cloud-init

write_files defer not using ownership for new folders

Bug #1990513 reported by jlanzac
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
cloud-init
Fix Released
High
Unassigned

Bug Description

I would like to point out what I consider is a bug.
If the folder where the file is created exists, the file is created with the appropriate ownership. However if it doesn't exists, the file is created with the proper ownership while the folder is with root ownership.

In my case the default user is called ubuntu ;)

write_files:
  - path: /home/ubuntu/.help/file-in.txt
    content: |
      hi in
    owner: 'ubuntu:ubuntu'
    permissions: '0644'
    defer: true
  - path: /home/ubuntu/file-out.txt
    content: |
      hi out
    owner: 'ubuntu:ubuntu'
    permissions: '0644'
    defer: true

After running everthing:

ubuntu@mycomputer:~$ ls -alrt file.out
-rw-r--r-- 5 ubuntu ubuntu 6 Sep 22 10:44 file-out.txt
ubuntu@mycomputer:~$ ls -alrt .help
drwxr-xr-x 3 root root 4096 Sep 22 2022 .help
ubuntu@mycomputer:~$ ls -alrt .help/file-in.txt
-rw-r--r-- 5 ubuntu ubuntu 7 Sep 22 10:44 file-out.txt

I guess the correct way should be to inherit the ownership for the folder as well, unless pointed out in another way.

What do you think?

Tags: bitesize
Revision history for this message
Alberto Contreras (aciba) wrote :

Thanks for the report, jlanzac.

I have reproduced the case and I think inheriting the ownership for newly required created folders is what the user would expect.

Changed in cloud-init:
status: New → Triaged
importance: Undecided → Medium
Revision history for this message
shixuantong (sxt1001) wrote :

So, is there a plan to fix it?
In addition, if the folder for the created file does not exist, we need to have the appropriate permissions to create the folder. When we config write_files, should we ensure that the directory must exist?

Revision history for this message
shixuantong (sxt1001) wrote :

If you need to create a directory, we can use the same permission as the new file.

Revision history for this message
James Falcon (falcojr) wrote :

While this is a bug to be fixed, this is not on the upstream's team's roadmap for the immediate future. That may change if it proves to be a significant issue for multiple people. Contributions are always welcome too!

tags: added: bitesize
James Falcon (falcojr)
Changed in cloud-init:
importance: Medium → High
Revision history for this message
Jack Zhang (zhan9san) wrote :

I am glad to fix it.

Revision history for this message
Alberto Contreras (aciba) wrote :

zhan9san, thanks for helping to make cloud-init better. Please, refer to cloud-init's development documentation[1] and submit a PR.

If you have any question, the #cloud-init IRC channel on Libera is available for a more dynamic interaction.

[1] https://cloudinit.readthedocs.io/en/latest/development/index.html

Revision history for this message
Jack Zhang (zhan9san) wrote :

Hi

Would it be possible to add a new module to handle the directory feature?
Proposed new module name is 'File'.

I tried to add 'chownbyname' in 'ensure_dir' method directly, which will only change the ownership for parent directory only.

But I have some concerns.

As 'os.makedirs' will create directories recursively by default, we can not easily know which of them are newly created. So there would introduce much more logic to detect which directories is newly created and which exist already.

e.g.

- path: /home/ubuntu/foo/bar/baz/file-in.txt

We have to check whether all '/home/ubuntu/foo/bar/baz', '/home/ubuntu/foo/bar' and '/home/ubuntu/foo' exist. If all of them don't exist, we have to change ownership for all of them.

It is inspired by shixuantong (sxt1001)'s idea. If so, users have to ensure the directory exists first via 'file' module and then write out arbitrary content to files via 'Write Files' module.

Reference:
https://github.com/canonical/cloud-init/blob/94a00492b11995dd9278605eb29ee4b096ce3a90/cloudinit/util.py#L1795
https://docs.ansible.com/ansible/latest/collections/ansible/builtin/file_module.html#parameter-recurse

Revision history for this message
Alberto Contreras (aciba) wrote : Fixed in cloud-init version 23.1.

This bug is believed to be fixed in cloud-init in version 23.1. If this is still a problem for you, please make a comment and set the state back to New

Thank you.

Changed in cloud-init:
status: Triaged → Fix Released
Revision history for this message
James Falcon (falcojr) wrote :

Tracked in Github Issues as https://github.com/canonical/cloud-init/issues/4023

To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.