© 2004
Canonical Ltd.
•
Terms of use
•
Data privacy
•
Contact Launchpad Support
•
Blog
•
Careers
•
System status
•
1b1ed1a
(Get the code!)
Having briefly tried to get snap to work a few years ago on Ubuntu 18.04, before giving up, I have just upgraded to Ubuntu 20.04, and snap appears to cause problems again, especially as larger parts of Ubuntu now seem to rely on snap (e.g. the "Software Install" GUI tool). Therefore I'm interested in hearing what progress there has been since 18.04 with snap in environments with NFS-mounted $HOME with symbolic links in the $HOME path.
My environment is a centrally managed Linux workstation in a major computer-science department, where all user home directories are located on an NFS filer. Specifically, my environment has the following characteristics:
$ getent passwd mgk25
mgk25:*
$ echo $HOME
/home/mgk25
$ ls -l /home
lrwxrwxrwx 1 root root 5 Oct 22 23:35 /home -> homes
$ ls -l /homes
lrwxrwxrwx 1 root root 11 Oct 13 2008 /homes -> /auto/homes
$ ls -ld /auto/homes/mgk25
drwxr-xr-x 223 mgk25 mgk25 65536 Oct 23 17:02 /auto/homes/mgk25
$ findmnt $HOME
TARGET SOURCE FSTYPE OPTIONS
/auto/homes/mgk25 wulbor.
In other words:
- my $HOME contains two symbolic links in its path
- my $HOME is auto-mounted via either NFSv3 or NFSv4.1 using Kerberos authentication (sec=krb5p)
- the filer implements root squashing
- the Kerberos machine credential in /etc/krb5.keytab (used by processes with EUID=root) maps on the filer to user "nobody" and therefore only has "others"-level access to files on the filer.
- local system user/group IDs (any UID/GID < 1000 other than root) do not have any Kerberos ticket and therefore have no access to the filer
Is there any chance that snap could ever work in such an environment?
The very idea of mounting something inside ~/.snap/ seems infeasible in such an environment. So is there any way to use snapd such that it never accesses $HOME?