Since it's read-only, is there an issue with it being owned by root? |
Thank you so much @minrk for quick response. I was lazy and 'ro' was copied from other issue. I tried 'rw' too. I will follow your lead and see if i can have the shared directory present with right perms |
I have the same issue. The only difference is that I have the shared folder created inside of work so it shows up in explorer by default. |
In the interest of visibility, I also encounter this problem. The related part of my config: notebook_dir = "/home/jovyan/work"
c.DockerSpawner.notebook_dir = notebook_dir
c.DockerSpawner.volumes = { "/mnt/volume_nyc3_01/hub_userdata/{username}": notebook_dir } The absolute path is meant to mount from the Docker host, which it does correctly; I am running rootless Docker and as such the directories created above are owned by my system user. However, in spite of this, the directory in the container is owned by
I have managed to find relevant issues elsewhere on GitHub, albeit none with a solution that works in my case:
|
Following on my previous comment, I want to update with additional information. I've been able to reproduce this problem - with an absolute path mount location - on a vanilla Ubuntu 22.04 VM. The files are at this Gist. Based on my reading of the documentation, the following should work: notebook_dir = "/home/jovyan/work"
c.DockerSpawner.notebook_dir = notebook_dir
c.DockerSpawner.volumes = { "/tmp/{username}": notebook_dir } To mount a directory for some user (e.g. Like my previous comment, the user lacks permissions to write to this mounted directory, and at least the UID/user reported from within a JupyterLab terminal in the spawned container reports My purpose for this is obviously data persistence/permanent storage, so the fact that the user has no write access is behavior I would consider a bug, as what use is the permanent storage if one can't use it? My expectation is that the above I've been able to work around this issue with the following change: c.DockerSpawner.volumes = { "{username}": notebook_dir } Which creates a Docker volume that is writable, and the reported permissions from within the container are My question for the maintainer(s): is what I encounter expected behavior (i.e. absolute paths causing write permission errors)? If so, could clarity be added to the documentation? |
Same problem here. If there is a new user registered, and volume name is formatted with username and bind to a folder in local disk, I assume this situation is very common. And personally, I recommend to automatically change the folder owner with a helper program or something else. I did the following things: Config: c.JupyterHub.spawner_class = 'dockerspawner.DockerSpawner'
notebook_dir = os.getenv("DOCKER_NOTEBOOK_DIR") or '/home/jovyan/work'
c.DockerSpawner.notebook_dir = notebook_dir
c.DockerSpawner.volumes = {
'/userdata/isolation/{username}': notebook_dir
}
c.DockerSpawner.read_only_volumes = {
'/userdata/public': '/home/jovyan/public',
} Workaround:
The script mentioned above must be set to 0755 and only root can operate. A better way for this, without How about your ideas? @minrk @consideRatio @manics @matercomus @keshav-1835i |
This would not work if the volume you are mounting is non-empty. I am having this issue as well. Something somewhere is broken, because It is my understanding that setting: extraPodConfig:
securityContext:
runAsUser: 1000
runAsGroup: 100
fsGroup: 100 Should make mounted volumes owned by |
Bug description
Below are lines from my
jupyter_config.py
/home/jovyan/work
is owned by jovyan as expectedExpected behaviour
/home/jovyan/shared
is owned by jovyanActual behaviour
/home/jovyan/shared
is owned by rootHow to reproduce
Spin up a user container with above config
Your personal set up
Any help would be much appreciated
The text was updated successfully, but these errors were encountered: