New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Shared folders permission problem #151

Closed
fgrehm opened this Issue Sep 28, 2013 · 15 comments

Comments

Projects
None yet
5 participants
@fgrehm
Owner

fgrehm commented Sep 28, 2013

While trying out this Ubuntu Raring Vagrant VBox VM, I stumbled across a pretty bad issue that messes up with shared folders permissions. The problem is that the vagrant user on that VBox VM has an uid of 900, but the base boxes containers ship with the vagrant user with the uid of 1000.

The reason why things works fine for most cases is that Debian-like distros uses 1000 as the initial user id which usually maps to the same user id on the host machine.

Unfortunately I have no idea how to mount the shared folder on the guest container with a different uid / gid, a solution might be to implement support for NFS Shared folders to work around that for those who face this problem but I'd need to double check that. If you are experiencing this, please raise your hand :)

@tknerr

This comment has been minimized.

Show comment
Hide comment
@tknerr

tknerr Sep 29, 2013

Same here. Output looks like this:

...
[sample-app] Chef 11.6.0 Omnibus package is already installed.
[sample-app] Configuring cache buckets...
The following SSH command responded with a non-zero exit status.
Vagrant assumes that this means the command failed!

mkdir -p /tmp/vagrant-cache/gem/1.9.1

Stdout from the command:



Stderr from the command:

mkdir: cannot create directory ‘/tmp/vagrant-cache/gem’: Permission denied

More:

tknerr commented Sep 29, 2013

Same here. Output looks like this:

...
[sample-app] Chef 11.6.0 Omnibus package is already installed.
[sample-app] Configuring cache buckets...
The following SSH command responded with a non-zero exit status.
Vagrant assumes that this means the command failed!

mkdir -p /tmp/vagrant-cache/gem/1.9.1

Stdout from the command:



Stderr from the command:

mkdir: cannot create directory ‘/tmp/vagrant-cache/gem’: Permission denied

More:

@fgrehm

This comment has been minimized.

Show comment
Hide comment
@fgrehm

fgrehm Sep 29, 2013

Owner

yeah, that also happened to me while using vagrant-cachier =/ I did some research last night and it seems that it is not possible to bind mount the folders using a different uid / gid.
Based on Vagrant's code I'd say NFS could fix that but I'd need to double check. The downside is that bind mounts performs a lot better than NFS =/

Owner

fgrehm commented Sep 29, 2013

yeah, that also happened to me while using vagrant-cachier =/ I did some research last night and it seems that it is not possible to bind mount the folders using a different uid / gid.
Based on Vagrant's code I'd say NFS could fix that but I'd need to double check. The downside is that bind mounts performs a lot better than NFS =/

@fgrehm

This comment has been minimized.

Show comment
Hide comment
@fgrehm

fgrehm Dec 9, 2013

Owner

For the record, I'm planning to add support for NFS on the next release of vagrant-lxc. I've been taking a break from it over the past month but I plan to release one more version before the end of the year.

Owner

fgrehm commented Dec 9, 2013

For the record, I'm planning to add support for NFS on the next release of vagrant-lxc. I've been taking a break from it over the past month but I plan to release one more version before the end of the year.

@Restless-ET

This comment has been minimized.

Show comment
Hide comment
@Restless-ET

Restless-ET Dec 26, 2013

Hi @fgrehm

I was just wondering... are you still planning on releasing that new version (with NFS support) soon?

Kind regards

Restless-ET commented Dec 26, 2013

Hi @fgrehm

I was just wondering... are you still planning on releasing that new version (with NFS support) soon?

Kind regards

@fgrehm

This comment has been minimized.

Show comment
Hide comment
@fgrehm

fgrehm Dec 26, 2013

Owner

@Restless-ET hopefully yes, I'm going on vacations starting on Jan 4th and if all goes well I'll be able to cut a new release with NFS in place before heading out :-)

Owner

fgrehm commented Dec 26, 2013

@Restless-ET hopefully yes, I'm going on vacations starting on Jan 4th and if all goes well I'll be able to cut a new release with NFS in place before heading out :-)

@Restless-ET

This comment has been minimized.

Show comment
Hide comment
@Restless-ET

Restless-ET Dec 27, 2013

Glad to ear that, I'm really looking forward to the NFS support.
Wishes of a nice vacation. :)

Regards

Restless-ET commented Dec 27, 2013

Glad to ear that, I'm really looking forward to the NFS support.
Wishes of a nice vacation. :)

Regards

@fgrehm

This comment has been minimized.

Show comment
Hide comment
@fgrehm

fgrehm Jan 29, 2014

Owner

For the record, vagrant 1.5 will ship with rsync support as well and we'll be able to use as a workaround for this as well ;-)

Owner

fgrehm commented Jan 29, 2014

For the record, vagrant 1.5 will ship with rsync support as well and we'll be able to use as a workaround for this as well ;-)

@fgrehm

This comment has been minimized.

Show comment
Hide comment
@fgrehm

fgrehm Feb 2, 2014

Owner

The next major version of the plugin will drop support for vagrant < 1.4 and will have support for NFS and rsync out of the box. I'm closing it in favor of GH-191

Owner

fgrehm commented Feb 2, 2014

The next major version of the plugin will drop support for vagrant < 1.4 and will have support for NFS and rsync out of the box. I'm closing it in favor of GH-191

@fgrehm fgrehm closed this Feb 2, 2014

fgrehm added a commit that referenced this issue Mar 14, 2014

@twolfson

This comment has been minimized.

Show comment
Hide comment
@twolfson

twolfson Apr 30, 2016

I'm not sure about other users but I am considering using vagrant-lxc because NFS and rsync are too slow for my needs. As a result, suggesting those as a workaround is backwards =/

As an alternative, I wrote a script to update the vagrant user's UID and GID to match the host machine's UID/GID. I wasn't able to use usermod (which would have made things much simpler) due to the host OS complaining about vagrant user being in use (even though it wasn't). Here's the script I am using in my Vagrantfile:

# Repair Vagrant UID/GID to match our current user
uid = `id -u`.strip()
gid = `id -g`.strip()
config.vm.provision "shell", inline: <<-EOF
  # Exit on first error
  set -e

  # Resolve our UID and GID
  src_uid="$(id -u vagrant)"
  target_uid="#{uid}"
  src_gid="$(id -g vagrant)"
  target_gid="#{gid}"

  # If the user and group ids are aligned, then exit early
  if test "$src_uid" = "$target_uid" && test "$src_gid" = "$target_gid"; then
    exit 0
  fi

  # Otherwise, update our user id and group id
  # DEV: We cannot use \`usermod\` as it complains about \`vagrant\` having a process
  # Example: UID=100; GID=101
  #  /etc/shadow: libuuid:x:100:101::/var/lib/libuuid:
  #  /etc/group: libuuid:x:101:
  sed -E "s/(vagrant:.:)$src_uid:$src_gid:/\\1$target_uid:$target_gid:/g" --in-place /etc/passwd
  sed -E "s/(vagrant:.:)$src_gid:/\\1$target_gid:/g" --in-place /etc/group

  # Update all files to the proper user and group
  find / -uid "$src_uid" -print0 2> /dev/null | grep --invert-match -E "^(/sys|/proc)" | xargs -0 chown "$target_uid"
  find / -gid "$src_gid" -print0 2> /dev/null | grep --invert-match -E "^(/sys|/proc)" | xargs -0 chgrp "$target_gid"
EOF

Edit: Added -print0/-0 (null delimiter) to find and xargs via #151 (comment)

twolfson commented Apr 30, 2016

I'm not sure about other users but I am considering using vagrant-lxc because NFS and rsync are too slow for my needs. As a result, suggesting those as a workaround is backwards =/

As an alternative, I wrote a script to update the vagrant user's UID and GID to match the host machine's UID/GID. I wasn't able to use usermod (which would have made things much simpler) due to the host OS complaining about vagrant user being in use (even though it wasn't). Here's the script I am using in my Vagrantfile:

# Repair Vagrant UID/GID to match our current user
uid = `id -u`.strip()
gid = `id -g`.strip()
config.vm.provision "shell", inline: <<-EOF
  # Exit on first error
  set -e

  # Resolve our UID and GID
  src_uid="$(id -u vagrant)"
  target_uid="#{uid}"
  src_gid="$(id -g vagrant)"
  target_gid="#{gid}"

  # If the user and group ids are aligned, then exit early
  if test "$src_uid" = "$target_uid" && test "$src_gid" = "$target_gid"; then
    exit 0
  fi

  # Otherwise, update our user id and group id
  # DEV: We cannot use \`usermod\` as it complains about \`vagrant\` having a process
  # Example: UID=100; GID=101
  #  /etc/shadow: libuuid:x:100:101::/var/lib/libuuid:
  #  /etc/group: libuuid:x:101:
  sed -E "s/(vagrant:.:)$src_uid:$src_gid:/\\1$target_uid:$target_gid:/g" --in-place /etc/passwd
  sed -E "s/(vagrant:.:)$src_gid:/\\1$target_gid:/g" --in-place /etc/group

  # Update all files to the proper user and group
  find / -uid "$src_uid" -print0 2> /dev/null | grep --invert-match -E "^(/sys|/proc)" | xargs -0 chown "$target_uid"
  find / -gid "$src_gid" -print0 2> /dev/null | grep --invert-match -E "^(/sys|/proc)" | xargs -0 chgrp "$target_gid"
EOF

Edit: Added -print0/-0 (null delimiter) to find and xargs via #151 (comment)

@fgrehm

This comment has been minimized.

Show comment
Hide comment
@fgrehm

fgrehm Dec 7, 2016

Owner

@twolfson I know it's been a while but you can also create a base box with the proper GID / UID 😄

Owner

fgrehm commented Dec 7, 2016

@twolfson I know it's been a while but you can also create a base box with the proper GID / UID 😄

@twolfson

This comment has been minimized.

Show comment
Hide comment
@twolfson

twolfson Dec 7, 2016

@fgrehm I think that would work for a single user but what if your team has multiple machines with different GID/UID =/

twolfson commented Dec 7, 2016

@fgrehm I think that would work for a single user but what if your team has multiple machines with different GID/UID =/

@fgrehm

This comment has been minimized.

Show comment
Hide comment
@fgrehm

fgrehm Dec 7, 2016

Owner

oh yeah, that sucks. its been a while since I last done any LXC work but last time I looked into this NFS was the only way I could get it working

Owner

fgrehm commented Dec 7, 2016

oh yeah, that sucks. its been a while since I last done any LXC work but last time I looked into this NFS was the only way I could get it working

@twolfson

This comment has been minimized.

Show comment
Hide comment
@twolfson

twolfson Dec 8, 2016

After some searching, it looks like there's a id_map config that should work:

lxc/lxc#1176

https://linuxcontainers.org/lxc/manpages/man5/lxc.container.conf.5.html#lbBB

  config.vm.provider "lxc" do |lxc|
    config.vm.box = "fgrehm/trusty64-lxc"
    lxc.customize("id_map", "u 1000 1001 1")
    lxc.customize("id_map", "g 1000 1001 1")
    # Later on, use #{uid} with uid = `id -u`.strip() from previous iteration
  end

I tried to get it working but couldn't. Unfortunately, I'm out of time to explore it but thankfully the script I posted has been working well for me =)

twolfson commented Dec 8, 2016

After some searching, it looks like there's a id_map config that should work:

lxc/lxc#1176

https://linuxcontainers.org/lxc/manpages/man5/lxc.container.conf.5.html#lbBB

  config.vm.provider "lxc" do |lxc|
    config.vm.box = "fgrehm/trusty64-lxc"
    lxc.customize("id_map", "u 1000 1001 1")
    lxc.customize("id_map", "g 1000 1001 1")
    # Later on, use #{uid} with uid = `id -u`.strip() from previous iteration
  end

I tried to get it working but couldn't. Unfortunately, I'm out of time to explore it but thankfully the script I posted has been working well for me =)

@bryanlarsen

This comment has been minimized.

Show comment
Hide comment
@bryanlarsen

bryanlarsen Dec 19, 2016

@twolfson, your script appears to be working great for me. I had to add a '-print0' to the find script and use '-0' to xargs because we have some filenames with spaces. Thanks!

bryanlarsen commented Dec 19, 2016

@twolfson, your script appears to be working great for me. I had to add a '-print0' to the find script and use '-0' to xargs because we have some filenames with spaces. Thanks!

@twolfson

This comment has been minimized.

Show comment
Hide comment
@twolfson

twolfson Dec 19, 2016

Ah, null delimiter. Nice catch, I'll update the comment 👍

twolfson commented Dec 19, 2016

Ah, null delimiter. Nice catch, I'll update the comment 👍

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment