Skip to content

usability: fix ownership of Docker volume mounts to /home #229

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
johnstcn opened this issue Jun 10, 2024 · 1 comment · Fixed by #238
Closed

usability: fix ownership of Docker volume mounts to /home #229

johnstcn opened this issue Jun 10, 2024 · 1 comment · Fixed by #238
Assignees
@johnstcn

Comments

@johnstcn
Copy link
Member

When using Docker, a volume is populated with the initial ownership based on the USER directive.

In the case of Envbuilder, this will always be root:root.

The net result of this is that if you create a Docker volume mounted at /home/someuser and run an envbuilder container that builds an image containing someuser, the resulting user's home directory will be owned by root:root.

Example:

$ docker volume create test_coder_home
$ docker run -it --rm -v test_coder_home:/home/coder -e ENVBUILDER_FALLBACK_IMAGE=codercom/enterprise-
minimal:ubuntu -e ENVBUILDER_INIT_SCRIPT=/bin/sh ghcr.io/coder/envbuilder-preview:latest
[...]
$ cd
$ ls -l ../
total 4
drwxr-xr-x 2 root root 4096 Jun 10 14:35 coder
$ touch test
touch: cannot touch 'test': Permission denied

In Kubernetes-land, you would generally fix this by specifying fsGroup or adding an init container to fix ownership. This isn't as much of an option here.
@coder-labeler coder-labeler bot added the bug label Jun 10, 2024
@johnstcn johnstcn self-assigned this Jun 14, 2024
@johnstcn
Copy link
Member Author

Interestingly, this does not seem to happen with alpine -- it appears that the adduser command in alpine changes ownership by default.

@johnstcn johnstcn mentioned this issue Jun 14, 2024
Merged
johnstcn added a commit that referenced this issue Jun 14, 2024
@johnstcn
fix: update ownership of user homedir (#238)
de6fc15 
Fixes #229

If a user mounts a Docker volume into /home/$USER, Docker will automatically assign permissions root:root to it as the envbuilder container runs as root by default. The resulting container will then have /home/$USER owned by root:root. The user will be unable to write any files there until they manually fix the permissions, which would require root privileges.

This PR adds a step to fix ownership of /home/$USER to the uid:gid we get from UserInfo.
@matifali matifali removed the bug label Oct 15, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@johnstcn johnstcn

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

fix: update ownership of user homedir coder/envbuilder
2 participants
@johnstcn @matifali