Permissions on /home/user/galaxy_storage

[alexlenail]

I wanted to update the webpage at /home/user/galaxy_storage/welcome.html but even though I put new html file there and restarted my VM, the webpage didn't update, but maintained the old appearance, which I thought was strange. But then I found /home/user/galaxy_storage/web/welcome.html. So I tried to cp welcome.html web/welcome.html but web/welcome.html was write-locked or something, so naturally, I sudo mv welcome.html web/. But then when I went to cp web/welcome.html . I got a permission denied, so again, I did sudo cp web/welcome.html . which worked, and the webpage had updated.

But then I went too far and tried to fix the need for sudoing, with sudo chmod -R 777 /home/user/ but then all the text in my terminal had green highlighting, which is never good, so I did sudo chmod -R 755 /home/user/ which restored the regular font, but also restored the need to sudo. So then I did sudo chown -R alex /home/user which seemed to have fixed everything, but then the webpage said "internal server error" so I restarted the VM again and now I get a 403: Forbidden.

I don't know what the original permissions were or how to restore the Galaxy instance, but changing the permissions on /home/user was probably a mistake. Help?

[bgruening]

@zfrenchee you don't need to touch the container. Our aim is that you never need to change anything inside of the container. Please have a look at this section in our readme file: https://github.com/bgruening/docker-galaxy-stable#personalize-your-galaxy

[alexlenail]

My problem right now is that i need to properly set the permissions on /home/user/galaxy_storage so that nginx serves galaxy and not a 403. I'm not sure what the default permissions on that folder were, before I screwed them up.

[bgruening]

try chown galaxy:galaxy /export/ -R

[alexlenail]

I get chown: invalid user: ‘galaxy:galaxy’. I'm considering just throwing it all away and trying again, but that would be kind of a waste I think, if there's a single chown or chmod command which will fix everything.

[bgruening]

You need to do this from inside of the container.

[adefelicibus]

@zfrenchee You can try this:
sudo chwon 1450:1450 /export/ -R

The UID 1450 refers to the galaxy user inside the container.

[alexlenail]

Something kind of strange is happening.

So in order to run the commands inside the container, I assume i need to use docker attach which when I do, I get an error that repeats (and outputs a lot onto my command line), the crux of which seems to be:

sqlalchemy.exc.OperationalError: (psycopg2.OperationalError) could not connect to server: Connection refused
    Is the server running on host "localhost" (127.0.0.1) and accepting
    TCP/IP connections on port 5432?

Without being able to get into the container, it seems like the /export/ doesn't exist, and so I'm having a hard time using that command.

Update: using docker run -it bash, I can actually get into the container without a repeating error, but the commands @bgruening and @adefelicibus don't work, or at least, I still get my 403.

[adefelicibus]

If you want to access files inside the container, you can use:
docker exec -it container bash.
When you use docker run, it creates a new container.

So, if you did the command chown, maybe the problem is that the postgre user is different.
Inside the folder /home/user/galaxy_storage there is maybe a folder of postgre database.

If so, you need to set the UID to postgre user:
sudo chown 1550:1550 /export/postgresql/ -R

@bgruening I had to restart the container several times to have my webpage changed inside the container, but it works.

[alexlenail]

I think the problem isn't inside the container but actually with the permissions of everything inside home/user/glalaxy_storage, since that's what I modified. running docker exec -it bash and then chown also didn't work. Thanks for bearing through this with me! =)

[bgruening]

@zfrenchee: @adefelicibus has a good point the postgresql database need to be set to the postgresql user.
Can you tell us which services do not start after changing the permissions?

Have you ever used chmod on the entire directory? If so this can be a bigger problem, because a few services will not start if you have the wrong octal permissions set.

[alexlenail]

I think that I did in fact chmod the entire directory (see the original issue text for a description of what I did). I think I need to reset the octal permissions set to what it was before I fudged with it, but I don't know what it was before.

[alexlenail]

This is what I think you're asking I try, but I'm not getting it to work.

alex@galaxy-1:/home/user$ ps -ef | grep nginx
root      7789  7786  0 Mar31 ?        00:00:00 nginx: master process /usr/sbin/nginx
1450      7793  7789  0 Mar31 ?        00:00:00 nginx: worker process
alex     25776 25737  0 15:09 pts/0    00:00:00 grep --color=auto nginx
alex@galaxy-1:/home/user$ sudo chown -R 1450:1450 *

[alexlenail]

namei -l /home/user/galaxy_storage/web/welcome.html
drwxr-xr-x root root /
drwxr-xr-x root root home
drwxr-xr-x 1450 1450 user
drwxr-xr-x 1450 1450 galaxy_storage
drwxr-xr-x 1450 1450 web
-rwxr-xr-x 1450 1450 welcome.html

I just hope it doesn't relate to this: moby/moby#6047

[alexlenail]

So since I wasn't making progress on this alone, I spun up a new VM, installed docker, ran this galaxy container on it, installed all the tools I needed, re-uploaded the data, etc..

Now, I still want to customize welcome.html, but I'm still having trouble with it. On this new vm:

alex@galaxy-2:/home/user/galaxy_storage$ ls
galaxy-central  postgresql  shed_tools  var
alex@galaxy-2:/home/user/galaxy_storage$ touch welcome.html
touch: cannot touch ‘welcome.html’: Permission denied

I know now not to try and blindly chmod or chown anything in here lest I need to start from scratch again. I don't really understand permissions all too well, and I understand them less in the context of docker, but not being able to touch a file in here seems wrong. What's going on?

Could this have anything to do with the command I ran (which is the one listed under passive-mode ftp)?

  docker run -d --net=host -v /home/user/galaxy_storage/:/export/ bgruening/galaxy-stable

[bgruening]

alex@galaxy-1:/home/user$ ps -ef | grep nginx
root      7789  7786  0 Mar31 ?        00:00:00 nginx: master process /usr/sbin/nginx
1450      7793  7789  0 Mar31 ?        00:00:00 nginx: worker process
alex     25776 25737  0 15:09 pts/0    00:00:00 grep --color=auto nginx
alex@galaxy-1:/home/user$ sudo chown -R 1450:1450 *

There are two different users. galaxy for all Galaxy source code, datasets, config files .... and postres (1550) for the PostGreSQL database.

Afaik your main problem is that there is a difference between inside of Docker and outside of Docker. If you are inside of Docker you should be able to modify everything. Outside of Docker you need to start your editor with sudo to edit these files.
But again please use the method we developed for customizing Galaxy from the readme file. With this you don't need to modify any file. You just provide a new file.

[alexlenail]

What I'm trying to say is that I'm not sure those instructions to personalize galaxy work. The instructions are:

The Galaxy welcome screen can be changed by providing a welcome.hml page in /home/user/galaxy_storage/

But as I reported above, when I try to do that:

alex@galaxy-2:/home/user/galaxy_storage$ ls
galaxy-central  postgresql  shed_tools  var
alex@galaxy-2:/home/user/galaxy_storage$ touch welcome.html
touch: cannot touch ‘welcome.html’: Permission denied

note: galaxy-2 is not the same as galaxy-1 (which is the instance I initially reported this for), it's a new VM, with a fresh install of docker and galaxy, but I'm still running into a similar problem.

[dpryan79]

The instructions work correctly, we use this method for both our public and private instances. Try ls -la /home/user/galaxy_storage. The output will tell you why you might be lacking permissions. You'll want to have everyone able to read the web page, so go ahead and chmod a+r that directory.

[alexlenail]

The output I get is:

alex@galaxy-2:/$ ls -la /home/user/galaxy_storage
total 28
drwxr-xr-x 7 root root 4096 Apr  1 17:44 .
drwxr-xr-x 3 root root 4096 Apr  1 17:04 ..
drwxrwxr-x 3 root root 4096 Apr  1 16:03 .distribution_config
drwxr-xr-x 7 1450 1450 4096 Apr  4 20:20 galaxy-central
drwxr-xr-x 3 1550 1550 4096 Apr  1 17:04 postgresql
drwxr-xr-x 3 1450 1450 4096 Apr  1 17:31 shed_tools
drwxr-xr-x 3 root root 4096 Apr  1 17:04 var

If I chmod and get a 403 again and can't recover the galaxy instance that would be a huge pain. Are you sure that's what I should do?

[dpryan79]

Ah, you're not running as root or prefixing things with sudo. Either su root or sudo cp /some/path/welcome.html /home/user/galaxy_storage/welcome.html. Since you need to be either root or have sudo privileges to run docker one of these is possible. Make sure to chmod a+r /home/usr/galaxy_storage/welcome* to ensure that the web server can actually read the webpages (I've certainly forgotten to do this.

The above instructions will never cause a 403.

[alexlenail]

I followed your instructions, but the page isn't with welcome.html's content. I've restarted the docker container a number of times, and even tried restarting the VM. Not sure what else I can do. Could this have anything to do with recent commits in this repo?

[alexlenail]

Nevermind, it just arbitrarily started working after the fifth restart. =)

[dpryan79]

Glad to hear it. You could have also cleared your browser cache and saved yourself the the last four restarts :)