search

loft-sh / devpod

Codespaces but open-source, client-only and unopinionated: Works with any IDE and lets you use any cloud, kubernetes or just localhost docker.
https://devpod.sh
Mozilla Public License 2.0
8.73k stars 328 forks source link

Permission error when using podman and having different uid between host and remote users #1284

Open aacebedo opened 3 days ago

aacebedo commented 3 days ago

What happened?
There is an issue with uid and permissions settings when using podman. It is due to the addition of the userns=keep-id option that is now added automatically by devpod when podman is used (wihich is a good thing IMHO).

This option makes podman to recopy the host user inside the container with the same uid. If one create a user inside the container with a uid different than the host user, devpod will not be able to change the uid of the remoteUser as the host user now already exists in the container.

However, devpod still chown everything with the initial remoteUser uid which was not changed and thus breaks all permissions on the host.

This behaviour is not exhibited when uid of host user and remote user are the same. In this case, podman does not create the user in the container and keep the already existing remoteuser. Devpod does not have anything to change then.

What did you expect to happen instead?
Devpod shall be able to change the uid of the remoteUser even if a user already exists.

How can we reproduce the bug? (as minimally and precisely as possible)

My devcontainer.json:

{
  "image": "ubuntu",
  "remoteUser": "johndoe",
  "features": {
      "./test":{}
  },
}

test feature:

#!/bin/bash
set -e

export DEBIAN_FRONTEND=noninteractive

OS_ID=$(awk -F "=" '/^ID=/ {print $2}' /etc/os-release)

echo "export TZ=Europe/Paris" >> /etc/profile
echo "export LANG=en_US.UTF-8" >> /etc/profile
echo "export LANGUAGE=en_US:en" >> /etc/profile
echo "export LC_ALL=en_US.UTF-8" >> /etc/profile
echo "export LC_CTYPE=en_US.UTF-8" >> /etc/profile

source /etc/profile
apt update
apt install -y --no-install-recommends \
                sudo \
                locales \
                ssh
sed -i '/en_US.UTF-8/s/^# //g' /etc/locale.gen
locale-gen

useradd -u 10000 -m -N  -g users johndoe
passwd --delete johndoe
usermod -aG sudo johndoe

Ensure that host user does not have uid 10000

Local Environment:

DevPod Provider:

Anything else we need to know?

aacebedo commented 3 days ago

In fact I checked the code and I think that UpdateRemoteUserUID is not used by devpod. So permissions uid is never changed. Maybe if this is implemented, the keep-id option may be not useful anymore.

pascalbreuninger commented 2 days ago

Hey @aacebedo , thanks for reporting the issue and opening a PR! Will take a look at it soon. One more step to bridge the gap to the spec :)

aacebedo commented 2 days ago

Note I was not able to test it on a cloud setup. So I may have done some errors in the code on this aspect.