** Description changed: [Impact] * In order to use the microk8s snap in Ubuntu Core, one currently needs to be root. This is far from optimal, since normally (on desktop and server installations) this is not necessary. * This make it hard to provide consistent documentation on microk8s across all supported device, if we have to take the "sudo" command into account, and how file permissions for generated files might be affected. [Test Plan] The issue can be reproduced on Ubuntu Core 18, 20 and 22. The steps are as following (replace "<uc.img>" with the actual path of your Ubuntu Core image file: - qemu-system-x86_64 -enable-kvm -smp 2 -m 1500 \ - -netdev user,id=mynet0,hostfwd=tcp::8022-:22,hostfwd=tcp::8090-:80 \ - -device virtio-net-pci,netdev=mynet0 \ - -drive file=<uc.img>,format=raw + qemu-system-x86_64 -enable-kvm -smp 2 -m 1500 \ + -netdev user,id=mynet0,hostfwd=tcp::8022-:22,hostfwd=tcp::8090-:80 \ + -device virtio-net-pci,netdev=mynet0 \ + -drive file=<uc.img>,format=raw - <to be continued> + After configuring your account, connect to youd device via SSH: + ssh <user>@localhost -p 8022 + + And issue these commands + + sudo snap install microk8s --channel=latest/edge/stable + + # microk8s is going to eat up all your disk space, so stop it as soon + # as the prompt comes back: + sudo microk8s stop + + # Add your user to the microk8s group + sudo usermod -G snap_microk8s $(whoami) + + The last command will fail unless this bug is fixed. If the bug is + fixed, the command will succeed, and after logging out and in again, you + can verify that you've been added to the snap_microk8s group by running + the "groups" command. + + + [Where problems could occur] + + * The patch only touches error code paths and adds a fallback mechanism + in them. Therefore, "normal" operations, where these commands would have + succeeded before, will not be affected at all. + + * In those cases when usermod fails because it failed to find or load + the requested user/group, we reset the user/group database paths to our + writable user/group databases, and retry the operation. Note that the + path for our database is hardcoded in the program source, so the + security risk seems contained. We do not add additional command-line + parameters. + + + [Other Info] Original bug description ======================== Currently doing something like: sudo usermod -a -G snap_microk8s dbeamonte on a Ubuntu Core system will fail with usermod: /etc/group.15965: Read-only file system This is because the existing usermod patches to detect the extrausers file do not cover this case. Attached a simple patch that enables it. I will give this patch a test run in our image PPA for jammy and if things look good I would like upload to 22.04 and SRU for 20.04 and 18.04.
-- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to shadow in Ubuntu. https://bugs.launchpad.net/bugs/1959375 Title: [SRU] Please support group manipulation with "extrausers" Status in shadow package in Ubuntu: New Status in shadow source package in Bionic: New Status in shadow source package in Focal: New Status in shadow source package in Impish: Won't Fix Status in shadow source package in Jammy: New Bug description: [Impact] * In order to use the microk8s snap in Ubuntu Core, one currently needs to be root. This is far from optimal, since normally (on desktop and server installations) this is not necessary. * This make it hard to provide consistent documentation on microk8s across all supported device, if we have to take the "sudo" command into account, and how file permissions for generated files might be affected. [Test Plan] The issue can be reproduced on Ubuntu Core 18, 20 and 22. The steps are as following (replace "<uc.img>" with the actual path of your Ubuntu Core image file: qemu-system-x86_64 -enable-kvm -smp 2 -m 1500 \ -netdev user,id=mynet0,hostfwd=tcp::8022-:22,hostfwd=tcp::8090-:80 \ -device virtio-net-pci,netdev=mynet0 \ -drive file=<uc.img>,format=raw After configuring your account, connect to youd device via SSH: ssh <user>@localhost -p 8022 And issue these commands sudo snap install microk8s --channel=latest/edge/stable # microk8s is going to eat up all your disk space, so stop it as soon # as the prompt comes back: sudo microk8s stop # Add your user to the microk8s group sudo usermod -G snap_microk8s $(whoami) The last command will fail unless this bug is fixed. If the bug is fixed, the command will succeed, and after logging out and in again, you can verify that you've been added to the snap_microk8s group by running the "groups" command. [Where problems could occur] * The patch only touches error code paths and adds a fallback mechanism in them. Therefore, "normal" operations, where these commands would have succeeded before, will not be affected at all. * In those cases when usermod fails because it failed to find or load the requested user/group, we reset the user/group database paths to our writable user/group databases, and retry the operation. Note that the path for our database is hardcoded in the program source, so the security risk seems contained. We do not add additional command-line parameters. [Other Info] Original bug description ======================== Currently doing something like: sudo usermod -a -G snap_microk8s dbeamonte on a Ubuntu Core system will fail with usermod: /etc/group.15965: Read-only file system This is because the existing usermod patches to detect the extrausers file do not cover this case. Attached a simple patch that enables it. I will give this patch a test run in our image PPA for jammy and if things look good I would like upload to 22.04 and SRU for 20.04 and 18.04. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/shadow/+bug/1959375/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
