<html xmlns:v="urn:schemas-microsoft-com:vml" xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" xmlns="http://www.w3.org/TR/REC-html40">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
<meta name="Generator" content="Microsoft Word 15 (filtered medium)">
<!--[if !mso]><style>v\:* {behavior:url(#default#VML);}
o\:* {behavior:url(#default#VML);}
w\:* {behavior:url(#default#VML);}
.shape {behavior:url(#default#VML);}
</style><![endif]--><style><!--
/* Font Definitions */
@font-face
{font-family:"Cambria Math";
panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0cm;
margin-bottom:.0001pt;
font-size:12.0pt;
font-family:"Times New Roman",serif;}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:blue;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{mso-style-priority:99;
color:purple;
text-decoration:underline;}
p
{mso-style-priority:99;
margin:0cm;
margin-bottom:.0001pt;
font-size:12.0pt;
font-family:"Times New Roman",serif;}
p.msonormal0, li.msonormal0, div.msonormal0
{mso-style-name:msonormal;
margin:0cm;
margin-bottom:.0001pt;
font-size:12.0pt;
font-family:"Times New Roman",serif;}
span.gc-cs-link
{mso-style-name:gc-cs-link;}
span.EmailStyle20
{mso-style-type:personal-reply;
font-family:"Calibri",sans-serif;
color:#1F497D;}
.MsoChpDefault
{mso-style-type:export-only;
font-size:10.0pt;}
@page WordSection1
{size:612.0pt 792.0pt;
margin:70.85pt 70.85pt 2.0cm 70.85pt;}
div.WordSection1
{page:WordSection1;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]-->
</head>
<body lang="EN-US" link="blue" vlink="purple">
<div class="WordSection1">
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D">Thanks. I will check that once I have access to the server again. Somehow it kicked me out and I cannot reconnect.<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D"><o:p> </o:p></span></p>
<div>
<p class="MsoNormal"><span style="font-size:10.0pt;font-family:"Calibri",sans-serif;color:black;mso-fareast-language:DE">Christian Düben<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:10.0pt;font-family:"Calibri",sans-serif;color:black;mso-fareast-language:DE">Research Associate<br>
Chair of Macroeconomics<br>
Hamburg University<br>
Von-Melle-Park 5, Room 3102<br>
20146 Hamburg<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:10.0pt;font-family:"Calibri",sans-serif;color:black;mso-fareast-language:DE">Germany<br>
+49 40 42838 1898<br>
</span><span lang="DE" style="font-size:10.0pt;font-family:"Calibri",sans-serif;color:black;mso-fareast-language:DE"><a href="mailto:christian.dueben@uni-hamburg.de"><span lang="EN-US" style="color:#0563C1">christian.dueben@uni-hamburg.de</span></a></span><span style="font-size:10.0pt;font-family:"Calibri",sans-serif;color:black;mso-fareast-language:DE"><o:p></o:p></span></p>
<p class="MsoNormal"><span lang="DE" style="font-size:10.0pt;font-family:"Calibri",sans-serif;color:black;mso-fareast-language:DE"><a href="http://www.christian-dueben.com"><span style="color:#0563C1">http://www.christian-dueben.com</span></a><o:p></o:p></span></p>
</div>
<p class="MsoNormal"><span lang="DE"><o:p> </o:p></span></p>
<div>
<div style="border:none;border-top:solid #E1E1E1 1.0pt;padding:3.0pt 0cm 0cm 0cm">
<p class="MsoNormal"><b><span style="font-size:11.0pt;font-family:"Calibri",sans-serif">From:</span></b><span style="font-size:11.0pt;font-family:"Calibri",sans-serif"> Lars Vilhuber <lars.vilhuber@cornell.edu>
<br>
<b>Sent:</b> Dienstag, 9. Juni 2020 16:29<br>
<b>To:</b> Düben, Christian <Christian.Dueben@uni-hamburg.de>; Thomas Krichel <krichel@openlib.org><br>
<b>Cc:</b> CollEc Run <collec-run@lists.openlib.org><br>
<b>Subject:</b> Re: [CollEc] RePEc Visual<o:p></o:p></span></p>
</div>
</div>
<p class="MsoNormal"><o:p> </o:p></p>
<div>
<p class="MsoNormal"><span style="font-family:"Calibri",sans-serif;color:black">No advice/experience with connecting out from the Docker, except that the default Linux docker setup does *not* allow for networking/bridging - that might be the reason you cannot
connect. <o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span style="font-family:"Calibri",sans-serif;color:black"><o:p> </o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span style="font-family:"Calibri",sans-serif;color:black">Also check permissions on the MariaDB - MySQL/MariaDB permissions are both at the user@host level, so you may need "user@*" or something like that to connect.<o:p></o:p></span></p>
</div>
<div>
<div>
<p class="MsoNormal"><span style="font-family:"Calibri",sans-serif;color:black"><o:p> </o:p></span></p>
</div>
<div id="Signature">
<div>
<div id="divtagdefaultwrapper">
<div>
<div>
<div>
<div>
<div>
<p class="MsoNormal">-- <o:p></o:p></p>
</div>
<div>
<p class="MsoNormal">Lars Vilhuber, Economist<o:p></o:p></p>
</div>
<div>
<p class="MsoNormal">Cornell University, Executive Director, Labor Dynamics Institute<o:p></o:p></p>
</div>
<div>
<p class="MsoNormal"> and ILR School - Department of Economics<o:p></o:p></p>
</div>
<div>
<p class="MsoNormal">American Economic Association - Data Editor<o:p></o:p></p>
</div>
<div>
<p class="MsoNormal" style="margin-bottom:12.0pt">Journal of Privacy and Confidentiality - Managing Editor<o:p></o:p></p>
</div>
<div>
<div>
<p class="MsoNormal">e: <a href="mailto:lars.vilhuber@cornell.edu">lars.vilhuber@cornell.edu</a> <o:p></o:p></p>
</div>
</div>
<div>
<p class="MsoNormal">p: <span class="gc-cs-link">+1.607-330-5743</span> <o:p></o:p></p>
</div>
<div>
<p class="MsoNormal">v: <a href="https://cornell.zoom.us/my/larsvilhuber">https://cornell.zoom.us/my/larsvilhuber</a><o:p></o:p></p>
</div>
<div>
<p class="MsoNormal">w: <a href="http://lars.vilhuber.com/">http://lars.vilhuber.com/</a> <o:p></o:p></p>
</div>
<div>
<p class="MsoNormal"><o:p> </o:p></p>
</div>
<div>
<div>
<div>
<p class="MsoNormal">Assistant: <a href="mailto:ldi@cornell.edu">ldi@cornell.edu</a> | <span class="gc-cs-link">+1.607-255-2744</span>
<o:p></o:p></p>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
<div class="MsoNormal" align="center" style="text-align:center">
<hr size="2" width="98%" align="center">
</div>
<div id="divRplyFwdMsg">
<p class="MsoNormal"><b><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:black">From:</span></b><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:black"> Düben, Christian <<a href="mailto:Christian.Dueben@uni-hamburg.de">Christian.Dueben@uni-hamburg.de</a>><br>
<b>Sent:</b> Tuesday, June 9, 2020 10:19<br>
<b>To:</b> Thomas Krichel <<a href="mailto:krichel@openlib.org">krichel@openlib.org</a>>; Lars Vilhuber <<a href="mailto:lars.vilhuber@cornell.edu">lars.vilhuber@cornell.edu</a>><br>
<b>Cc:</b> CollEc Run <<a href="mailto:collec-run@lists.openlib.org">collec-run@lists.openlib.org</a>><br>
<b>Subject:</b> RE: [CollEc] RePEc Visual</span> <o:p></o:p></p>
<div>
<p class="MsoNormal"> <o:p></o:p></p>
</div>
</div>
<div>
<div>
<p class="MsoNormal"><span style="font-size:11.0pt">I am having issues with connecting a Docker container with the MariaDB on the host. I tried various solutions, but nothing works. And now I am even facing a permission error when trying to access the database
directly on the host.<br>
<br>
@Lars, any advice on connecting a Docker container with MariaDB?<br>
<br>
@Thomas, I do not want to break the host's database. I think I should therefore host another MariaDB server within a container.<br>
<br>
Christian Düben<br>
Research Associate<br>
Chair of Macroeconomics<br>
Hamburg University<br>
Von-Melle-Park 5, Room 3102<br>
20146 Hamburg<br>
Germany<br>
+49 40 42838 1898<br>
<a href="mailto:christian.dueben@uni-hamburg.de">christian.dueben@uni-hamburg.de</a><br>
<a href="http://www.christian-dueben.com">http://www.christian-dueben.com</a><br>
<br>
<br>
-----Original Message-----<br>
From: CollEc-run <<a href="mailto:collec-run-bounces@lists.openlib.org">collec-run-bounces@lists.openlib.org</a>> On Behalf Of Düben, Christian<br>
Sent: Donnerstag, 4. Juni 2020 18:25<br>
To: Thomas Krichel <<a href="mailto:krichel@openlib.org">krichel@openlib.org</a>><br>
Cc: CollEc Run <<a href="mailto:collec-run@lists.openlib.org">collec-run@lists.openlib.org</a>><br>
Subject: Re: [CollEc] RePEc Visual<br>
<br>
Sorry, I got the login process to the root account wrong in the first place. I tried to sign in to root directly without using icanis first. Now I understand how it works. Thanks.<br>
<br>
I do not know what else you store on the server. But if you say that is does not require complex security that is fine with me.<br>
<br>
The CollEc database is now located in the subdirectory. Thanks for the respective code.<br>
<br>
I received an error when installing R outside Docker but it works fine when containerized. I am going to look into that. Running R inside containers is fine for now.<br>
<br>
Regarding point (2), I am not sure which directories ShinyProxy and Docker set. My apps follow the directory structure illustrated in the cheat sheet attached to this e-mail. I can set it up in the home directory. But that does not prevent ShinyProxy and Docker
from writing files elsewhere. ShinyProxy's configuration file is in /etc/shinyproxy/.<br>
<br>
Christian Düben<br>
Research Associate<br>
Chair of Macroeconomics<br>
Hamburg University<br>
Von-Melle-Park 5, Room 3102<br>
20146 Hamburg<br>
Germany<br>
+49 40 42838 1898<br>
<a href="mailto:christian.dueben@uni-hamburg.de">christian.dueben@uni-hamburg.de</a><br>
<a href="http://www.christian-dueben.com">http://www.christian-dueben.com</a><br>
<br>
<br>
-----Original Message-----<br>
From: Thomas Krichel <<a href="mailto:krichel@openlib.org">krichel@openlib.org</a>><br>
Sent: Donnerstag, 4. Juni 2020 15:03<br>
To: Düben, Christian <<a href="mailto:Christian.Dueben@uni-hamburg.de">Christian.Dueben@uni-hamburg.de</a>><br>
Cc: CollEc Run <<a href="mailto:collec-run@lists.openlib.org">collec-run@lists.openlib.org</a>><br>
Subject: Re: [CollEc] RePEc Visual<br>
<br>
Düben, Christian writes<br>
<br>
> You mentioned in yesterday's e-mail that you gave me root access. <br>
> However, I apparently need a password for that.<br>
<br>
icanis@darni:~$ ssh root@darni<br>
<br>
Works for me. Am I missing something? <br>
<br>
> The app itself only needs read access. It reads data from the SQL <br>
> database and from other files stored on disk and displays it. The <br>
> scripts generating the data run independently of the app. They require <br>
> read and write access to the database and the directories the app uses <br>
> and are initiated by a scheduling system. Installing and updating the <br>
> app requires more extensive permissions. I need full access to Docker <br>
> and ShinyProxy for that.<br>
><br>
> How about two accounts? One handles the app and has minor access <br>
> rights. And the other generates the data, controls the Docker images <br>
> and ShinyProxy and has larger access permissions.<br>
<br>
Actually I created another account "collec", then had a nap,<br>
and deleted it again. I don't see the point of the two accounts. <br>
We don't need complicated security, as we have nothing that anybody<br>
could steal. But if you want to create another user you can do that.<br>
<br>
For reason related to the weather, I am very sleepy at this time. <br>
<br>
> For security reasons I suggest that these accounts can only access the <br>
> new CollEc's database within MariaDB. This prevents any repercussions <br>
> on non-CollEc databases. When setting these permissions we should make <br>
> sure that "LOAD DATA LOCAL INFILE" or " LOAD DATA INFILE" are still <br>
> available. Restricted access apparently tends to block these <br>
> statements which I use to insert large data sets.<br>
<br>
root@darni has access to the mysql root account. To call my<br>
understanding of mysql security rudimentary would be heaping<br>
praise on it. <br>
<br>
> Feel free to choose any name you like for the account(s) and the database.<br>
<br>
Kindly consider the following.<br>
<br>
(1) Once a week, I rsync all the /home /etc /var and /root as backup<br>
to aigtu, except anything that is in a folder called 'opt'. At this<br>
time, aigtu is short of space. It's a good idea to move bulky files<br>
that can be recalculated into folders called opt. For example, all<br>
the icanis path data is in a directory called opt, even though it would<br>
take months to regenerate it. You can do a<br>
<br>
cd /var/lib/mysql<br>
mkdir -p /var/lib/mysql/opt/foo <br>
ln -s opt/foo foo<br>
cd /var/lib/mysql <br>
<br>
(2) At server migration time---not imminent for helos and darni,<br>
both are quite new---I copy all of /home, /root and /var as is. All<br>
other directories will be dealt with by hand. Thus the change in<br>
/lib/, proposed by the shiny app installation is problematic because<br>
it needs to be remembered in a few years time when I migrate. For<br>
sudo, just use /etc/sudo/sudoers.d files. They can convienently be<br>
rsynced at migration time. We operate in a resource-poor environment<br>
where migrations take place only every few years, so I don't use<br>
things like docker that are important when you have lots of<br>
servers. But it pays off to keep things in users' home directories.<br>
<br>
<br>
-- <br>
<br>
Cheers,<br>
<br>
Thomas Krichel <a href="http://openlib.org/home/krichel">http://openlib.org/home/krichel</a><br>
skype:thomaskrichel<o:p></o:p></span></p>
</div>
</div>
</div>
</body>
</html>