docker 如何处理 jupyter notebook 的权限 - 3 种不起作用的方法
[英]docker how to handle permissions for jupyter notebook - 3 approaches that do not work
问题描述
What is the best practice for handling uid/gid and permissions with jupyter notebooks in docker?
在 docker 中使用 jupyter notebooks 处理 uid/gid 和权限的最佳实践是什么?
When one of the jupyter+python Dockerfiles in jupyter/docker-stack is run, a notebook gets saved with uid/gid 1000:100.
当jupyter/docker-stack中的 jupyter+python Dockerfiles 之一运行时,笔记本会保存为 uid/gid 1000:100。 This will fail if a mounted host folder is not writable by "other", which is an ugly approach.如果挂载的主机文件夹不能被“其他”写入,这将失败,这是一种丑陋的方法。The notebook image can be run specifying the NB_UID and NB_GID, like this:
可以指定 NB_UID 和 NB_GID 运行笔记本映像,如下所示:docker run -p 8888:8888 -it --rm \\ -e NB_UID=$(id -u) \\ -e NB_GID=$(id -g) \\ -e GRANT_SUDO=yes \\ --user root \\ --mount type=bind,source="$(pwd)",target=/home/jovyan/work \\ myimageIn this case, the uid/gid of joyvan in the container match my uid/gid, so there is no permissions problem writing to a mounted folder.
在这种情况下,容器中 Joyvan 的 uid/gid 与我的uid/gid 匹配,因此写入已安装文件夹没有权限问题。 However, now jovyan (the container user) cannot access /opt/conda, which is owned by 1000:100 and is not readable by other.但是,现在 jovyan(容器用户)无法访问/opt/conda,它归 1000:100 所有,其他人无法读取。 So all the add-on packages cannot be loaded!所以所有的附加包都无法加载!We could also run docker build with
--build-arg myuid=$(id -u) --build-arg mygid=$(id -g)我们也可以使用--build-arg myuid=$(id -u) --build-arg mygid=$(id -g)I believe this would result in both
/home/jovyanand/opt/condabeing owned by the same uid:gid as me, everything good.我相信这会导致/home/jovyan和/opt/conda/home/jovyan与我相同的 uid:gid 拥有,一切都很好。 However, the resulting image can be used only by me.但是,生成的图像只能由我使用。 If I give it to my collaborators (who has a different UID), it will not work.如果我将它提供给我的合作者(他们具有不同的 UID),它将无法工作。
So it seems that every possibility is blocked or a poor choice.所以似乎每一种可能性都被阻止了或者是一个糟糕的选择。 File permissions in docker are difficult. docker 中的文件权限很困难。
Can anyone share the best approach for this problem?任何人都可以分享解决这个问题的最佳方法吗?
2 个解决方案
解决方案1
10 2018-10-28 00:13:11
The best practise with Jupyter Notebook is to use your own user id and group id so the new files you create will have correct ownership. Jupyter Notebook 的最佳实践是使用您自己的用户 ID 和组 ID,以便您创建的新文件拥有正确的所有权。 Then use --group-add users to add yourself to users group to get access to the required folders (eg /opt/conda).然后使用--group-add users将自己添加到用户组以访问所需的文件夹(例如 /opt/conda)。
The full command would be:完整的命令是:
docker run -it --rm --user $(id -u):$(id -g) --group-add users -v "$(pwd)":/home/jovyan -p 8888:8888 jupyter/scipy-notebook
解决方案2
1 2020-04-01 21:07:46
I encountered the same problem and found a good solution which is referred from here .我遇到了同样的问题,并找到了一个很好的解决方案,从这里引用。
COPY --chown=1000:100 hostfolder/* /home/$NB_USER/work/
Note that environment or argument expansion in command options is not implemented yet, thus following line would cause build error failed to build: unable to convert uid/gid chown string to host mapping: can't find uid for user $NB_UID: no such user: $NB_UID请注意,命令选项中的环境或参数扩展尚未实现,因此以下行将导致构建错误failed to build: unable to convert uid/gid chown string to host mapping: can't find uid for user $NB_UID: no such user: $NB_UID
# COPY --chown=$NB_USER:$NB_GID hostfolder/* /home/$NB_USER/work/
Therefore, need to hard code the user(jovyan) and group name(users) or id(1000:100).因此,需要对用户(jovyan) 和组名(users) 或id(1000:100) 进行硬编码。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.