Unexpected behavior from user-perms.sh

[derytim]

I noticed some error messages in output from lando rebuild - this is a drupal localdev.
The errors I see are:

php_1        | chown: unknown user/group user:/home
php_1        | chown: unknown user/group user:/home
php_1        | chown: unknown user/group user:/home

I've traced this back to be coming from user-perms.sh.
Looking at the lando logs are interesting:

php_1        | userperms 00:22:19.INFO  ==> Symlinked users .gitconfig.
php_1        | userperms 00:22:19.INFO  ==> Symlinked users known_hosts
php_1        | userperms 00:22:19.INFO  ==> This is a alpine container
php_1        | userperms 00:22:19.INFO  ==> user-perms.sh kicking off as user uid=0(root) gid=0(root) groups=0(root),1(bin),2(daemon),3(sys),4(adm),6(disk),10(wheel),11(floppy),20(dialout),26(tape),27(video)
php_1        | userperms 00:22:19.DEBUG ==> Lando ENVVARS set at
php_1        | userperms 00:22:19.DEBUG ==> 
php_1        | userperms 00:22:19.DEBUG ==> ========================================
php_1        | userperms 00:22:19.DEBUG ==> LANDO_WEBROOT_USER      : user
php_1        | userperms 00:22:19.DEBUG ==> LANDO_WEBROOT_GROUP     : user
php_1        | userperms 00:22:19.DEBUG ==> LANDO_WEBROOT_UID       : 1001
php_1        | userperms 00:22:19.DEBUG ==> LANDO_WEBROOT_GID       : 1001
php_1        | userperms 00:22:19.DEBUG ==> LANDO_HOST_UID          : 1001
php_1        | userperms 00:22:19.DEBUG ==> LANDO_HOST_GID          : 1001
php_1        | userperms 00:22:19.DEBUG ==> ========================================
php_1        | userperms 00:22:19.DEBUG ==> 
php_1        | userperms 00:22:19.INFO  ==> Making sure correct user:group (user:user) exists...
php_1        | userperms 00:22:19.INFO  ==> Remapping ownership to handle docker volume sharing...
php_1        | userperms 00:22:19.INFO  ==> Resetting user:user from 1001:1001 to 1001:1001
php_1        | userperms 00:22:19.INFO  ==> user:user is now running as uid=1001(user) gid=1000(user) groups=1000(user),1000(user)!
php_1        | userperms 00:22:19.INFO  ==> And here. we. go.
php_1        | userperms 00:22:19.INFO  ==> Doing the permission sweep.
php_1        | chown: unknown user/group user:/home
php_1        | chown: unknown user/group user:/home
php_1        | chown: unknown user/group user:/home

The part that really has me scratching my head is:

php_1        | userperms 00:22:19.INFO  ==> Resetting user:user from 1001:1001 to 1001:1001
php_1        | userperms 00:22:19.INFO  ==> user:user is now running as uid=1001(user) gid=1000(user) groups=1000(user),1000(user)!

It looks like the group ID isn't being created or set properly, although I don't know why that would be the case.
I can't instrument ~/.lando/scripts to give me more output, as any changes to scripts there get overwritten.
Thoughts?

[reynoldsalec]

@derytim I'd be interested what the output of the id command is on your host computer and seeing if your user's UID/GID match up to what Lando is trying to set.

The ~/.lando/scripts folder is where the scripts get copied to for the containers to reference them, so any edits you make there will be overwritten. You'd have to run Lando from source to mess around with the scripts themselves.

[reynoldsalec]

LMK if you made any independent progress on this @derytim, know it's a bit long in the tooth (sorry for the late response).

[derytim]

Thanks @reynoldsalec, I had set this down. If I run id on the host system, the UID:GID is 1001:1001 .

[reynoldsalec]

Gotcha, so sounds like Lando is finding those values ok, but something is going wrong when it runs the perm-sweep; my guess is that this logic $(getent group "$LANDO_HOST_GID" | cut -d: -f1) is returning a blank GID in your case for some reason:

core/scripts/user-perms.sh

Line 104 in 811250f

perm_sweep $LANDO_WEBROOT_USER $(getent group "$LANDO_HOST_GID" | cut -d: -f1) $LANDO_RESET_DIR

.

If you lando ssh and then run getent group "1001" | cut -d: -f1, what does it return?

[derytim]

getent group "1001" returns nothing. There's no group with that GID in my container:

$ grep "1001" /etc/group
$ grep "1000" /etc/group
user:x:1000:user

I suspect that the issue is in this block

core/scripts/user-perm-helpers.sh

Lines 17 to 23 in 811250f

	if [ "$DISTRO" = "alpine" ]; then
	if ! groups | grep "$GROUP" > /dev/null 2>&1; then addgroup -g "$GID" "$GROUP" 2>/dev/null; fi
	if ! id -u "$GROUP" > /dev/null 2>&1; then adduser -H -D -G "$GROUP" -u "$UID" "$USER" "$GROUP" 2>/dev/null; fi
	else
	if ! groups | grep "$GROUP" > /dev/null 2>&1; then groupadd --force --gid "$GID" "$GROUP" 2>/dev/null; fi
	if ! id -u "$GROUP" > /dev/null 2>&1; then useradd --gid "$GID" --uid "$UID" $EXTRAS "$USER" 2>/dev/null; fi
	fi;

That's the piece that I don't have visibility into without building Lando from source.

This container is alpine.

[reynoldsalec]

Yeah, given that the group doesn't exist you may be right. Could be worth trying out the addgroup -g "$GID" "$GROUP" command in the container manually to see if they fail.

[derytim]

At this point, the addgroup fails if I try to run it manually (since the group user already exists in the system).
If I run addgroup -g "1001" "usertest", that adds the group as expected.

$ getent group "1001"
usertest:x:1001

Which doesn't really explain why user-perms.sh isn't doing what it says it is doing.