[BUG] Commands triggered by virtualenv.managed might not respect the user param

[marangonico]

Description Commands triggered by virtualenv.managed might not respect the user parameter, which result in a pycache folder owned by root, triggering permission issues later on. This bug is the same as #57550

Setup Ubuntu 20.04, python 3.7, salt 3002.2

Example of state used:

virtualenv_init:
  virtualenv.managed:
    - venv_bin: virtualenv
    - name: /opt/chimera/env/chimera
    - python: /usr/bin/python3.8
    - distribute: False
    - user: chimera
    - no_chown: True

virtualenv_setup_requirements/production.txt:
  pip.installed:
    - bin_env: /opt/chimera/env/chimera
    - user: chimera
    - no_chown: True
    - requirements: /opt/chimera/chimera/requirements/production.txt

Expected behavior Execution of the above state is partially executed as root and .pyc files are written as such. [ERROR ] stderr: ERROR: Could not install packages due to an EnvironmentError: [Errno 13] Permission denied: '/opt/penta/env/chimera/lib/python3.7/site-packages/__pycache__/zipp.cpython-37.pyc' Consider using the--useroption or check the permissions.

Versions Report

salt --versions-report

(Provided by running salt --versions-report. Please also mention any differences in master/minion versions.) ``` Salt Version: Salt: 3002.2 Dependency Versions: cffi: Not Installed cherrypy: Not Installed dateutil: 2.7.3 docker-py: Not Installed gitdb: Not Installed gitpython: Not Installed Jinja2: 2.10.1 libgit2: Not Installed M2Crypto: Not Installed Mako: Not Installed msgpack: 0.6.2 msgpack-pure: Not Installed mysql-python: Not Installed pycparser: Not Installed pycrypto: Not Installed pycryptodome: 3.6.1 pygit2: Not Installed Python: 3.8.5 (default, Jul 28 2020, 12:59:40) python-gnupg: 0.4.5 PyYAML: 5.3.1 PyZMQ: 18.1.1 smmap: Not Installed timelib: Not Installed Tornado: 4.5.3 ZMQ: 4.3.2 System Versions: dist: ubuntu 20.04 focal locale: utf-8 machine: x86_64 release: 5.4.0-51-generic system: Linux version: Ubuntu 20.04 focal ```

[welcome[bot]]

Hi there! Welcome to the Salt Community! Thank you for making your first contribution. We have a lengthy process for issues and PRs. Someone from the Core Team will follow up as soon as possible. In the meantime, here’s some information that may help as you continue your Salt journey. Please be sure to review our Code of Conduct. Also, check out some of our community resources including:

• Community Wiki
• Salt’s Contributor Guide
• Join our Community Slack
• IRC on Freenode
• SaltStack YouTube channel
• SaltStackInc Twitch channel

There are lots of ways to get involved in our community. Every month, there are around a dozen opportunities to meet with other contributors and the Salt Core team and collaborate in real time. The best way to keep track is by subscribing to the Salt Community Events Calendar. If you have additional questions, email us at core@saltstack.com. We’re glad you’ve joined our community and look forward to doing awesome things with you!

[krionbsd]

@marangonico did you check permissions on pycache dir before executing the state?

[marangonico]

@marangonico did you check permissions on pycache dir before executing the state?

IIRC, yes... but it was a month ago, I cannot be sure. ¯\(ツ)/¯

[mced]

@krionbsd I've just tested few minutes and I confirm that the virtualenv created with saltstack has root permissions on __pycache__ directory and not user's one...

/home/django/app:
  virtualenv.managed:
    - cwd: /home/django/app
    - requirements: /home/django/app/requirements.txt
    - user: django
    - python: /usr/bin/python3.8

Maybe @waynew would have an insight on how to fix that bug ?

[kornpow]

This is still an issue for me salt 3002.6 Ubuntu 20.04

[noelmcloughlin]

salt 3003.1 Ubuntu 20.04 py 3.8 deleting the _pycache and passing " - env_vars: { PYTHONDONTWRITEBYTECODE: 1} " arg did not help

[noelmcloughlin]

Combining runas: myuser with user: myuser fixed the issue for me on Ubuntu 20.04. It took some time to discover that because runas is undocumented at virtualenv.managed

[ghost]

Noting this bug persists in Ubuntu 22.04 too. The runas workaround above fixed this for me.

[Vringe]

Still a problem with 3005.1..

[DasSkelett]

It looks like there was some work on this in https://github.com/saltstack/salt/pull/59089, which would need to be picked up again