tomkinsc
commented
7 years ago I could see where requiring world-writability of files on the host system would be annoying, and am open to changes. If you submit a PR with what you have in mind, I look forward to seeing how this could work. Part of the incentive for distributing viral-ngs as a conda package is that we don't have to install it at a system level, which is important for those who would like to install/run the package but lack admin privileges (including on our Institute HPC systems). Installing to /opt seems like a reasonable compromise to make the package available the system at large, provided world executability. For setting the uid, have you tried chroot --userspec=$UID / as mentioned in the gosu repo? Otherwise gosu may be a good option if we can install the binary from an aptitude source rather than compiling su-exec.
I might prefer gosu over su-exec even though it is a bit larger
biocyberman
Currently I have to set world-writable for host user data directory so that docker can write to this via
datavolume. So I propose the following solution so that docker can have the same read/write permission as the docker running user has:Aim: to match userid and groupid of
viral-ngs-userinside docker to host's current running user.In order to do that, viral-ngs installation location inside docker should be moved to system-wide location, for example
/opt. We can then move the creation ofviral-ngs-userto the ENTRYPOINT scriptenv-wraper.sh, and so that userid and groupid can be matched during docker image startup. In doing so, su-exec tool might be needed. Do you think this is worth doing @tomkinsc ?