Skip to content

Commit da28d40

Browse files
oshaduraoshadura
committed
Fix all not working permissions
1 parent effb881 commit da28d40

2 files changed

Lines changed: 21 additions & 18 deletions

File tree

docker/Dockerfile.cc-analysis-alma9

Lines changed: 10 additions & 8 deletions
Original file line numberDiff line numberDiff line change
@@ -78,11 +78,6 @@ RUN chmod +x /usr/bin/tini
7878
COPY jupyterhub/fix-permissions /usr/local/bin/fix-permissions
7979
RUN chmod a+rx /usr/local/bin/fix-permissions
8080

81-
RUN rm -rf /etc/grid-security && \
82-
ln -s /usr/local/etc/grid-security /etc/grid-security && \
83-
chmod 755 /etc/grid-security/certificates && \
84-
chmod g-w /etc/grid-security/certificates
85-
8681
# Enable prompt color in the skeleton .bashrc before creating the default NB_USER
8782
# hadolint ignore=SC2016
8883
RUN sed -i 's/^#force_color_prompt=yes/force_color_prompt=yes/' /etc/skel/.bashrc && \
@@ -165,6 +160,16 @@ ENV PATH="${CONDA_DIR}/bin/:$PATH"
165160
USER root
166161
# Setup supervisord files
167162
COPY k8s-worker/supervisord.conf /etc/supervisor/
163+
164+
#TODO please remove this line later: rm -rf /usr/local/etc/grid-security/certificates/*.r0 && \
165+
RUN rm -rf /etc/grid-security && \
166+
rm -rf /usr/local/etc/grid-security/certificates/*.r0 && \
167+
cp -R /usr/local/etc/grid-security /etc/grid-security && \
168+
chown -h "${NB_USER}:${NB_GID}" /etc/grid-security && \
169+
test -d /usr/local/etc/grid-security && chmod -R 755 /usr/local/etc/grid-security && \
170+
find /usr/local/etc/grid-security -type f -exec chmod g-w {} + && \
171+
test -d /etc/grid-security && chmod -R 755 /etc/grid-security
172+
168173
# Setup HTCondor user/group and change group for user $NB_USER
169174
# Fix error (submitting jobs as user/group 0 (root) is not allowed for security reasons) and
170175
# it configured from kubernetes side and updated in docker container to match it
@@ -177,9 +182,6 @@ COPY dask/distributed ${CONDA_DIR}/lib/python3.12/site-packages/distributed
177182
RUN cd ${CONDA_DIR}/lib/python3.12/site-packages/distributed && \
178183
patch -p2 < 0001-Patch-from-bbockelman-adaptive-scaling.patch && \
179184
patch -p2 < 0002-Allow-scheduler-to-preserve-worker-hostnames.patch
180-
# && patch -p2 < 0003-Activate-patch.patch
181-
# && patch -p2 < 0004-Add-possibility-to-setup-external_adress-for-schedul.patch
182-
# && patch -p2 < 0005-Add-nanny-patch.patch
183185

184186
# FIXME: we have a wrong path, let's make a link.
185187
# cms-jovyan@jupyter-oksana-2eshadura-40cern-2ech:~$ echo $PATH

docker/Dockerfile.cc-dask-alma9

Lines changed: 11 additions & 10 deletions
Original file line numberDiff line numberDiff line change
@@ -197,14 +197,13 @@ USER ${NB_UID}
197197

198198
RUN mamba install --yes \
199199
-c conda-forge \
200-
#htcondor=10.8.0 \
200+
htcondor=24.9.2 \
201201
#openssl=3.3.1 \
202202
xgboost \
203203
cabinetry \
204204
pyhf \
205205
ndcctools=7.15.8 \
206206
numpy>2 \
207-
#openssl=3.3.1 \
208207
atlas-schema \
209208
&& mamba clean \
210209
--all \
@@ -292,9 +291,6 @@ COPY dask/distributed ${CONDA_DIR}/lib/python3.12/site-packages/distributed
292291
RUN cd ${CONDA_DIR}/lib/python3.12/site-packages/distributed && \
293292
patch -p2 < 0001-Patch-from-bbockelman-adaptive-scaling.patch && \
294293
patch -p2 < 0002-Allow-scheduler-to-preserve-worker-hostnames.patch
295-
# && patch -p2 < 0003-Activate-patch.patch
296-
# && patch -p2 < 0004-Add-possibility-to-setup-external_adress-for-schedul.patch
297-
# && patch -p2 < 0005-Add-nanny-patch.patch
298294

299295
# Cleanup
300296
RUN rm -rf /tmp/* \
@@ -306,12 +302,17 @@ RUN rm -rf /tmp/* \
306302
#&& (find ${CONDA_DIR}/lib/python3.12/site-packages/bokeh/server/static -type f,l -name '*.js' -not -name '*.min.js' -delete || echo "no bokeh static files to cleanup") \
307303
&& rm -rf ${CONDA_DIR}/pkgs
308304

309-
# FIXME: add better layering for preparation of env
310-
ADD prepare-env/prepare-env-cc.sh /usr/local/bin/prepare-env.sh
305+
ADD prepare-env/prepare-env-cc.sh /usr/local/bin/prepare-env.sh
311306
RUN chmod ugo+x /usr/local/bin/prepare-env.sh
312-
RUN chmod g-w /usr/local/etc/grid-security
313-
RUN chmod g-w /usr/local/etc/grid-security/*
314-
RUN chmod g-w /usr/local/etc/grid-security/certificates/*
307+
308+
#TODO please remove this line later: rm -rf /usr/local/etc/grid-security/certificates/*.r0 && \
309+
RUN rm -rf /etc/grid-security && \
310+
rm -rf /usr/local/etc/grid-security/certificates/*.r0 && \
311+
cp -R /usr/local/etc/grid-security /etc/grid-security && \
312+
chown -h "${NB_USER}:${NB_GID}" /etc/grid-security && \
313+
test -d /usr/local/etc/grid-security && chmod -R 755 /usr/local/etc/grid-security && \
314+
find /usr/local/etc/grid-security -type f -exec chmod g-w {} + && \
315+
test -d /etc/grid-security && chmod -R 755 /etc/grid-security
315316

316317
# Fix permission after all packages installations are done
317318
RUN fix-permissions "${CONDA_DIR}"

0 commit comments

Comments
 (0)