Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Downloaded data are owned by root #7

Open
alyssadai opened this issue Feb 27, 2024 · 4 comments
Open

Downloaded data are owned by root #7

alyssadai opened this issue Feb 27, 2024 · 4 comments
Assignees
@surchs
Labels
quick fix Minimal planning and/or implementation work required.

Comments

@alyssadai
Copy link
Contributor

alyssadai commented Feb 27, 2024
edited
Loading

The created output/ folder is owned by root and cannot be modified without sudo, which might create issues for users.

To get around this, we may want to consider updating our recommended docker run command (in the query tool?) to run as a non-root-user.
@alyssadai alyssadai added bug:functional flag:schedule Flag issue that should go on the roadmap or backlog. labels Feb 27, 2024
@surchs
Copy link
Collaborator

surchs commented Mar 1, 2024

Might be fixed with the user ID fix from our docker compose recipes

@surchs surchs added quick fix Minimal planning and/or implementation work required. and removed flag:schedule Flag issue that should go on the roadmap or backlog. labels Mar 1, 2024
surchs added a commit that referenced this issue Dec 19, 2024
@surchs
[ENH] Run dataget as non-root user UID 1000
662f11d 
Closes #7
@surchs surchs mentioned this issue Dec 19, 2024
Merged
6 tasks
surchs added a commit that referenced this issue Dec 19, 2024
@surchs
[ENH] Run dataget as non-root user UID 1000
96dc889 
Closes #7
@surchs surchs mentioned this issue Dec 19, 2024
Closed
6 tasks
@rmanaem rmanaem moved this to Implement - Done in Neurobagel Dec 19, 2024
@surchs surchs self-assigned this Dec 19, 2024
@surchs surchs moved this from Implement - Done to Implement - Track in Neurobagel Dec 19, 2024
@surchs
Copy link
Collaborator

surchs commented Dec 19, 2024

Blocked until https://neurobagel.github.io/dev-docs/sections/Docker/#running-docker-container-as-non-root-user is reviewed and we decide on how to solve issue

@surchs
Copy link
Collaborator

surchs commented Jan 7, 2025

Reviewed the docs, I think it still makes more sense to go with the user in the image. For one, that's what is recommended by OWASP and others (e.g. https://cheatsheetseries.owasp.org/cheatsheets/Docker_Security_Cheat_Sheet.html#rule-2-set-a-user). Secondly, it's easier to do than setting the -u flag in the command. And thirdly we can still decide to use -u, but having the non-root user in the image still makes sense. It won't give the user the same kind of flexibility to define the user ID inside the container - in which case we'd have to explain the -u option.

@surchs surchs moved this from Implement - Track to Implement - Done in Neurobagel Jan 7, 2025
@surchs
Copy link
Collaborator

surchs commented Jan 8, 2025
edited by alyssadai
Loading

Related to:

@alyssadai alyssadai moved this from Implement - Done to Review - Active in Neurobagel Jan 9, 2025
@alyssadai alyssadai moved this from Review - Active to Review - Done in Neurobagel Jan 13, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@surchs surchs

Labels
quick fix Minimal planning and/or implementation work required.
Projects
Neurobagel
Status: Review - Done
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

[ENH] Run dataget as non-root user UID 1000 neurobagel/dataget
2 participants
@surchs @alyssadai