Lando changes all the file permissions

[neclimdul]

Bug Report

Lando v3.0.0-beta-35 and source build on Ubuntu 17.10

.lando.yml

name: laraveltest
recipe: laravel
config:
  webroot: ./public/
  via: nginx
  php: '7.2'

Steps:

# Just to makes things fail a bit earlier and easier.
sudo rm -rf ~/.lando
lando start

Output:

# lando start
Recreating landoproxyhyperion5000gandalfedition_proxy_1 ... 
Recreating landoproxyhyperion5000gandalfedition_proxy_1 ... done
Creating network "laraveltest_default" with the default driver
Creating volume "laraveltest_appserver" with default driver
Creating volume "laraveltest_data" with default driver
Creating volume "laraveltest_data_database" with default driver
Creating laraveltest_appserver_1 ... 
Creating laraveltest_database_1 ... 
Creating laraveltest_database_1
Creating laraveltest_appserver_1 ... done
Creating laraveltest_nginx_1 ... 
Creating laraveltest_nginx_1 ... done
error:  Error: EACCES: permission denied, open '/home/neclimdul/.lando/cache/laraveltest:last_build'
    at Object.fs.openSync (fs.js:638:18)
    at Object.fs.openSync (pkg/prelude/bootstrap.js:466:32)
    at Object.fs.writeFileSync (fs.js:1287:33)
    at Object.writeFileSync (/snapshot/cli/node_modules/jsonfile/index.js:115:13)
    at Object.exports.set (/snapshot/cli/lib/cache.js:0:0)
    at AsyncEvents.<anonymous> (/snapshot/cli/plugins/lando-services/lib/config.js:0:0)
    at AsyncEvents.handle (/snapshot/cli/lib/events.js:0:0)
    at /snapshot/cli/lib/events.js:0:0
From previous event:
    at AsyncEvents.emit (/snapshot/cli/lib/events.js:0:0)
    at /snapshot/cli/lib/app.js:0:0
From previous event:
    at Object.exports.start (/snapshot/cli/lib/app.js:0:0)
    at /snapshot/cli/plugins/lando-core/lib/tasks/start.js:0:0
From previous event:
    at Object.run (/snapshot/cli/plugins/lando-core/lib/tasks/start.js:0:0)
From previous event:
    at /snapshot/cli/lib/tasks.js:0:0
    at runCallback (timers.js:800:20)
    at tryOnImmediate (timers.js:762:5)
    at processImmediate [as _immediateCallback] (timers.js:733:5)
From previous event:
    at Object.exports.parseToYargs.command.handler (/snapshot/cli/lib/tasks.js:0:0)
    at Object.module.exports.self.runCommand (/snapshot/cli/node_modules/yargs/lib/command.js:170:22)
    at parseArgs (/snapshot/cli/node_modules/yargs/yargs.js:920:28)
    at Object.get [as argv] (/snapshot/cli/node_modules/yargs/yargs.js:860:16)
    at /snapshot/cli/lib/cli.js:0:0
From previous event:
    at Object.exports.init (/snapshot/cli/lib/cli.js:0:0)
    at /snapshot/cli/bin/lando.js:0:0
From previous event:
    at Object.<anonymous> (/snapshot/cli/bin/lando.js:0:0)
    at Module._compile (pkg/prelude/bootstrap.js:1226:22)
    at Object.Module._extensions..js (module.js:580:10)
    at Module.load (module.js:503:32)
    at tryModuleLoad (module.js:466:12)
    at Function.Module._load (module.js:458:3)
    at Function.Module.runMain (pkg/prelude/bootstrap.js:1281:12)
    at startup (bootstrap_node.js:200:16)
    at bootstrap_node.js:617:3
error:  Error: EACCES: permission denied, open '/home/neclimdul/.lando/logs/error.log'

Basically just trying to start a lando site and it fails completely. With an existing config directory that's had the file permissions reset, the failure stack trace is slightly different but the error with the permission failure is the same.

The problem seems to be that at some point during the startup proces the .lando directory and the project directory get their file permissions entirely replaced by uid 82 gid 82 and then everything starts falling apart as my user isn't able to access and modify the different files.

[pirog]

@neclimdul what is your actual host uid/gid?

[neclimdul]

1000:1000

I did some additional digging into this and after aggressively removing all container images from my system it seems to have resolved itself... I'm not sure what that means but it might mean that this issue just gets closed.

[quietone1]

I'm having the same problem. Some files are now uid 82 gid 82 some are not. lando start fails with

 [ErrorException]                                                                       
  file_put_contents(/app/vendor/autoload.php): failed to open stream: Permission denied  

It is the process of rebuilding now.

I am uid:gid 1001:1001 Debian 9/lando v3.0.0-beta.35

[quietone1]

The rebuild had a failure, mv: cannot create regular file '/usr/local/bin/drush': Permission denied but I get that all the time. So I used lando composer to get drush. Then did lando rebuild which didn't report a failure but didn't run everything in the build script. So, I thought why not try again. No luck there either, just full circle back to permission problems.

$ lando rebuild

There is an update available!!!
Install it to get the latest and greatest

Updating helps us provide the best support
https://github.com/lando/lando/releases/tag/v3.0.0-beta.37

? Are you sure you want to rebuild? Yes
Stopping dev0_appserver_1 ... done
Stopping dev0_pma_1 ... done
Stopping dev0_database_1 ... done
Removing dev0_appserver_1 ... done
Removing dev0_pma_1 ... done
Removing dev0_database_1 ... done
Pulling appserver (devwithlando/php:7.1-apache)...
Pulling pma (phpmyadmin/phpmyadmin:latest)...
Pulling database (mariadb:10.1)...
appserver uses an image, skipping
pma uses an image, skipping
database uses an image, skipping
landoproxyhyperion5000gandalfedition_proxy_1 is up-to-date
Creating dev0_pma_1 ...
Creating dev0_appserver_1 ...
Creating dev0_database_1 ...
Creating dev0_pma_1
Creating dev0_database_1
Creating dev0_appserver_1 ... done
error:  Error: EACCES: permission denied, open '/home/vicki/.lando/cache/dev0:last_build'
    at Object.fs.openSync (fs.js:638:18)
    at Object.fs.openSync (pkg/prelude/bootstrap.js:466:32)
    at Object.fs.writeFileSync (fs.js:1287:33)
    at Object.writeFileSync (/snapshot/cli/node_modules/jsonfile/index.js:115:13)
    at Object.exports.set (/snapshot/cli/lib/cache.js:0:0)
    at AsyncEvents.<anonymous> (/snapshot/cli/plugins/lando-services/lib/config.js:0:0)
    at AsyncEvents.handle (/snapshot/cli/lib/events.js:0:0)
    at /snapshot/cli/lib/events.js:0:0
From previous event:
    at AsyncEvents.emit (/snapshot/cli/lib/events.js:0:0) 
From previous event:
    at Object.exports.start (/snapshot/cli/lib/app.js:0:0)
    at /snapshot/cli/lib/app.js:0:0
    at runCallback (timers.js:800:20)
    at tryOnImmediate (timers.js:762:5)
    at processImmediate [as _immediateCallback] (timers.js:733:5)
From previous event:
    at Object.exports.rebuild (/snapshot/cli/lib/app.js:0:0)
    at /snapshot/cli/plugins/lando-core/lib/tasks/rebuild.js:0:0
From previous event:
    at Object.run (/snapshot/cli/plugins/lando-core/lib/tasks/rebuild.js:0:0)
From previous event:
    at /snapshot/cli/lib/tasks.js:0:0
    at runCallback (timers.js:800:20)
    at tryOnImmediate (timers.js:762:5)
    at processImmediate [as _immediateCallback] (timers.js:733:5)
From previous event:
    at Object.exports.parseToYargs.command.handler (/snapshot/cli/lib/tasks.js:0:0)
    at Object.module.exports.self.runCommand (/snapshot/cli/node_modules/yargs/lib/command.js:170:22)
    at parseArgs (/snapshot/cli/node_modules/yargs/yargs.js:920:28)
    at Object.get [as argv] (/snapshot/cli/node_modules/yargs/yargs.js:860:16)
    at /snapshot/cli/lib/cli.js:0:0
From previous event:
    at Object.exports.init (/snapshot/cli/lib/cli.js:0:0) 
    at /snapshot/cli/bin/lando.js:0:0
From previous event:
    at Object.<anonymous> (/snapshot/cli/bin/lando.js:0:0)
    at Module._compile (pkg/prelude/bootstrap.js:1226:22) 
    at Object.Module._extensions..js (module.js:580:10)   
    at Module.load (module.js:503:32)
    at tryModuleLoad (module.js:466:12)
    at Function.Module._load (module.js:458:3)
    at Function.Module.runMain (pkg/prelude/bootstrap.js:1281:12)
    at startup (bootstrap_node.js:200:16)
    at bootstrap_node.js:617:3
error:  Error: EACCES: permission denied, open '/home/vicki/.lando/logs/error.log'

[AaronFeledy]

I've also seen this 82:82 issue on my Ubuntu 17.10 machine, although I was never able to reproduce it.

[neclimdul]

Poking around in the source I'm guessing something is going on with plugins/lando-engine/scripts/user-perms.sh which does look like it changes the permissions on a lot of the directories we're talking about here. I'm not sure how, when, or why that runs though so its hard for me to say. Also... its not happening currently so I can't debug it :( :(

[pirog]

@neclimdul the script is necessary for linux users because we need to map host ownership to container ownership.

Usually when we do this perm mapping the container user is www-data and the id there is 33. Looks like 82 is the the id for www-data in alpine based containers so im guessing that might help us lock down more consistent steps to reproduce this.

Next time someone runs into this it would be great to get a full lando logs of the failing app so we can see if those boot scripts do anything weird

[neclimdul]

If they're volume mounts wouldn't they already have the correct ownership?

[pirog]

This is a pretty well known and documented problem https://denibertovic.com/posts/handling-permissions-with-docker-volumes/

[pirog]

Alright, i think i've got enough on this to try find where this is going wrong so we can provide resolution.

Moving this into current sprint

[pirog]

So, cursory pass here but the services that have www-data with id 82 are

• phpmyadmin
• mailhog

Could be others but those are the obvious candidates. So i THINK this CAN periodically happen if you are using one of those services. Going to try to replicate...

[pirog]

name: canhazfubarpermz?
services:
  pma:
    type: phpmyadmin
  mailhog:
    type: mailhog
    hogfrom:
      - pma

If you run the above on linux you should be able to replicate

[pirog]

Was able to track this down and provide a PR @ #805. Hopefully it will be rolled into beta.38

[pirog]

Merged into master and closing!