Amber icon indicating copy to clipboard operation
Amber copied to clipboard
verified publisher icon Ph0enixKM

Ownership and permissions during execution

Open JG-QuarkNet opened this issue 1 year ago • 9 comments

I'm trying out Amber and I've immediately run into a problem I can't find addressed in the documentation or other GitHub issues. I'm using Ubuntu 22.04.

I wrote a one-line test script ~/amber/ls-test.ab whose contents are

unsafe $ls$

When I run this in a folder somefolder/, I get a permissions error:

somefolder$ amber-bash ~/amber/ls-test.ab
ls: cannot open directory '.': Permission denied

I get the same thing running Amber directly in-line:

somefolder$ amber-bash -e 'unsafe $ls$'
ls: cannot open directory '.': Permission denied

My login user does not own the folder somefolder/. Nevertheless, via group membership I have full permissions to list the contents of the directory, and I can do so directly:

somefolder$ ls
file1 file2 file3

It seems like when I execute the ls command via Amber, Amber does not act as me, or at least it does not act with my permissions. It clearly does not act as root, and I don't see a new amber user in /etc/passwd (or any new user, for that matter). If I try running whoami through Amber to see, I get similar permissions issues:

$ amber-bash -e 'unsafe $whoami$'
bash: line 8: /usr/bin/whoami: Permission denied

When I run the ls command through Amber on my home folder, it does work:

~$ amber-bash -e 'unsafe $ls$'
File A
File B
File C
...

so I'm not having general permissions issues with Amber (although the output is that of ls -1, not ls, which is curious and maybe a separate question).

What are the permissions considerations for using Amber? What user and with what permissions does Amber act as when executing a script?

(I've tried all the command here using a proper failed clause instead of unsafe, by the way. It makes no difference).

JG-QuarkNet avatar Aug 02 '24 18:08 JG-QuarkNet

basically, amber runs your program like this:

/usr/bin/env bash -c "$!/usr/bin/env bash\nls;__AS=$?"

maybe you could amber -e 'unsafe $whoami$' to check as what user it runs

b1ek avatar Aug 05 '24 03:08 b1ek

I ran $ amber-bash -e 'unsafe $whoami$', it gives me a permissions error.

$ amber-bash -e 'unsafe $whoami$'
bash: line 8: /usr/bin/whoami: Permission denied

JG-QuarkNet avatar Aug 05 '24 13:08 JG-QuarkNet

If you run ls /opt/amber/amber in your terminal can you share the output?

Mte90 avatar Aug 05 '24 13:08 Mte90

I don't have a directory /opt/amber/. I installed Amber via the Ubuntu Snap package, if that makes a difference.

JG-QuarkNet avatar Aug 05 '24 13:08 JG-QuarkNet

So we need someone that build the snap package @soumyaDghosh

Mte90 avatar Aug 05 '24 13:08 Mte90

The snap is confined and only has access to home folder. Is it necessary for the snap to have access to any arbitrary folders? Because it's not that the snap isn't working for that reason.

soumyaDghosh avatar Aug 05 '24 14:08 soumyaDghosh

It's not life-or-death necessary, but it's a significant handicap for a general-purpose shell scripting tool.

If the limitation is inherent to Canonical's constraints on Snaps, then it seems best for me to wait for Amber to hit the repository and try again then. Thanks for you help!

JG-QuarkNet avatar Aug 05 '24 18:08 JG-QuarkNet

It's not life-or-death necessary, but it's a significant handicap for a general-purpose shell scripting tool.

If the limitation is inherent to Canonical's constraints on Snaps, then it seems best for me to wait for Amber to hit the repository and try again then. Thanks for you help!

No it's not. I just kept it limited until I found a real life yse case and you gave me one. So, I'll fix it asap.

soumyaDghosh avatar Aug 05 '24 20:08 soumyaDghosh

@soumyaDghosh please close this issue once you resolve this problem

Ph0enixKM avatar Aug 06 '24 09:08 Ph0enixKM