Turns out the volume that I mounted in the container, which was a nfs share, didn't have no_root_squash enabled in the mount options. Without it, even the root that is on the client computer didn't have write access. After enabling it, the root user in the computer could write with no issues. Many thanks Tim!
On Friday, 10 November 2017 07:54:04 UTC+8, Tim Hockin wrote: > > If you run as root, you should be able to write. > > On Nov 9, 2017 3:08 PM, "lppier" <mads...@gmail.com <javascript:>> wrote: > >> I curious why the container user, being root, doesn't have ownership to >> write to the volume (which was user owned). >> Isn't root supposed to be able to write to anything and everything? Or is >> my file permissions understanding wrong? >> >> So the way to proceed is to manual chown on start of the container? Are >> there any examples of this? >> >> On Friday, 10 November 2017 01:30:53 UTC+8, Tim Hockin wrote: >>> >>> We don't auto-apply ownership changes to hostPath volumes because that >>> would allow, for example, a user to take over /etc. We've considered >>> heuristics like "apply ownership if we make the directory" or "apply >>> ownership if the path is under a flag-defined root", but none of them >>> have been totally satisfying, and nobody has stepped up to prototype >>> them >>> >>> On Thu, Nov 9, 2017 at 2:32 AM, lppier <mads...@gmail.com> wrote: >>> > I created a volume in linux as a certain user and mounted it using the >>> > hostPath method. >>> > My container is the tensorflow gpu default container, and I am able to >>> see >>> > the linux command prompt when I do : >>> > >>> > kubectl exec -it tf-gpu /bin/bash >>> > >>> > It logs into the container as root. >>> > My issue now is that users would like to write to the mounted volume. >>> I >>> > found that this was not possible, unless I explicitly >>> > chmod o+w -R volume >>> > >>> > which would beat the purpose of this volume being a user-specific >>> volume >>> > (other users should not be able to write or delete the items inside). >>> > >>> > Could I get some suggestions on how to proceed? >>> > >>> > Many thanks. >>> > >>> > >>> > -- >>> > You received this message because you are subscribed to the Google >>> Groups >>> > "Kubernetes user discussion and Q&A" group. >>> > To unsubscribe from this group and stop receiving emails from it, send >>> an >>> > email to kubernetes-use...@googlegroups.com. >>> > To post to this group, send email to kubernet...@googlegroups.com. >>> > Visit this group at https://groups.google.com/group/kubernetes-users. >>> > For more options, visit https://groups.google.com/d/optout. >>> >> -- >> You received this message because you are subscribed to the Google Groups >> "Kubernetes user discussion and Q&A" group. >> To unsubscribe from this group and stop receiving emails from it, send an >> email to kubernetes-use...@googlegroups.com <javascript:>. >> To post to this group, send email to kubernet...@googlegroups.com >> <javascript:>. >> Visit this group at https://groups.google.com/group/kubernetes-users. >> For more options, visit https://groups.google.com/d/optout. >> > -- You received this message because you are subscribed to the Google Groups "Kubernetes user discussion and Q&A" group. To unsubscribe from this group and stop receiving emails from it, send an email to kubernetes-users+unsubscr...@googlegroups.com. To post to this group, send email to kubernetes-users@googlegroups.com. Visit this group at https://groups.google.com/group/kubernetes-users. For more options, visit https://groups.google.com/d/optout.
