Ignition: When a file is created, parent dir is still owned by "root"

When creating a file like this:

    - path: /home/guest/.config/containers/storage.conf
      mode: 0500
      user:
        name: guest
      group:
        name: guest
      append:
        - local: /podman/rootless_storage.conf

storage.conf is indeed owned by “guest”.
However, /home/guest/.config and /home/guest/.config/containers are created and owned by root.

Is this the expected behavior?
When creating a file with user “guest”, I would expect the path to be owned by “guest” by default if it doesn’t exist yet.

In this case, for example, it would cause rootless Podman to fail:

Error: error opening "/home/guest/.config/cni/net.d/cni.lock": creating locker directory: mkdir /home/guest/.config/cni: permission denied

(A workaround is to create the parent directories explicitly with user “guest”)

Yes, that’s the expected behavior. Ignition doesn’t assume that any missing directories should be created with the same owner/group (and, of course, can’t assume that they should be created with the same mode), so it uses defaults. If you want to set the properties of the containing directory, you should declare the directory explicitly.

I admit, I find this a bit tedious too. For example:

It’d make sense to add some Butane sugar to create a stack of directories with particular ownership/perms. There’d need to be some syntax for specifying the base dir, though. E.g. in the example above, we wouldn’t want to make /home owned by builder.

Filed a Butane RFE.

Filed Example for non root ownership for files & parent dirs · Issue #441 · coreos/fedora-coreos-docs · GitHub to remember writing an example in the docs.