Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Pemission issues when multiple users use the same host with the ssh-provider #1000

Closed
Freberg opened this issue Apr 12, 2024 · 2 comments · Fixed by loft-sh/devpod-provider-ssh#26
Closed

Pemission issues when multiple users use the same host with the ssh-provider #1000

Freberg opened this issue Apr 12, 2024 · 2 comments · Fixed by loft-sh/devpod-provider-ssh#26
Assignees
@89luca89

Comments

@Freberg
Copy link

Freberg commented Apr 12, 2024

What happened?

Using devpod with the ssh-provider works nicely for a single user, however when multiple users try to use the same server, permission issues are encountered as files in the /tmp/ directory will be owned by the user who first created a devcontainer.

  1. The first issue occurs when the devpod agent is installed on the server:
    debug Inject Error: Error: failed to install devpod

  2. Above can be circumvented by setting AGENT_PATH=./tmp/devpod/agent to ensure ownership of the agent for each user. However, when adding features to the devcontainer the issue reappears, devpod seemingly does not provide a way to override below path.
    info mkdir /tmp/devpod/features: permission denied

What did you expect to happen instead?
I expect devpod to handle multiple users on the same server by default.

How can we reproduce the bug? (as minimally and precisely as possible)

  1. Create two ssh providers with the same host but for two different users
  2. Create a devpod for the first user, this should work
  3. Create a devpod for the second user, issue1 should occur
  4. Modify the ssh providers with AGENT_PATH=./tmp/devpod/agent and observe that both devpods can now be created
  5. Add a feature to the devcontainer
  6. Create a devpod for the first user, this should work
  7. Create a devpod for the second user, issue2 should occur

Local Environment:

  • DevPod Version: 0.5.4
  • Operating System: linux
  • ARCH of the OS: AMD64

DevPod Provider:

  • Local/remote provider: ssh

Anything else we need to know?
My current workaround is to set both AGENT_PATH in devpod and add TMPDIR to AcceptEnv in the sshd config and have the users pass TMPDIR=~/tmp in their ssh config.
@pascalbreuninger
Copy link
Member

Hey @Freberg, thanks for opening the issue. You're right that hasn't been something we've been looking into so far, we'll investigate

@Freberg
Copy link
Author

Freberg commented Apr 15, 2024
edited
Loading

Hello @pascalbreuninger, thank you for confirming

If anyone else run into this issue, here is my current workaround:

on the server, allow users to set TMPDIR over ssh
sudo sed -i '/^AcceptEnv/ s/$/ TMPDIR/' /etc/ssh/sshd_config

on the client, set both AGENT_PATH and TMPDIR in the provider

 devpod provider add ssh --name <PROVIDER_NAME> \
 -o HOST=<USER>@<HOST> \
 -o AGENT_PATH=./tmp/devpod/agent \
 -o EXTRA_FLAGS='-o "SetEnv=TMPDIR=./tmp"'

@89luca89 89luca89 mentioned this issue May 6, 2024
Merged
@deniseschannon deniseschannon added the bug Something isn't working label May 8, 2024 — with Linear
@deniseschannon deniseschannon removed bug Something isn't working kind/bug labels May 8, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@89luca89 89luca89

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

fix(manifest): use per-user agent path loft-sh/devpod-provider-ssh
4 participants
@89luca89 @deniseschannon @Freberg @pascalbreuninger