Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Permission denied on executables #27

Open
joao-fidalgo opened this issue Mar 8, 2022 · 2 comments
Open

Permission denied on executables #27

joao-fidalgo opened this issue Mar 8, 2022 · 2 comments

Comments

@joao-fidalgo
Copy link

Hello,

I'm using csi-rclone with the GitLab Runners helm chart in order to provide RWX volumes.

Getting permission denied executing shell scripts that are pulled through git. Has anyone experienced permission issues?
@buxm
Copy link

buxm commented Mar 8, 2023

Yes. For some reason I'm unable to chmod (or chown) any file in the volume. Therefore I'm unable to give execute permissions to shell scripts.
I installed csi-rclone using the provided templates.

@buxm
Copy link

buxm commented Mar 11, 2023

I think I found a solution.
By default the rclone mount command sets the mode to 0666 for all files in the mounted volume. See --file-perms FileMode option. But you can change this behaviour setting a different mode for the --file-perms option. E.g. --file-perms 0777 will set all files as executable for everyone.
In order to tell csi-rclone to set the --file-perms option for rclone mount you need to set e.g. file-perms: "0777" under volumeAttributes in the PersistentVolume (or in the rclone-secret Secret stringData).
Example of PersistentVolume:

apiVersion: v1
kind: PersistentVolume
metadata:
  name: data-rclone-example
  labels:
    name: data-rclone-example
spec:
  accessModes:
  - ReadWriteMany
  capacity:
    storage: 10Gi
  storageClassName: rclone
  csi:
    driver: csi-rclone
    volumeHandle: data-id
    volumeAttributes:
      remote: "s3"
      remotePath: "projectname/pvname"
      file-perms: "0777"
      s3-provider: "Minio"
      s3-endpoint: "http://minio.minio:9000"
      s3-access-key-id: "ACCESS_KEY_ID"
      s3-secret-access-key: "SECRET_ACCESS_KEY"

Example of Secret:

apiVersion: v1
kind: Secret
metadata:
  name: rclone-secret
  namespace: csi-rclone
type: Opaque
stringData:
  remote: "my-s3"
  remotePath: "projectname"
  file-perms: "0777"
  configData: |
    [my-s3]
    type = s3
    provider = Minio
    access_key_id = ACCESS_KEY_ID
    secret_access_key = SECRET_ACCESS_KEY
    endpoint = http://minio-release.default:9000

The option set in the PersistentVolume takes precedence over the option set in the Secret, according to csi-rclone readme.

I tried the above approach and managed to execute scripts on the mounted volume.

You can set a different File Mode for file-perms if you want to limit the permissions to the user or group. There is also another rclone mount option called dir-perms which does the same for directories in the volume.
Unfortunately my understanding is that rclone does not allow you to set specific file permissions on specific files in the mounted volume, or to chmod files on the volume after it has been mounted. Therefore whatever file-perms you set will apply to all files. In the example above, all files in the volume will be executable by everybody, not just shell scripts. There doesn't appear to be a work around for that.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@joao-fidalgo @buxm