Fedora CoreOS ignition 'nested directories' and permissions issue

minWi · February 17, 2022, 3:44pm

I’ve created a systemd unit as a user in my ignition file successfully… but the ~/.config folder created as

  directories:
    - path: /home/core/.config/systemd/user/default.target.wants
      mode: 0744
      user:
        name: core
      group:
        name: core

is owner by the root user instead of the core user… which makes things difficult such as creating a toolbox container as the core user doesn’t have permissions…

$ toolbox create
Error: failed to create configuration directory
$ ls -la
total 16
drwx------. 6 core core 138 Feb 17 16:33 .
drwxr-xr-x. 3 root root  18 Feb 17 16:30 ..
-rw-r--r--. 1 core core  18 Feb 15 05:03 .bash_logout
-rw-r--r--. 1 core core 141 Feb 15 05:03 .bash_profile
-rw-r--r--. 1 core core 492 Feb 15 05:03 .bashrc
drwxr-xr-x. 3 root root  21 Feb 17 16:30 .config

Shall I create all the folders individually instead?

  directories:
    - path: /home/core/.config/
      mode: 0744
      user:
        name: core
      group:
        name: core
    - path: /home/core/.config/systemd/
      mode: 0744
      user:
        name: core
      group:
        name: core
    - path: /home/core/.config/systemd/user/
      mode: 0744
      user:
        name: core
      group:
        name: core
    - path: /home/core/.config/systemd/user/default.target.wants
      mode: 0744
      user:
        name: core
      group:
        name: core

It seems a little bit dirty

Thanks.

eriksjolund · February 20, 2022, 6:35am

Shall I create all the folders individually instead?

Yes, I believe so.

I opened up a GitHub Issue

github.com/coreos/fedora-coreos-docs

user-level systemd unit example: /home/sleeper/.config is owned by root

opened 10:25PM - 17 Feb 22 UTC

closed 08:04AM - 20 Sep 22 UTC

eriksjolund

bug good first issue

Regarding the example https://docs.fedoraproject.org/en-US/fedora-coreos/tuto…rial-user-systemd-unit-on-boot/#_writing_the_butane_config_and_converting_to_ignition ``` variant: fcos version: 1.4.0 passwd: users: - name: core ssh_authorized_keys: - ssh-rsa ... - name: sleeper storage: directories: - path: /home/sleeper/.config/systemd/user/default.target.wants mode: 0744 user: name: sleeper group: name: sleeper files: - path: /var/lib/systemd/linger/sleeper mode: 0644 - path: /home/sleeper/.config/systemd/user/linger-example.service mode: 0755 contents: inline: | [Unit] Description=A systemd user unit demo After=network-online.target Wants=network-online.target [Service] ExecStart=/usr/bin/sleep infinity user: name: sleeper group: name: sleeper links: - path: /home/sleeper/.config/systemd/user/default.target.wants/linger-example.service user: name: sleeper group: name: sleeper target: /home/sleeper/.config/systemd/user/linger-example.service hard: false ``` The butane configuration does not explicitly create _/home/sleeper/.config_. That leads to the directory being owned by root. ``` [esjolund@laptop fedora-coreos-docs]$ ssh -p 2222 -o NoHostAuthenticationForLocalhost=true core@127.0.0.1 Fedora CoreOS 35.20220213.1.0 Tracker: https://github.com/coreos/fedora-coreos-tracker Discuss: https://discussion.fedoraproject.org/tag/coreos [core@localhost ~]$ sudo -i [root@localhost ~]# ls -ld /home/sleeper/.config/ drwxr-xr-x. 3 root root 21 Feb 17 22:18 /home/sleeper/.config/ [root@localhost ~]# ``` The directory should instead be owned by _sleeper:sleeper_

as I experienced the same thing when I followed the instructions in

I wonder if some warning could be added to butane so that
running butane --strict would fail whenever there are missing
directories in the butane file?

$ butane --help | grep strict
  -s, --strict             fail on any warning

Another idea:
Maybe there could also be an install mode for ignition that would never create,
missing directories?

minWi · February 21, 2022, 10:49am

Thanks for opening the issue!
Maybe something like nested can be enabled at path level, so all the folders created inherit those permissions:

    - path: /home/core/.config/systemd/user/default.target.wants
      mode: 0744
      nested: true

Topic		Replies	Views
Ignition: When a file is created, parent dir is still owned by "root" Project Discussion coreos-wg	5	599	August 9, 2022
Systemd Unit breaks Ignition without errors Project Discussion coreos-wg	1	385	July 1, 2020
Queries about Ignition file Project Discussion coreos-wg	2	339	June 10, 2020
CoreOS Layering: User files in var Ask Fedora coreos-wg , coreos	7	3540	January 26, 2024
Toolbox not working after fresh installation Project Discussion coreos-wg	6	1190	August 14, 2020

Fedora CoreOS ignition 'nested directories' and permissions issue

Related topics