Set file permissions for XNAT files to allow access from AppStream #89
Description
The Image Builder currently used to create the AppStream image has the following setup script in /opt/appstream/SessionScripts/efs-mount.sh to mount the EFS volume in the AppStream instance:
#!/bin/bash
# Mount the XNAT EFS volume for shared file access
sudo mkdir /efs
sudo mount -t nfs4 -o nfsvers=4.1,rsize=1048576,wsize=1048576,hard,timeo=600,retrans=2,noresvport fs-05848400c835f8dc7.efs.eu-west-2.amazonaws.com:/ /efs
# Set `drwxr-xr-x` permissions for all directories
find /efs/data/xnat -type d -exec chmod 755 {} \;
## Set `-rw-r--r--` permissions for all files
find /efs/data/xnat -type f -exec chmod 644 {} \;
# Sym-link XNAT data folder
ln -s /efs/data/xnat ~/MyFiles/XNATAfter mounting the EFS volume, it updates the permissions of the data/xnat files to allow access to any user, which is necessary to enable access to the files from users' AppStream sessions.
However, the problem is that when XNAT creates new files, either when uploading data or generating results from analyses, those files are owned by tomcat and have restricted access permissions. So this still causes problems when trying to access the files from an AppStream instance. See also HealthBioscienceIDEAS/terraform-aws-IDEAS-appstream#3 (comment).
We might be able to solve this problem by having newly created files inherit permissions from their parent folder, as suggested by HealthBioscienceIDEAS/terraform-aws-IDEAS-appstream#3 (comment).