devpod icon indicating copy to clipboard operation
devpod copied to clipboard

Published 20 hours ago verified publisher icon loft-sh

Pemission issues when multiple users use the same host with the ssh-provider

Open Freberg opened this issue 1 year ago • 2 comments

What happened?

Using devpod with the ssh-provider works nicely for a single user, however when multiple users try to use the same server, permission issues are encountered as files in the /tmp/ directory will be owned by the user who first created a devcontainer.

  1. The first issue occurs when the devpod agent is installed on the server: debug Inject Error: Error: failed to install devpod

  2. Above can be circumvented by setting AGENT_PATH=./tmp/devpod/agent to ensure ownership of the agent for each user. However, when adding features to the devcontainer the issue reappears, devpod seemingly does not provide a way to override below path. info mkdir /tmp/devpod/features: permission denied

What did you expect to happen instead?
I expect devpod to handle multiple users on the same server by default.

How can we reproduce the bug? (as minimally and precisely as possible)

  1. Create two ssh providers with the same host but for two different users
  2. Create a devpod for the first user, this should work
  3. Create a devpod for the second user, issue1 should occur
  4. Modify the ssh providers with AGENT_PATH=./tmp/devpod/agent and observe that both devpods can now be created
  5. Add a feature to the devcontainer
  6. Create a devpod for the first user, this should work
  7. Create a devpod for the second user, issue2 should occur

Local Environment:

  • DevPod Version: 0.5.4
  • Operating System: linux
  • ARCH of the OS: AMD64

DevPod Provider:

  • Local/remote provider: ssh

Anything else we need to know?
My current workaround is to set both AGENT_PATH in devpod and add TMPDIR to AcceptEnv in the sshd config and have the users pass TMPDIR=~/tmp in their ssh config.

Freberg avatar Apr 12 '24 15:04 Freberg

Hey @Freberg, thanks for opening the issue. You're right that hasn't been something we've been looking into so far, we'll investigate

pascalbreuninger avatar Apr 15 '24 12:04 pascalbreuninger

Hello @pascalbreuninger, thank you for confirming

If anyone else run into this issue, here is my current workaround:

on the server, allow users to set TMPDIR over ssh sudo sed -i '/^AcceptEnv/ s/$/ TMPDIR/' /etc/ssh/sshd_config

on the client, set both AGENT_PATH and TMPDIR in the provider

 devpod provider add ssh --name <PROVIDER_NAME> \
 -o HOST=<USER>@<HOST> \
 -o AGENT_PATH=./tmp/devpod/agent \
 -o EXTRA_FLAGS='-o "SetEnv=TMPDIR=./tmp"'

Freberg avatar Apr 15 '24 14:04 Freberg