K
Q

Permissions on Azure File

10/9/2019

i'm using azure files as a volume for kubernetes, but i'm facing a problem with it.

i'm able to set permissions on the whole share but i can’t change permissions on a specific file/directory.

If i set the default permissions to the whole share (example 644 (rw/r/r)) and try to change this permissions on specific file (example Chmod 0644 file) chmod doesn’t take any effect it always the default permissions.

Even if i didn’t mention the default permission it will take 0777 and yet i can’t change permissions of file/directory inside the share.

i’ve done some research and i found that this feature is not yet implemented the source is from 2016 I hope this feature is enabled now?

Otherwise is there any other solution to propose ?

Regards,

Update

Many thanks @Charles Xu for your suggestion it's very useful. I used your preposition but let me explain my use case a little bit:

  • I need to have different files permissions on the same directory because this directory is for SSH. I could change the permission of the folder .ssh so all the files inside it have 0644 but as u know i have to change the permission of the private key to 0600

  • It’s mandatory to change the permission on the private key otherwise SSH will not work.

    -rw-r--r-- 1 userx userx 182 Oct 8 15:13 config

    -rw-r--r-- 1 userx userx 1675 Oct 8 15:13 id_rsa

    -rw-r--r-- 1 userx userx 409 Oct 8 15:13 id_rsa.pub

-- hajji_0081
azure
chmod
kubernetes
permissions

Similar Questions

PromQL for retrieving allocatable and capacity number for Kubernetes pods resources
Deploying thousands sites in kubernetes cluster
Kubernetes Autoscaler not working on Azure AKS
Helm delete all release older than some date, updated before some date or if the app version is lower than
Failed to pull image with policy "": image pull failed: Back-off pulling image "<image_name>"

1 Answer

10/10/2019

First of all, you only can control the permission of the whole Azure file share when you mount it as the persistent volume on the pods. It does not support to change the permission of a special file inside the share.

What I recommend is that you can filter the files into the different directories and the files in the same directory have the same permission. Then you can mount the directories of the Azure file share as the different persistent volumes to the pods and set the persistent volumes with different permissions as you need.

For example, you need a directory with permission 0644 and the files in it with permission 0664. Then you can create a persistent volume like this:

apiVersion: v1
kind: PersistentVolume
metadata:
  name: azurefile
spec:
  capacity:
    storage: 5Gi
  accessModes:
    - ReadWriteMany
  storageClassName: azurefile
  azureFile:
    secretName: azure-secret
    shareName: aksshare/subfolder1
    readOnly: false
  mountOptions:
  - dir_mode=0644
  - file_mode=0664
  - uid=1000
  - gid=1000
  - mfsymlinks
  - nobrl

And create a PersistentVolumeClaim which will use the PersistentVolume that you created above:

apiVersion: v1
kind: PersistentVolumeClaim
metadata:
  name: azurefile
spec:
  accessModes:
    - ReadWriteMany
  storageClassName: azurefile
  resources:
    requests:
      storage: 5Gi

Finally, create the pod using the PersistentVolumeClaim with the volumes like this:

...
  volumes:
  - name: azure
    persistentVolumeClaim:
      claimName: azurefile

When it's OK, you can see things like you set below:

enter image description here

-- Charles Xu
Source: StackOverflow