Two different problems with the same root cause came up today.
The following scenarios should be discussed to determine how to best handle the problem of file/folder permissions with respect to different users in running containers. The result of the discussion will be one or more tickets detailing how we plan to support these common developer use cases.
Scenario A: Clowder (runs under "clowder" user)
- User starts Clowder container, which by default mounts their home directory under /home/user
- User accesses the console for Clowder
- User attempts to copy a file from /home/clowder to /home/user
- cp: cannot create regular file 'path/to/file.ext': Permission denied
- Copy operation fails, since /home/user is owned by "user" or "root", but the current user "clowder" does not have access
Scenario B: Cloud9 (runs under "root")
- User starts Cloud9 container, mounting some workspace folder
- User creates a sub-folder with 3 files in it
- User checks this new folder into git
- Outside of the container, user checks out a different branch (without specifying "sudo")
- "rm: cannot remove 'path/to/file.ext': Permission denied"
- Remove operation fails, since they were created by "root" but current user is "user" or "core"
This ticket is complete when the above scenarios have been dissected thoroughly to ensure that they can be properly handled with security and usability in mind.