-
Notifications
You must be signed in to change notification settings - Fork 3k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Running jupyterlab as root instead of jovyan when running in rootless docker mode #2036
Comments
@anil-resero You may be interested in my/b-data's [CUDA-enabled] JupyterLab Python docker stack, which supports running in rootless mode as root. |
@benz0li thank you for the pull request. I tried the new image |
@anil-resero PR #2039 is not merged yet. One can already start the container with the triplet But the crucial part is, that the home directory of |
@benz0li thanks for the clarification. The simple notebooks I tried worked fine even without changing the home directory. I customized the image as shown below:
The /home/jovyan directory has few directories but doesn't seem to have a lot of content in them:
Not sure how important is to copy those files in Instead of changing the
|
IMHO we do not want to use (and touch) the original For my explanation, see #2039 (comment) ff. Cross reference: #2042 (comment) |
- Fixes #2036 Co-authored-by: Ayaz Salikhov <mathbunnyru@users.noreply.github.com>
Thanks too much , it work for me , But I still need to add sh-c "start-notebook.sh -- allow-root" to be effective, cause the docker logs : ”Running as root is not recommended. Use --allow-root to bypass.“ |
I tested Jupyterlab in Docker rootless and my perception is that |
Footnotes
|
Exactly:
adu/999 is my rootless user in Debian. It has gid/uid mapping enabled.
I bind the jovian home folder in docker-compose.yml:
Let's look inside the container:
Outside:
The rootfull jovian user in the container becomes the rootless user outside the container. |
@Sieboldianus What does It can only be Because the default is |
Of course it is root:
That is because the rootless user starts docker with (faked) root privileges, so inside root is outside non-root. I think that's the whole advantage of using a rootless docker setup because it makes it easier to manage permissions inside/outside docker and one does not have to care about UID/GID settings in docker-compose.yml. [Edit] Ah, maybe the difference is that I am not using one of the jupyter docker containers but building my own from scratch. See the corresponding Dockerfile here: (Carto-Lab Docker is meant to be run as root, in docker rootless) |
Ahhh... Your container runs as Yes, containers are meant to be run as root in rootless Docker/Podman. |
No, there is no magical matching of |
Sorry for the confusion, my fault. But fully agree, docker rootless should be the default (which is what docker states in their docs!). |
What docker image(s) is this feature applicable to?
datascience-notebook
What change(s) are you proposing?
When running the container in rootless docker mode, running Jupyterlab as Jovyan or any other user creates files with subuid and subgid. As a result, deleting these files or updating them requires sudo permissions. If we are able to run jupyterlab in the docker container as root, in the rootless docker environment, the UID/GID of the root in the container will map to the UID/GID of the host user.
How does this affect the user?
The host user can access the files created by the Jupyterlab without any permission issues as the UID/GID for the host user will map to UID/GID (0/0) of the root user in the container (in rootless docker environment)
Anything else?
No response
The text was updated successfully, but these errors were encountered: