Skip to content
GitLab
Projects Groups Snippets
  • /
  • Help
    • Help
    • Support
    • Community forum
    • Submit feedback
  • Sign in
  • C cmssw-docker
  • Project information
    • Project information
    • Activity
    • Labels
    • Members
  • Repository
    • Repository
    • Files
    • Commits
    • Branches
    • Tags
    • Contributors
    • Graph
    • Compare
    • Locked Files
  • Issues 12
    • Issues 12
    • List
    • Boards
    • Service Desk
    • Milestones
    • Iterations
  • Merge requests 2
    • Merge requests 2
  • CI/CD
    • CI/CD
    • Pipelines
    • Jobs
    • Schedules
  • Deployments
    • Deployments
    • Environments
    • Releases
  • Packages and registries
    • Packages and registries
    • Package Registry
    • Container Registry
    • Infrastructure Registry
  • Monitor
    • Monitor
    • Incidents
  • Analytics
    • Analytics
    • Value stream
    • CI/CD
    • Code review
    • Issue
    • Repository
  • Activity
  • Graph
  • Create a new issue
  • Jobs
  • Commits
  • Issue Boards
Collapse sidebar
  • cms-cloud
  • cmssw-docker
  • Issues
  • #4
Closed
Open
Issue created Jul 04, 2018 by Tibor Simko@simkoMaintainer

default user ID?

I noticed that the CMSSW standalone container runs as cmsuser with ID 501:

$ docker run -i -t --rm clelange/cmssw:5_3_32 /usr/bin/id
uid=501(cmsusr) gid=501(cmsusr) groups=501(cmsusr)

This creates some permission issues when running the container in a laptop development kind of situation when my local disk is mounted as a volume to the running process.

Is the cmsuser necessary?

  • If yes, could the user ID be set to 1000? This is equal to the first user ID of a Linux system, making development easier when sharing volumes and writing files from inside and outside the container. This is what we usually do in our various projects, for example:
$ grep reanauser Dockerfile 
RUN adduser --uid 1000 --disabled-password --gecos '' reanauser && \
    chown -R reanauser:reanauser /code
USER reanauser
$ docker run -i -t --rm reanahub/reana-job-controller /usr/bin/id
uid=1000(reanauser) gid=1000(reanauser) groups=1000(reanauser)
  • If not, what about keeping some root rights?
$ grep -A1 invenio Dockerfile 
RUN adduser --uid 1000 invenio --gid 0 && \
    chown -R invenio:root /code
USER 1000
$ docker run -i -t --rm cernopendata/web /usr/bin/id
uid=1000(invenio) gid=0(root) groups=0(root)

This would make running things easier both locally and on K8s.

Assignee
Assign to
Time tracking