container's /home/ubuntu/ spawns with incorrect permissions, preventing SSH access
| Affects | Status | Importance | Assigned to | Milestone | |
|---|---|---|---|---|---|
| lxc (Ubuntu) |
Fix Released
|
Undecided
|
Unassigned | ||
Bug Description
agent-version: 1.15.0.1
ii juju-core 1.15.0-
ii juju-local 1.14.1-
Attempting to use the local provider, I find that I cannot ssh to new containers, failing public key authentication. Poking around on the host in the rootfs directroy for the container (/var/lib/
Oct 7 20:19:22 ubuntu-
$ ls -lh /var/lib/
total 4.0K
drwxr-xr-x 3 ubuntu ubuntu 4.0K Oct 7 20:17 ubuntu
$ ls -lha /var/lib/
total 24K
drwxr-xr-x 3 ubuntu ubuntu 4.0K Oct 7 20:17 .
drwxr-xr-x 3 root root 4.0K Oct 3 07:06 ..
-rw-r--r-- 1 ubuntu ubuntu 220 Apr 3 2012 .bash_logout
-rw-r--r-- 1 ubuntu ubuntu 3.5K Apr 3 2012 .bashrc
-rw-r--r-- 1 ubuntu ubuntu 675 Apr 3 2012 .profile
drwx------ 2 sower sower 4.0K Oct 7 20:17 .ssh
$ sudo ls -lha /var/lib/
total 12K
drwx------ 2 sower sower 4.0K Oct 7 20:17 .
drwxr-xr-x 3 ubuntu ubuntu 4.0K Oct 7 20:17 ..
-rw------- 1 sower sower 381 Oct 7 20:17 authorized_keys
The sower user is a user on the host system with uid 1000. I am using juju as the ubuntu user (uid 1001). With the exception of /home/ubuntu/.ssh/, it looks like /home/ubuntu ends up with incorrect ownership. Manually changing ownership of the directory and its contents to uid 1000 on from the host allows me to SSH in.
Related branches
| affects: | juju → juju-core |
| tags: | added: theme-oil |
| affects: | juju-core → lxc |
| affects: | ubuntu (Ubuntu) → lxc (Ubuntu) |
| Scott Moser (smoser) wrote | #1 |
| no longer affects: | lxc |
| Changed in lxc (Ubuntu): | |
| status: | New → Fix Released |
For reference, to reproduce this, launch an instance of saucy with this user-data:
#cloud-config
system_info:
default_user:
name: smoser
ssh into instance, then add a 'ubuntu' user. That new ubuntu user should get uid '1001' (anything other than 1000 is needed to show the problem).
Then,
$ id -u; whoami
1000
smoser
$ id -u ubuntu
1001
$ sudo lxc-create -t ubuntu-cloud -n precise-source -- --release=precise
$ sudo lxc-create -t ubuntu-cloud -n lucid-source -- --release=lucid
# verify the home dir has correct ownership wrt the /etc/passwd inside the image
$ ls --numeric-uid-gid -d /var/lib/
drwxr-xr-x 2 1000 1000 4096 Oct 3 07:06 /var/lib/
$ grep ubuntu /var/lib/
ubuntu:
$ ls --numeric-uid-gid -d /var/lib/
drwxr-xr-x 2 1000 1000 4096 Oct 7 03:05 /var/lib/
$ grep "ubuntu" /var/lib/
ubuntu:
$ sudo lxc-clone --snapshot -B overlayfs -o precise-source -n test1 -- --auth-
$ sudo lxc-start --daemon --name test1
$ sudo lxc-ls --fancy --fancy-
IPV4
----------
10.0.3.252
$ ssh ubuntu@10.0.3.252 "echo It worked"
The authenticity of host '10.0.3.252 (10.0.3.252)' can't be established.
ECDSA key fingerprint is 3d:e8:79:
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '10.0.3.252' (ECDSA) to the list of known hosts.
It worked