Canonical Juju

Juju run runs as root, not 'ubuntu'

Bug #1628593 reported by Aaron Bentley on 2016-09-28

This bug affects 1 person

Affects		Status	Importance	Assigned to	Milestone
	Canonical Juju	Fix Released	High	John A Meinel	Canonical Juju 2.1.2
	2.0	Won't Fix	Undecided	Unassigned

Bug Description

The docs say:
If the target is a machine, the command is run as the "ubuntu" user on
the remote machine.

But actually the command is run as root:
$ juju run --machine 0 whoami
root

Although the ubuntu user can sudo, this is still surprising and potentially dangerous behaviour.

The release notes do not show this change in behaviour. If root is intended, the command help and release notes should be updated.

Tags:

Richard Harding (rharding) on 2016-09-28

Changed in juju:
assignee:	nobody → Alexis Bruemmer (alexis-bruemmer)
milestone:	2.0-rc2 → 2.0.0

Aaron Bentley (abentley) on 2016-09-28

tags:	added: jujuq
tags:	added: jujuqa removed: jujuq

Revision history for this message

Tim Penhey (thumper) wrote on 2016-09-28:

Juju run used to use ssh from the controller machine and would connect as the ubuntu user using the juju system identity ssh key.

The way run worked was changed during the 2.0 cycle to go through the actions mechanism. Obviously when it runs now it is running as the user running the machine agent.

Revision history for this message

Aaron Bentley (abentley) wrote on 2016-09-28:

If root is intended, the command help and release notes should be updated.

Alexis Bruemmer (alexis-bruemmer) on 2016-09-30

Changed in juju:
milestone:	2.0.0 → 2.0.1

Curtis Hovey (sinzui) on 2016-11-01

Changed in juju:
milestone:	2.0.1 → none

Revision history for this message

Anastasia (anastasia-macmood) wrote on 2017-02-02:

Marking as Won't Fix for 2.0.x as no further 2.0.x releases are planned.

Changed in juju:
assignee:	Alexis Bruemmer (alexis-bruemmer) → nobody
milestone:	none → 2.2.0

Revision history for this message

John A Meinel (jameinel) wrote on 2017-03-10:

https://github.com/juju/juju/pull/7090

Changed in juju:
milestone:	2.2-rc1 → 2.1.2
assignee:	nobody → John A Meinel (jameinel)
status:	Triaged → In Progress

Revision history for this message

John A Meinel (jameinel) wrote on 2017-03-10:

Given things like "juju run --unit" need to run in a hook context, which means it is inherently running as root anyway, it makes the most sense for "juju run --machine" to also run as root. If they want to drop their permissions they can always "su - ubuntu" as part of the script.

I updated the CLI help text to indicate this and added an Issue against juju/docs that we should make sure any other documentation also indicates it is root.

Changed in juju:
status:	In Progress → Fix Committed

Curtis Hovey (sinzui) on 2017-03-15

Changed in juju:
status:	Fix Committed → Fix Released

Peter Matulis (petermatulis) on 2019-02-18

summary:	- Juju run runs as root, not 'ubuntu' + Juju run as root, not 'ubuntu'
summary:	- Juju run as root, not 'ubuntu' + Juju runs as root, not 'ubuntu'

Revision history for this message

Tim Penhey (thumper) wrote on 2019-02-18:

@Peter, this bug is about 'juju run' command, and not the jujud agents.

summary:	- Juju runs as root, not 'ubuntu' + Juju run as root, not 'ubuntu'
summary:	- Juju run as root, not 'ubuntu' + Juju run runs as root, not 'ubuntu'

Report a bug

This report contains Public information

Everyone can see this information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.