Skip to content

Instantly share code, notes, and snippets.

@agostof

agostof/docker_permission_tests_jhub_notebook_container.md

Created August 1, 2023 14:37
Show Gist options
  • Save agostof/f145262ac4dd3b5750c8aa57f47fed10 to your computer and use it in GitHub Desktop.
Save agostof/f145262ac4dd3b5750c8aa57f47fed10 to your computer and use it in GitHub Desktop.
Download ZIP
Raw
docker_permission_tests_jhub_notebook_container.md

Testing docker permissions

Ilustrate Host permissions mappings into a container.

# Create a directory that we are going to use to test our VOLUME
mkdir TEST; cd TEST
mkdir -pv DOCKER_VOLUME/{data,users,jhub}

Check contents

research-01:~/TEST$ ls -lan DOCKER_VOLUME/
total 20
drwxr-sr-x 5 1001 1003 4096 Aug  1 14:14 .
drwxr-xr-x 3 1001 1003 4096 Aug  1 13:50 ..
drwxr-sr-x 2 1001 1003 4096 Aug  1 14:14 data
drwxr-sr-x 2 1001 1003 4096 Aug  1 14:14 jhub
drwxr-sr-x 2 1001 1003 4096 Aug  1 14:14 users

adjust permissions

# Set default group to 1003
chmod g+s DOCKER_VOLUME/
chmod g+s DOCKER_VOLUME/users/

# set default group to 100 for jhub
sudo chown 1000:100 DOCKER_VOLUME/jhub
sudo chmod g+s DOCKER_VOLUME/jhub

Start minimal container

docker run -it --rm -v ${PWD}/DOCKER_VOLUME/:/VOLUMES alpine

Run the following inside the alpine conainer

research-01:~/TEST$ docker run -it --rm -v ${PWD}/DOCKER_VOLUME/:/VOLUMES alpine
/ # id
uid=0(root) gid=0(root) groups=0(root),1(bin),2(daemon),3(sys),4(adm),6(disk),10(wheel),11(floppy),20(dialout),26(tape),27(video)
/ # ls -na /VOLUMES/
total 20
drwxr-sr-x    5 1001     1003          4096 Aug  1 14:14 .
drwxr-xr-x    1 0        0             4096 Aug  1 14:16 ..
drwxr-sr-x    2 1001     1003          4096 Aug  1 14:14 data
drwxr-sr-x    2 1000     100           4096 Aug  1 14:14 jhub
drwxr-sr-x    2 1001     1003          4096 Aug  1 14:14 users
/ # mkdir /VOLUMES/users/dummy_01
/ # ls -lan /VOLUMES/users/
total 12
drwxr-sr-x    3 1001     1003          4096 Aug  1 14:17 .
drwxr-sr-x    5 1001     1003          4096 Aug  1 14:14 ..
drwxr-sr-x    2 0        1003          4096 Aug  1 14:17 dummy_01 <-- NOTICE UID, GID

Now lets try with jupyter/base-notebook

docker run -it --rm -v ${PWD}/DOCKER_VOLUME/:/VOLUMES jupyter/base-notebook /bin/bash

Inside the notebook conainer.

(base) jovyan@64970083baef:~$ id
uid=1000(jovyan) gid=100(users) groups=100(users)
(base) jovyan@64970083baef:~$ ls -l /VOLUMES/
total 12
drwxr-sr-x 2   1001  1003 4096 Aug  1 14:14 data
drwxr-sr-x 2 jovyan users 4096 Aug  1 14:14 jhub
drwxr-sr-x 3   1001  1003 4096 Aug  1 14:17 users
(base) jovyan@64970083baef:~$ ls -ln /VOLUMES/
total 12
drwxr-sr-x 2 1001 1003 4096 Aug  1 14:14 data
drwxr-sr-x 2 1000  100 4096 Aug  1 14:14 jhub
drwxr-sr-x 3 1001 1003 4096 Aug  1 14:17 users
(base) jovyan@64970083baef:~$ mkdir /VOLUMES/jhub/test
(base) jovyan@64970083baef:~$ touch /VOLUMES/jhub/data.txt
(base) jovyan@64970083baef:~$ ls -la /VOLUMES/jhub/
total 12
drwxr-sr-x 3 jovyan users 4096 Aug  1 14:21 .
drwxr-sr-x 5   1001  1003 4096 Aug  1 14:14 ..
-rw-r--r-- 1 jovyan users    0 Aug  1 14:21 data.txt
drwxr-sr-x 2 jovyan users 4096 Aug  1 14:20 test
(base) jovyan@64970083baef:~$ ls -lan /VOLUMES/jhub/
total 12
drwxr-sr-x 3 1000  100 4096 Aug  1 14:21 .
drwxr-sr-x 5 1001 1003 4096 Aug  1 14:14 ..
-rw-r--r-- 1 1000  100    0 Aug  1 14:21 data.txt
drwxr-sr-x 2 1000  100 4096 Aug  1 14:20 test
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment