devpod icon indicating copy to clipboard operation
devpod copied to clipboard

Published 20 hours ago verified publisher icon loft-sh

Permission error when using podman and having different uid between host and remote users

Open aacebedo opened this issue 1 year ago • 3 comments

What happened?
There is an issue with uid and permissions settings when using podman. It is due to the addition of the userns=keep-id option that is now added automatically by devpod when podman is used (wihich is a good thing IMHO).

This option makes podman to recopy the host user inside the container with the same uid. If one create a user inside the container with a uid different than the host user, devpod will not be able to change the uid of the remoteUser as the host user now already exists in the container.

However, devpod still chown everything with the initial remoteUser uid which was not changed and thus breaks all permissions on the host.

This behaviour is not exhibited when uid of host user and remote user are the same. In this case, podman does not create the user in the container and keep the already existing remoteuser. Devpod does not have anything to change then.

What did you expect to happen instead?
Devpod shall be able to change the uid of the remoteUser even if a user already exists.

How can we reproduce the bug? (as minimally and precisely as possible)

My devcontainer.json:

{
  "image": "ubuntu",
  "remoteUser": "johndoe",
  "features": {
      "./test":{}
  },
}

test feature:

#!/bin/bash
set -e

export DEBIAN_FRONTEND=noninteractive

OS_ID=$(awk -F "=" '/^ID=/ {print $2}' /etc/os-release)

echo "export TZ=Europe/Paris" >> /etc/profile
echo "export LANG=en_US.UTF-8" >> /etc/profile
echo "export LANGUAGE=en_US:en" >> /etc/profile
echo "export LC_ALL=en_US.UTF-8" >> /etc/profile
echo "export LC_CTYPE=en_US.UTF-8" >> /etc/profile

source /etc/profile
apt update
apt install -y --no-install-recommends \
                sudo \
                locales \
                ssh
sed -i '/en_US.UTF-8/s/^# //g' /etc/locale.gen
locale-gen

useradd -u 10000 -m -N  -g users johndoe
passwd --delete johndoe
usermod -aG sudo johndoe

Ensure that host user does not have uid 10000

Local Environment:

  • DevPod Version: 0.5.20
  • Operating System: linux
  • ARCH of the OS: AMD64

DevPod Provider:

  • Local/remote provider: docker with podman

Anything else we need to know?

aacebedo avatar Sep 27 '24 08:09 aacebedo

In fact I checked the code and I think that UpdateRemoteUserUID is not used by devpod. So permissions uid is never changed. Maybe if this is implemented, the keep-id option may be not useful anymore.

aacebedo avatar Sep 27 '24 08:09 aacebedo

Hey @aacebedo , thanks for reporting the issue and opening a PR! Will take a look at it soon. One more step to bridge the gap to the spec :)

pascalbreuninger avatar Sep 28 '24 13:09 pascalbreuninger

Note I was not able to test it on a cloud setup. So I may have done some errors in the code on this aspect.

aacebedo avatar Sep 28 '24 13:09 aacebedo