search

threefoldtech / 0-hub

Threefold Images Hub
https://hub.grid.tf
Apache License 2.0
1 stars 1 forks source link

Docker conversion file owners #45

Closed tobiaschielens closed 3 years ago

tobiaschielens commented 3 years ago

When converting a docker to a flist all files and folders are owned by root. While in the docker some folders and files are not owned by root. Example: The folder /tobias and the file /tobias/test.tobias are owned by the user tobias in the docker but not in the flist. jimbersoftware/test:0.1 https://hub.grid.tf/tobias.3bot/jimbersoftware-test-0.1.flist

The user tobias is listed in the /etc/passwd file of the flist

zaibon commented 3 years ago

How old is this flist ? This bug has been fixed few weeks ago. Normally now, all the permission from the original docker image should be conserved in the flist.

cc @maxux

tobiaschielens commented 3 years ago

Converted it one hour ago with https://hub.grid.tf/

maxux commented 3 years ago

This is coming from https://hub.grid.tf/tobias.3bot/jimbersoftware-test-0.1.flist:

$ ./zflist open /tmp/jimbersoftware-test-0.1.flist
$ ./zflist ls
drwxr-xr-x root     root            902  bin
drwxr-xr-x root     root              0  boot
drwxr-xr-x root     root             26  dev
drwxr-xr-x root     root           1168  etc
drwxr-xr-x root     root              0  home
drwxr-xr-x root     root             84  lib
drwxr-xr-x root     root             40  lib64
drwxr-xr-x root     root              0  media
drwxr-xr-x root     root              0  mnt
drwxr-xr-x root     root              0  opt
drwxr-xr-x root     root              0  proc
drwx------ root     root             56  root
drwxr-xr-x root     root             40  run
drwxr-xr-x root     root           1144  sbin
drwxr-xr-x root     root              0  srv
drwxr-xr-x root     root              0  sys
drwxrwxrwx root     root              0  tmp
drwxr-xr-x 1000     1000             30  tobias
drwxr-xr-x root     root             70  usr
drwxr-xr-x root     root             90  var
-rwxr-xr-x root     root              0  .dockerenv
-rw-r--r-- root     root            205  .startup.toml

$ ./zflist ls /tobias
-rw-r--r-- root     root              0  test
-rw-r--r-- 1000     1000              0  test.tobias

User 1000 is well set. How did you tested ? Do you use latest version of 0-fs ?

Internal flist permissions are correct.

tobiaschielens commented 3 years ago

Updated the poetry now it seems to be working. Guess the version was outdated

tobiaschielens commented 3 years ago

Is it possible that there is a bug with the permission conversion? on the left you see the converted docker /etc/passwd file and on the right the docker one. Also an ls -al for showing permissions. It's clear that the ds user is not identified by 1000. Converted onlyoffice/documentserver:5.6 Flist URL https://hub.grid.tf/tobias.3bot/onlyoffice-documentserver-5.6.flist image

maxux commented 3 years ago

Thanks ! I'm checking with the image name and the internal process, to see where something weird happens :) Note: please use stat command when debugging permissions and not ls.

maxux commented 3 years ago 
# ls -alh 
total 16K
drwxr-xr-x  4 root root 4.0K Sep 16 16:39 .
drwxr-xr-x  4 root root 4.0K Sep 16 16:38 ..
drwxr-xr-x  2 ds   ds   4.0K Sep 16 16:39 Data
drwxr-xr-x 10 ds   ds   4.0K Sep 16 16:39 documentserver
# stat Data
  File: Data
  Size: 4096        Blocks: 8          IO Block: 4096   directory
Device: 801h/2049d  Inode: 11288646    Links: 2
Access: (0755/drwxr-xr-x)  Uid: (  106/      ds)   Gid: (  108/      ds)
Access: 1970-01-01 00:00:00.000000000 +0000
Modify: 2020-09-16 16:39:16.000000000 +0000
Change: 2020-10-12 14:56:03.077445976 +0000
 Birth: -
# stat documentserver
  File: documentserver
  Size: 4096        Blocks: 8          IO Block: 4096   directory
Device: fd02h/64770d    Inode: 277215      Links: 10
Access: (0755/drwxr-xr-x)  Uid: (  106/      ds)   Gid: (  108/      ds)
Access: 2020-10-12 14:56:29.446182214 +0000
Modify: 2020-09-16 16:39:16.000000000 +0000
Change: 2020-10-12 14:54:49.754179416 +0000
 Birth: -

Do you update Data owner to root at some point ? Because both directories should be ds/ds (106/108) And on your zos screenshot, Data permissions are well set to ds/ds.

tobiaschielens commented 3 years ago

No, I've deployed the container using the threebot frontend and then just used corex to get into the container.

maxux commented 3 years ago

Did you used the https://hub.grid.tf to convert the docker aswell ? Because when inspecting the flist, it looks like being generated with some old tools. This is odd.

tobiaschielens commented 3 years ago

Yes indeed I used that tool. Is there some caching on that tool? Cause we already tried it some time ago.

maxux commented 3 years ago

After investigation, using playground.hub.grid.tf which use latest code, everything is okay. The production hub.grid.tf doesn't have this feature yet, I'll update it anytime soon.

About the difference of Data ownership, this is caused by volumes. This directory is a volume and docker export doesn't follow volumes (and thus permissions) since it use underlaying directory.

The documentserver is well set as 106/108 which is ds/ds according to passwd from the container.