Skip to content

Directories under /app have insufficient permissions when running as non-1000 UID #1454

Open
Open
Directories under /app have insufficient permissions when running as non-1000 UID#1454
Labels
bugSomething isn't workingdecision pendingdeploymentStuff related to running in production containeronboardingGood for newcomers
@dan-fernandes

Description

@dan-fernandes
dan-fernandes
opened on Mar 24, 2026

Some beamlines are still using BlueAPI with the shared file system, for which they have to use a UID that has permission to write to their beamline's area of the shared file system.

The BlueAPI container has its own file system with its own permissions. These largely assume that BlueAPI is running as UID 1000 (default user / user "ubuntu"), so custom permissions have to be set to allow non-1000 users to write to important directories, such as /app.

The custom permissions set on /app are not correct, and are causing issues for beamlines still using the shared file system.

Current Implementation

When the Dockerfile creates /app/.venv it runs chmod o+wrX /app/.venv, where the owner is UID 1000. This only adds extra permissions for UID 1000. (link).

In comparison, the MX BlueAPI Dockerfile sets permissions to 777 and runs this recursively.

Acceptance Criteria

Either:

  • No beamline uses the shared file system
    Or:
  • Beamlines using the shared file system do not get permission errors when writing to /app

Metadata

Metadata

Assignees

No one assigned

    Labels

    bugSomething isn't workingdecision pendingdeploymentStuff related to running in production containeronboardingGood for newcomers

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions