Recent Searches

    Popular Articles

    Articles
    View all
      Topics
      View all
        Tickets
        View all
          no results

          Sorry! nothing found for

          Containers

          Modified on Wed, 07 Sep 2022 at 04:10 PM

          Q: Can I use rootless containers in my Nextflow pipelines?

          Most containers use the root user by default. However, some users prefer to define a non-root user in the container in order to minimize the risk of privilege escalation. Because Nextflow and its tasks use a shared work directory to manage input and output data, using rootless containers can lead to file permissions errors in some environments:

          touch: cannot touch '/fsx/work/ab/27d78d2b9b17ee895b88fcee794226/.command.begin': Permission denied

          As of Tower 22.1.0 or later, this issue should not occur when using AWS Batch. In other situations, you can avoid this issue by forcing all task containers to run as root. To do so, add one of the following snippets to your Nextflow configuration:

          // cloud executors
process.containerOptions = "--user 0:0"

// Kubernetes
k8s.securityContext = [
  "runAsUser": 0,
  "runAsGroup": 0
]

          Was this article helpful?

          That’s Great!

          Thank you for your feedback

          Sorry! We couldn't be helpful

          Thank you for your feedback

          Let us know how can we improve this article!

          Select atleast one of the reasons

          Feedback sent

          We appreciate your effort and will try to fix the article

          Preview
          0 of 0