This seems to be because the /var/tmp/candidate_running.conf file is left around from previous runs and has 644 permissions, only allowing the vyos user to write to it. This wouldn't become an issue if these files were cleaned up after the operation(s) are finished, which it seems the code as of now does not do that.
vyos@dev:~$ ls -la /var/tmp
total 20
drwxrwxrwt 6 root root 180 Jun 11 16:50 .
drwxr-xr-x 1 root
-rwxr-xr-x 1 vyos users 1896 Jun 11 16:48 backup_running.conf
-rw-r--r-- 1 vyos users 1784 Jun 11 16:48 candidate_running.conf
-rw-r--r-- 1 yzguy users 182 Jun 11 16:50 test.sh
So one issue I experienced is that I applied a config from napalm-vyos with the vyos user which was to add my personal user. This works fine.
However on the next run if I try to do a diff/commit with my personal user I get an error
This seems to be because the
/var/tmp/candidate_running.conffile is left around from previous runs and has 644 permissions, only allowing the vyos user to write to it. This wouldn't become an issue if these files were cleaned up after the operation(s) are finished, which it seems the code as of now does not do that.