Open milanmlft opened 11 months ago
HI @milanmlft I think a couple of additional steps also need to happen. Do you remember if the same for you?
Ah yes, I found this in my notes:
# /opt/appstream/SessionScripts/config.json
{
"SessionStart": {
"Executables": [
{
"Context": "system",
"Filename": "/opt/appstream/SessionScripts/efs-mount.sh",
"Arguments": "",
"S3LogEnabled": true
}
],
"WaitingTime": 30
}
}
Have you guys ever taken a look at EFS Access points? These look like they may have the potential to provide more control over permissions settings.
Have you guys ever taken a look at EFS Access points? These look like they may have the potential to provide more control over permissions settings.
Not that I can remember but indeed looks promising!
More info on access points (more EC2 focused than AppStream):
The Image Builder currently used to create the AppStream image has the following setup script in
/opt/appstream/SessionScripts/efs-mount.sh
to mount the EFS volume in the AppStream instance:After mounting the EFS volume, it updates the permissions of the
data/xnat
files to allow access to any user, which is necessary to enable access to the files from users' AppStream sessions.However, the problem is that when XNAT creates new files, either when uploading data or generating results from analyses, those files are owned by
tomcat
and have restricted access permissions. So this still causes problems when trying to access the files from an AppStream instance. See also https://github.com/HealthBioscienceIDEAS/terraform-aws-IDEAS-appstream/issues/3#issuecomment-1700806532.We might be able to solve this problem by having newly created files inherit permissions from their parent folder, as suggested by https://github.com/HealthBioscienceIDEAS/terraform-aws-IDEAS-appstream/issues/3#issuecomment-1702495052.