Permissions when running as another user

[asmodehn]

I encountered an issue with permissions on shared volumes, which eventually boils down to :

$ docker run -it --rm -p 8888:8888 -u 1002:1002 pangeo/base-notebook:latest ls -ltrn
total 40
-rwxr-xr-x 1 1000 1000   303 Mar  7 18:21 start
-rw-r--r-- 1 1000 1000  2993 Mar  7 18:21 packages.txt
-rw-r--r-- 1 1000 1000   166 Mar  7 18:21 environment.yml
-rw-r--r-- 1 1000 1000 21054 Mar  7 18:21 conda-linux-64.lock
-rw-r--r-- 1 1000 1000    30 Mar  7 18:21 Dockerfile

This prevents running the image with another user (1002 here) which is needed to satisfy permissions when accessing shared volumes owned by that (uid != 1000) user

From my understanding, this comes from moby/moby#7198

I am aware of two possible fixes :

• https://github.com/boxboat/fixuid
• https://github.com/tianon/gosu

I was wondering if someone encountered the same issue ?
If so, what would be the appropriate fix here ?

[scottyhq]

@asmodehn, yes these images are really intended to run on jupyterhub and as far as I'm aware all users have gid:uid 1000:1000, so our base dockerfile currently hard-codes things like the /home/jovyan home directory and uid 1000.

pangeo-docker-images/base-image/Dockerfile

Lines 9 to 10 in a1a014a

	NB_USER=jovyan \
	NB_UID=1000 \

pangeo-docker-images/base-image/Dockerfile

Line 62 in a1a014a

# FIXME (?): user and home folder is hardcoded for now

perhaps @consideRatio has some guidance for workarounds or links to relevant jupyterhub issues on this topic. Of course you're welcome to fork this repository and modify the base Dockerfile to suit your needs