please support per-snap users (eg, for dropping privileges, supporting chown to that user, etc)

Bug #1619888 reported by Mark Shuttleworth
68
This bug affects 16 people
Affects Status Importance Assigned to Milestone
snapd
Confirmed
High
Unassigned

Bug Description

I have a snap which wants to drop root privileges and run as a user. So it needs to setup files (in $SNAP_COMMON) which are owned by that user. However, it seems unable to execute 'chown' in its wrapper even though it is doing so on files that are writable.

Revision history for this message
Zygmunt Krynicki (zyga) wrote :

Isn't this something you'd like to store in SNAP_USER_DATA and SNAP_USER_COMMON?

tags: added: snapd-interface
Changed in snappy:
status: New → Incomplete
Revision history for this message
Mark Shuttleworth (sabdfl) wrote : Re: [Bug 1619888] Re: Snap should be able to run chown

Yes, I am unable to run chown on files in $SNAP_COMMON

Revision history for this message
Jamie Strandboge (jdstrand) wrote : Re: Snap should be able to run chown

I believe this is a duplicate of bug #1581310 and is also related to supporting setuid. Historical context is that we disallow chown, setuid, etc because snapd does not yet have a way to add per-snap users. Once it does, the security policy for the snap can be updated to allow chown, setuid, etc to the per-snap user.

Revision history for this message
Robert Bruce Park (robru) wrote :

Hi, I'm trying to snap a web server that runs with gunicorn. Since i put "daemon: simple" in my yaml, snap starts my server automatically as root. Gunicorn then runs chown and explodes. Would be nice if it was possible to snap gunicorn, thanks.

Revision history for this message
James Tait (jamestait) wrote :

Similar thing with Cuberite, which statically links sqlite. Even though it runs as root, when it tries to chown the sqlite files to uid 0, seccomp kills the process - I applied a patch from http://pad.lv/1560899 to get it working.

Revision history for this message
Jamie Strandboge (jdstrand) wrote :

This bug and bug #1581310 are similar but different. Since the other bug deals with chowning to the calling user and root, I'm going to refocus this bug on adding support to snapd for adding users that snaps may use to drop privileges (and chown).

@Robert and @James, I suspect that your issues will be resolved when bug #1581310 is fixed, and fixing that can begin soon after various other dev work for snappy GA is completed

Fixing this bug (ie, adding support to snapd for snap-specific users) requires design for a full implementation (it is needed by lxd, docker, mysql, postgresql, etc, etc).

In the process of fixing bug #1581310, we could unblock people on this bug by allowing snaps to use the 'daemon' user and group. It is already on the system so needs no changes to snapd. I suspect this will be useful even when this bug is fixed.

summary: - Snap should be able to run chown
+ please support per-snap users (eg, for dropping privileges, supporting
+ chown to that user, etc)
Changed in snappy:
importance: Undecided → High
status: Incomplete → Confirmed
Michael Hall (mhall119)
tags: added: isv
Revision history for this message
Jamie Strandboge (jdstrand) wrote :

Discussion of this topic has moved to the forum: https://forum.snapcraft.io/t/snappy-and-users-and-groups/331

Revision history for this message
Jamie Strandboge (jdstrand) wrote :
Michael Vogt (mvo)
affects: snappy → snapd
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.

Duplicates of this bug

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.