From daf5628ca74e554b43b6a7858c0e8d1c3e06f871 Mon Sep 17 00:00:00 2001 From: steiler Date: Thu, 26 Oct 2023 10:47:04 +0200 Subject: [PATCH 1/4] As a final step of the deployment ownership of the lab dir are adjusted to : --- cmd/deploy.go | 5 +++++ utils/file.go | 41 +++++++++++++++++++++++++++++++++++++++++ 2 files changed, 46 insertions(+) diff --git a/cmd/deploy.go b/cmd/deploy.go index fded27c1a..641371c52 100644 --- a/cmd/deploy.go +++ b/cmd/deploy.go @@ -306,6 +306,11 @@ func deployFn(_ *cobra.Command, _ []string) error { // log new version availability info if ready newVerNotification(vCh) + err = utils.RecursiveAdjustUIDAndGUID(c.TopoPaths.TopologyLabDir()) + if err != nil { + log.Infof("error adjusting LabDir permissions: %v. Continuing anyways", err) + } + // print table summary return printContainerInspect(containers, deployFormat) } diff --git a/utils/file.go b/utils/file.go index eefa4ad00..c73e3a9d4 100644 --- a/utils/file.go +++ b/utils/file.go @@ -17,6 +17,7 @@ import ( "os/exec" "os/user" "path/filepath" + "strconv" "strings" log "github.com/sirupsen/logrus" @@ -301,3 +302,43 @@ func FileLines(path, commentStr string) ([]string, error) { return lines, nil } + +// RecursiveAdjustUIDAndGUID tries to changes the UID and GID +// of the given path recursively to value taken from +// SUDO_UID and SUDO_GID. Which should reflect be the non-root +// user that called clab via sudo. +func RecursiveAdjustUIDAndGUID(fsPath string) error { + userId, isSet := os.LookupEnv("SUDO_UID") + if !isSet { + return fmt.Errorf("unable to adjust UID and GUI for %q. SUDO_UID not set", fsPath) + } + groupId, isSet := os.LookupEnv("SUDO_GID") + if !isSet { + return fmt.Errorf("unable to retrieve GID. will only adjust UID for %q", fsPath) + } + + intUserId, err := strconv.Atoi(userId) + if err != nil { + return fmt.Errorf("unable to convert SUDO_UID %q to int", userId) + } + intGroupId, err := strconv.Atoi(groupId) + if err != nil { + return fmt.Errorf("unable to convert SUDO_GID %q to int", groupId) + } + + err = chownR(fsPath, intUserId, intGroupId) + if err != nil { + return err + } + return nil +} + +// chownR function to recursively change User and Group +func chownR(path string, uid, gid int) error { + return filepath.Walk(path, func(name string, info os.FileInfo, err error) error { + if err == nil { + err = os.Chown(name, uid, gid) + } + return err + }) +} From 083bf3c74f18082ecd3b1e0e6a4733fa33817d58 Mon Sep 17 00:00:00 2001 From: Roman Dodin Date: Sun, 29 Oct 2023 06:36:07 +0200 Subject: [PATCH 2/4] vars brush up and comments --- cmd/deploy.go | 3 ++- utils/file.go | 32 ++++++++++++++++++-------------- 2 files changed, 20 insertions(+), 15 deletions(-) diff --git a/cmd/deploy.go b/cmd/deploy.go index 641371c52..1a1287c4d 100644 --- a/cmd/deploy.go +++ b/cmd/deploy.go @@ -306,7 +306,8 @@ func deployFn(_ *cobra.Command, _ []string) error { // log new version availability info if ready newVerNotification(vCh) - err = utils.RecursiveAdjustUIDAndGUID(c.TopoPaths.TopologyLabDir()) + // setting uid/gid of a calling user to the lab directory + err = utils.SetUIDAndGID(c.TopoPaths.TopologyLabDir()) if err != nil { log.Infof("error adjusting LabDir permissions: %v. Continuing anyways", err) } diff --git a/utils/file.go b/utils/file.go index c73e3a9d4..825fa1008 100644 --- a/utils/file.go +++ b/utils/file.go @@ -303,42 +303,46 @@ func FileLines(path, commentStr string) ([]string, error) { return lines, nil } -// RecursiveAdjustUIDAndGUID tries to changes the UID and GID -// of the given path recursively to value taken from +// SetUIDAndGID changes the UID and GID +// of the given path recursively to the values taken from // SUDO_UID and SUDO_GID. Which should reflect be the non-root // user that called clab via sudo. -func RecursiveAdjustUIDAndGUID(fsPath string) error { - userId, isSet := os.LookupEnv("SUDO_UID") +func SetUIDAndGID(fsPath string) error { + uid, isSet := os.LookupEnv("SUDO_UID") if !isSet { - return fmt.Errorf("unable to adjust UID and GUI for %q. SUDO_UID not set", fsPath) + return errors.New("failed to lookup SUDO_UID env var") } - groupId, isSet := os.LookupEnv("SUDO_GID") + + gid, isSet := os.LookupEnv("SUDO_GID") if !isSet { - return fmt.Errorf("unable to retrieve GID. will only adjust UID for %q", fsPath) + return errors.New("failed to lookup SUDO_GID env var") } - intUserId, err := strconv.Atoi(userId) + iUID, err := strconv.Atoi(uid) if err != nil { - return fmt.Errorf("unable to convert SUDO_UID %q to int", userId) + return fmt.Errorf("unable to convert SUDO_UID %q to int", uid) } - intGroupId, err := strconv.Atoi(groupId) + + iGID, err := strconv.Atoi(gid) if err != nil { - return fmt.Errorf("unable to convert SUDO_GID %q to int", groupId) + return fmt.Errorf("unable to convert SUDO_GID %q to int", gid) } - err = chownR(fsPath, intUserId, intGroupId) + err = recursiveChown(fsPath, iUID, iGID) if err != nil { return err } + return nil } -// chownR function to recursively change User and Group -func chownR(path string, uid, gid int) error { +// recursiveChown function recursively chowns a path. +func recursiveChown(path string, uid, gid int) error { return filepath.Walk(path, func(name string, info os.FileInfo, err error) error { if err == nil { err = os.Chown(name, uid, gid) } + return err }) } From 6843bd54f6b856783eb9b9939d89966294e8b58f Mon Sep 17 00:00:00 2001 From: Roman Dodin Date: Sun, 29 Oct 2023 07:09:30 +0200 Subject: [PATCH 3/4] do not raise error on missing sudo_uid this will be used to check if root user is running clab --- cmd/version.go | 2 +- utils/file.go | 6 +++++- 2 files changed, 6 insertions(+), 2 deletions(-) diff --git a/cmd/version.go b/cmd/version.go index c12694871..364994b89 100644 --- a/cmd/version.go +++ b/cmd/version.go @@ -99,7 +99,7 @@ func newVerNotification(vc chan string) { case ver, ok := <-vc: if ok { relSlug := docsLinkFromVer(ver) - log.Infof("🎉 New containerlab version %s is available! Release notes: https://containerlab.dev/rn/%s\nRun 'containerlab version upgrade' to upgrade or go check other installation options at https://containerlab.dev/install/\n", ver, relSlug) + log.Infof("🎉 New containerlab version %s is available! Release notes: https://containerlab.dev/rn/%s\nRun 'sudo containerlab version upgrade' to upgrade or go check other installation options at https://containerlab.dev/install/\n", ver, relSlug) } default: return diff --git a/utils/file.go b/utils/file.go index 825fa1008..c2fa73e63 100644 --- a/utils/file.go +++ b/utils/file.go @@ -308,9 +308,13 @@ func FileLines(path, commentStr string) ([]string, error) { // SUDO_UID and SUDO_GID. Which should reflect be the non-root // user that called clab via sudo. func SetUIDAndGID(fsPath string) error { + // here we trust sudo to set up env variables + // a missing SUDO_UID env var indicates the root user + // runs clab without sudo uid, isSet := os.LookupEnv("SUDO_UID") if !isSet { - return errors.New("failed to lookup SUDO_UID env var") + // nothing to do, already running as root + return nil } gid, isSet := os.LookupEnv("SUDO_GID") From 05714c5cbba0713b6be336c475955a839c2994a6 Mon Sep 17 00:00:00 2001 From: Roman Dodin Date: Sun, 29 Oct 2023 07:27:45 +0200 Subject: [PATCH 4/4] testing with disabled podman pipeline --- .github/workflows/cicd.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/cicd.yml b/.github/workflows/cicd.yml index b53f30b16..5b197db69 100644 --- a/.github/workflows/cicd.yml +++ b/.github/workflows/cicd.yml @@ -306,7 +306,7 @@ jobs: matrix: runtime: - "docker" - - "podman" + # - "podman" needs: - unit-test - staticcheck