search

uvarc / accord

Top-level repository for tracking the ACCORD deployment.
0 stars 0 forks source link

`/project` and `/scratch` folders belong to root #2

Closed mc2zk closed 2 years ago

mc2zk commented 3 years ago

In my test Jupyter session, the /project and /scratch folders belong to root, so I am only able to create files in the /user directory.

nmagee commented 3 years ago

Ah I see this related to #3 for permissions. We'll sort out permissions for these dirs.

parsley42 commented 3 years ago

"scratch" is basically unimplemented in the current aws environment, sorry.

"project" is owned by user root, but the group permissions should grant you access:

[user@jupyter-python-dparsle-x8bh2 home]$ ls -Flad project
drwxrwsr-x. 3 root project 6144 Jan 22 14:44 project/
[user@jupyter-python-dparsle-x8bh2 home]$ ls -Fland project
drwxrwsr-x. 3 0 4000007 6144 Jan 22 14:44 project/

Can you double-check your ability to write to project/, and failing that, leave your pod running and paste in the permissions as shown above?

mc2zk commented 3 years ago

Sorry for the delay. I still cannot write files in project. I think I left my pod running. Here's output from my terminal session:

 [user@jupyter-python-micheleco-84mzp project]$ pwd
/home/project
[user@jupyter-python-micheleco-84mzp project]$ touch testfile
touch: cannot touch 'testfile': Permission denied
[user@jupyter-python-micheleco-84mzp project]$ cd ..
[user@jupyter-python-micheleco-84mzp home]$ ls -lsa
total 8
0 drwxr-xr-x.  1 root root      48 Dec  8 23:43 .
0 drwxr-xr-x.  1 root root      28 Jan 26 19:53 ..
4 drwxrwsr-x.  2 root 4000032 6144 Dec  9 14:36 project
0 drwxrwxr-x.  2 root     491    6 Dec  8 23:43 scratch
4 drwx------. 10 user 2000014 6144 Jan 20 20:21 user

Maybe the group ownership for project is not recognized? Or, I'm not in that group?

parsley42 commented 3 years ago

Ah, thanks! @rkc7h can you have a look? For some reason, Michele's group ID is just 4000000:

[user@jupyter-python-micheleco-84mzp home]$ id
uid=2000014(user) gid=20000014(user) groups=20000014(user),4000000(project)
rkc7h commented 3 years ago

David,

Ok I will update and reply back

Regards Ravi

From: David Parsley notifications@github.com Sent: Tuesday, January 26, 2021 3:37:37 PM To: uvarc/accord accord@noreply.github.com Cc: Chamakuri, Ravi Kiran Reddy (rkc7h) rkc7h@virginia.edu; Mention mention@noreply.github.com Subject: Re: [uvarc/accord] /project and /scratch folders belong to root (#2)

Ah, thanks! @rkc7hhttps://github.com/rkc7h can you have a look? For some reason, Michele's group ID is just 4000000:

[user@jupyter-python-micheleco-84mzp home]$ id uid=2000014(user) gid=20000014(user) groups=20000014(user),4000000(project)

— You are receiving this because you were mentioned. Reply to this email directly, view it on GitHubhttps://github.com/uvarc/accord/issues/2#issuecomment-767812525, or unsubscribehttps://github.com/notifications/unsubscribe-auth/ALLJZI3B56KGUH57NL65H2LS34RZDANCNFSM4WLG4SHQ.

rkc7h commented 3 years ago

Hi David,

I reviewed the list I received from Neal and 4000000 is the gid listed for UVARC project, which is same thing and commons for everyone. The ugid for Michelle is 20000014 as I can see here as well. Let me know what would like me to adjust?

Ravi Chamakuri E rkc7h@virginia.edu P 571.277.7623 University of Virginia [University of Virginia]https://brand.virginia.edu/

From: "Chamakuri, Ravi Kiran Reddy (rkc7h)" rkc7h@virginia.edu Date: Tuesday, January 26, 2021 at 3:41 PM To: uvarc/accord accord@noreply.github.com, uvarc/accord reply@reply.github.com Cc: Mention mention@noreply.github.com Subject: Re: [uvarc/accord] /project and /scratch folders belong to root (#2)

David,

Ok I will update and reply back Regards Ravi

From: David Parsley notifications@github.com Sent: Tuesday, January 26, 2021 3:37:37 PM To: uvarc/accord accord@noreply.github.com Cc: Chamakuri, Ravi Kiran Reddy (rkc7h) rkc7h@virginia.edu; Mention mention@noreply.github.com Subject: Re: [uvarc/accord] /project and /scratch folders belong to root (#2)

Ah, thanks! @rkc7hhttps://github.com/rkc7h can you have a look? For some reason, Michele's group ID is just 4000000:

[user@jupyter-python-micheleco-84mzp home]$ id

uid=2000014(user) gid=20000014(user) groups=20000014(user),4000000(project)

— You are receiving this because you were mentioned. Reply to this email directly, view it on GitHubhttps://github.com/uvarc/accord/issues/2#issuecomment-767812525, or unsubscribehttps://github.com/notifications/unsubscribe-auth/ALLJZI3B56KGUH57NL65H2LS34RZDANCNFSM4WLG4SHQ.

rsdmse commented 3 years ago

@cagancayco and I are having the same problem

nmagee commented 2 years ago

I believe this is resolved in the new production environment. UID/GID are being set properly now in the NFS.

nmagee commented 2 years ago

/scratch dir has been dropped. The new structure is:

/home/project
/home/user

Behind the scenes within storage, USER directories are next to the shared PROJECT space, all contained within a parent dir for the project itself:

/projectX
/projectX/nem2p
/projectX/cag3fr
/projectX/rdmse
/projectX/shared

Within the container itself, the /project and /user mounts are under /home:

/home/user                700 owned by user.user
/home/project             770 owned by user.project

Project-specific user dirs are to prevent project-to-project bleedover (a security risk) if users had one, single, consistent, home dir across multiple projects.

At launchtime the ACCORD user, i.e. mst3k@virginia.edu or mst3k@vt.edu) is mapped in as user with their ACCORD-specific UID number, and their group mapped as project with their ACCORD project-specific GID number.

rkc7h commented 2 years ago

Hi @nmagee this was also resolved hence closing this issue