please support per-snap users (eg, for dropping privileges, supporting chown to that user, etc)

Bug #1619888 reported by Mark Shuttleworth on 2016-09-03
This bug affects 11 people
Affects Status Importance Assigned to Milestone

Bug Description

I have a snap which wants to drop root privileges and run as a user. So it needs to setup files (in $SNAP_COMMON) which are owned by that user. However, it seems unable to execute 'chown' in its wrapper even though it is doing so on files that are writable.

Zygmunt Krynicki (zyga) wrote :

Isn't this something you'd like to store in SNAP_USER_DATA and SNAP_USER_COMMON?

tags: added: snapd-interface
Changed in snappy:
status: New → Incomplete

Yes, I am unable to run chown on files in $SNAP_COMMON

I believe this is a duplicate of bug #1581310 and is also related to supporting setuid. Historical context is that we disallow chown, setuid, etc because snapd does not yet have a way to add per-snap users. Once it does, the security policy for the snap can be updated to allow chown, setuid, etc to the per-snap user.

Robert Bruce Park (robru) wrote :

Hi, I'm trying to snap a web server that runs with gunicorn. Since i put "daemon: simple" in my yaml, snap starts my server automatically as root. Gunicorn then runs chown and explodes. Would be nice if it was possible to snap gunicorn, thanks.

James Tait (jamestait) wrote :

Similar thing with Cuberite, which statically links sqlite. Even though it runs as root, when it tries to chown the sqlite files to uid 0, seccomp kills the process - I applied a patch from to get it working.

Jamie Strandboge (jdstrand) wrote :

This bug and bug #1581310 are similar but different. Since the other bug deals with chowning to the calling user and root, I'm going to refocus this bug on adding support to snapd for adding users that snaps may use to drop privileges (and chown).

@Robert and @James, I suspect that your issues will be resolved when bug #1581310 is fixed, and fixing that can begin soon after various other dev work for snappy GA is completed

Fixing this bug (ie, adding support to snapd for snap-specific users) requires design for a full implementation (it is needed by lxd, docker, mysql, postgresql, etc, etc).

In the process of fixing bug #1581310, we could unblock people on this bug by allowing snaps to use the 'daemon' user and group. It is already on the system so needs no changes to snapd. I suspect this will be useful even when this bug is fixed.

summary: - Snap should be able to run chown
+ please support per-snap users (eg, for dropping privileges, supporting
+ chown to that user, etc)
Changed in snappy:
importance: Undecided → High
status: Incomplete → Confirmed
Michael Hall (mhall119) on 2017-02-20
tags: added: isv
Jamie Strandboge (jdstrand) wrote :

Discussion of this topic has moved to the forum:

To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Duplicates of this bug

Other bug subscribers