Skip to content
This repository has been archived by the owner on Aug 14, 2020. It is now read-only.

spec: uid/gid/ownership for mountPoint #316

Open
ibukanov opened this issue Apr 24, 2015 · 3 comments
Open

spec: uid/gid/ownership for mountPoint #316

ibukanov opened this issue Apr 24, 2015 · 3 comments
Milestone
v1.0.0

Comments

@ibukanov
Copy link

Currently the spec does not specify the ownership and permissions for mountPoint directories. It should also clarify that these directories should be created if they do not exist in the image.

Also it would be nice to allow to specify uid/gid/permissions for the mount points either directly in the manifest or indirectly to require for the mount point to have the same ownership and permissions as the directory in the image. Without such option running an application with mountPoints as a non-root root user is problematic.
@jonboulle jonboulle added this to the v1.0.0 milestone Apr 27, 2015
@philips
Copy link
Contributor

philips commented Apr 28, 2015

I feel it would be simpler to enforce that the mountPoint must exist instead. The trouble with specifying it is what happens if there are multiple directories in the path that have to be created? Do we specify the uid/gid/perms for each directory in the path?

@ibukanov
Copy link
Author

From my docker experience automatic creation of mount paths in the container and on the host is very nice feature as it allows to use the image in more flexible ways.

However, I realized there is another issue with explicit uid/uid for volumes. For shared volumes it is not clear which app to use to extract user->id mapping so only numeric ids could be specified. I guess then fixing permissions and ownership it is best to leave to a pre-start hook as long as it can be configured to run as root, issue #58. So the spec should just clarify that all mount points will be owned by root with mode 755 and any intermediate directory in the mount path in the container will be created with the same permissions.

@n0rad
Copy link

n0rad commented May 3, 2016

just hit this issue and I see no workaround.
trying to start cassandra (that auto create data sub-directories) as user cassandra.

In dev/tests, I don't want to specify a mount point but the container cannot start since the mount dir belong to root.

If I pre-create directories and give ownership to the aci, since the root directory is a mount-point, when started, I only have an empty directory belonging to root.

pre-start does not help too since it's running as the same user (rkt/rkt#1495, #58)

One simple way to define it could be to give the same right to the mount point as the directory in the aci.

This was referenced May 3, 2016
Open
Closed
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
v1.0.0
Development

No branches or pull requests
4 participants
@philips @n0rad @ibukanov @jonboulle