snapd

Permission denied when removing a snap

Bug #2002697 reported by james beedy
10
This bug affects 2 people
Affects Status Importance Assigned to Milestone
snapd
New
Undecided
Unassigned

Bug Description

Hello,

I am experiencing an issue where snaps cannot be removed on systems with non-native users.

In my scenario, a machine is joined to AD, and autofs and sssd are configured to mount a user's NFS home upon login.

For my user jamesbeedy,

$ juju ssh jamesbeedy@100

jamesbeedy@witty-lion:~$ pwd
/home/jamesbeedy

$ mount | grep jamesbeedy
mynfsserver.com:/gen-home/jamesbeedy on /home/jamesbeedy type nfs (rw,relatime,vers=3,rsize=131072,wsize=524288,namlen=255,hard,proto=tcp,timeo=600,retrans=2,sec=sys,mountaddr=10.254.253.183,mountvers=3,mountport=300,mountproto=udp,local_lock=none,addr=10.254.253.183)

If I install a snap as root, and then use it as my jamesbeedy user, a directory is created in my nfs home, /home/jamesbeedy/snap/pypi-server, which seems to present issues when trying to refresh or remove the snap (see https://paste.ubuntu.com/p/zPXgxmyCF5/).

`journalctl -u snapd --no-pager` shows https://paste.ubuntu.com/p/dsh8ybgKzF/

`kern.log` shows https://paste.ubuntu.com/p/xX46SccZhF/

I'm wondering if there is a known solution to using snaps on systems with non-native users?

Thanks

See original description
james beedy (jamesbeedy)
summary: - Permission denied when removing snap remove data for snap on
+ Permission denied when removing snap
summary: - Permission denied when removing snap
+ Permission denied when removing a snap
description: updated
james beedy (jamesbeedy)
description: updated
Revision history for this message
Michael Vogt (mvo) wrote :

Thanks for your bugreport.

I created https://github.com/snapcore/snapd/pull/12520 with an addition for our test suite to check if this is easily reproducible.

Revision history for this message
Michael Vogt (mvo) wrote :

Can you please check if mounting with "no_root_squash" fixes the issue? Looking at our tests I noticed that we mount with that option.

Miguel Pires (miguelpires1)
Changed in snapd:
status: New → Incomplete
Revision history for this message
james beedy (jamesbeedy) wrote :

hey @mvo, thanks for the response here. Using "no_root_squash" is not an option.

Billy Olsen (billy-olsen)
Changed in snapd:
status: Incomplete → New
Revision history for this message
Billy Olsen (billy-olsen) wrote :

Moving this back to new per the comment in #3.

Revision history for this message
james beedy (jamesbeedy) wrote :

@mvo, do you have any other insight on how we might address the issue?

Thanks

Revision history for this message
james beedy (jamesbeedy) wrote :

Hello 👋 @mvo and @miguelpires1 - would either of you be willing to have a quick chat about this issue?

Thanks

To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.