File permissions in docker

eSASS download and installation
Post Reply
benmaughan
Posts: 2
Joined: Fri Oct 22, 2021 4:29 pm

File permissions in docker

Post by benmaughan »

Hi,

I'm trying to run eSASS using the docker approach, as I don't currently have access to an Ubuntu machine. I am running the docker image using singularity on Scientific Linux, so it could be that the problems I'm having are due to that rather than eSASS!

In any case, once I start the docker image, I find that I cannot access the eSASS commands as I don't have permission to read the eSASS4EDR directory:

Code: Select all

Singularity> source /home/idies/sw/eSASS4EDR/bin/esass-init.sh
bash: /home/idies/sw/eSASS4EDR/bin/esass-init.sh: Permission denied

Singularity> ls -lh /home/idies/sw/
total 14K
drwxrws--- 10 root root  278 Sep  2 10:49 eSASS4EDR
-rwxr-xr-x  1 root root 5.0K Sep  2 09:35 eSASS4EDRmirror.sh
drwxr-x--- 10 root root  211 Sep  2 09:42 external
-rwxr-xr-x  1 root root 3.2K May 29  2020 sass-setup.csh
drwxr-xr-x  2 root root  593 Sep  2 09:53 sw_edr
-rwxr-xr-x  1 root root 2.4K Aug  4 09:00 unpack_edr.sh
I am using the full esass docker image

Thanks for any help you can provide!

Ben
Top
jhaase
Posts: 7
Joined: Tue Jun 29, 2021 10:20 am

Re: File permissions in docker

Post by jhaase »

Hi Ben

I have not tried to convert the Docker image to Singularity myself yet and don't have any experience with it, so I am just looking at the Singularity documentation to see if I can spot a obvious solution.

I am guessing it is not possible to force the container user to be idies or run it as a user with UID,GID = 1000:1000 ?

I did recently try to run a eSASS image in a CharlieCloud setting and had a similar issue there in that the container user is the same as the host user and none of the setup shell scripts would work. The solution there was to force the environment settings at startup. Perhaps the same could be done with %environment when bootstrapping the image from Docker?

The environment should be the following (knock on wood)

Code: Select all

SASS_ROOT=/home/idies/sw/eSASS4EDR
LD_LIBRARY_PATH=/opt/heasoft/lib:/home/idies/miniconda3/lib
E_LIB=/home/idies/sw/eSASS4EDR/lib
CALDB=/home/idies/caldb
EXT=lnx
SASS_PAR=/home/idies/sw/eSASS4EDR/par
SASS_TESTDATA=/home/idies/sw/eSASS4EDR/sass/testdata
HEASOFT_VERSION=6.27.2
CC=/usr/bin/gcc
SASS_DIR=/home/idies/sw/eSASS4EDR
XANADU=/opt
SASS_SETUP=/home/idies/sw/eSASS4EDR/sass/setup
PGPLOT_FONT=/opt/heasoft/lib/grfont.dat
PGPLOT_DIR=/opt/heasoft/lib
DEBIAN_FRONTEND=noninteractive
CALDBALIAS=/home/idies/caldb/software/tools/alias_config.fits
FTOOLSOUTPUT=stdout
E_ROOT=/home/idies/sw/eSASS4EDR/erosita
SASS_HOME=/home/idies/sw/eSASS4EDR
HEADAS=/opt/heasoft
PFILES=/home/idies/pfiles;/home/idies/sw/eSASS4EDR/par:/opt/heasoft/syspfiles
SASS_BIN_ROOT=/home/idies/sw/eSASS4EDR/bin
XRDEFAULTS=/opt/heasoft/xrdefaults
CALDBCONFIG=/home/idies/caldb/software/tools/caldb.config
E_MOD=/home/idies/sw/eSASS4EDR/include
FC=/usr/bin/gfortran
TCLRL_LIBDIR=/opt/heasoft/lib
FTOOLS=/opt/heasoft
LYNX_CFG=/opt/heasoft/lib
CXX=/usr/bin/g++
PERL=/usr/bin/perl
LHEA_HELP=/opt/heasoft/help
POW_LIBRARY=/opt/heasoft/lib/pow
PERL5LIB=/opt/heasoft/lib/perl
SHLVL=1
PYTHONPATH=/opt/heasoft/lib/python:/opt/heasoft/lib
PGPLOT_RGB=/opt/heasoft/lib/rgb.txt
SASS_CALVERS=/home/idies/caldb/data/erosita/calvers.indx
LHEA_DATA=/opt/heasoft/refdata
LHEAPERL=/usr/bin/perl
LHEASOFT=/opt/heasoft
PATH=/home/idies/sw/eSASS4EDR/bin:/opt/heasoft/bin:/home/idies/miniconda3/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
PERLLIB=/opt/heasoft/lib/perl
PFCLOBBER=1
PYTHON=/home/idies/miniconda3/bin/python
XANBIN=/opt/heasoft
FTOOLSINPUT=stdin
SASS_TEMPLATES=/home/idies/sw/eSASS4EDR
I hope this somehow helps

cheers
Jonas
Top
benmaughan
Posts: 2
Joined: Fri Oct 22, 2021 4:29 pm

Re: File permissions in docker

Post by benmaughan »

Thank you for the suggestions. We rebuilt the Singularity container with modified permissions to allow us to read the /home/idies directory. This seems to be working now. I'll post the details in case others find them helpful...

The container was built using

Code: Select all

sudo singularity build erosita.sif erosita.def
where erosita.def contains the following

Code: Select all

Bootstrap: docker
From: erosita/esass:latest

%setup

%files

%environment

%post
    apt-get update
    chmod -R 777 /home/idies
%runscript

%startscript

%test


%labels
    Author RAHM
    Version v2

%help
    Container to run eRosita eSASS software on singularity
We then start using the image with

Code: Select all

singularity shell --bind /path/to/data_directory:/home/username/external_data erosita.sif
where the --bind option makes a specified data_directory accessible inside the container in the user's home directory
Top
jhaase
Posts: 7
Joined: Tue Jun 29, 2021 10:20 am

Re: File permissions in docker

Post by jhaase »

Great, thank you!

I'll give it a spin in Singularity too to try it out now :)

cheers
Jonas
Top
Post Reply

Return to “eSASS download and installation”