Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[BUG] Commands triggered by virtualenv.managed might not respect the user param #59088

Open
marangonico opened this issue Dec 4, 2020 · 10 comments
Open

[BUG] Commands triggered by virtualenv.managed might not respect the user param #59088

marangonico opened this issue Dec 4, 2020 · 10 comments
Labels
Bug broken, incorrect, or confusing behavior Needs-Testcase PR needs test cases written, or the issue is about a bug/feature that needs test cases severity-medium 3rd level, incorrect or bad functionality, confusing and lacks a work around
Milestone
Approved

Comments

@marangonico
Copy link
Contributor

marangonico commented Dec 4, 2020
edited
Loading

Description
Commands triggered by virtualenv.managed might not respect the user parameter, which result in a pycache folder owned by root, triggering permission issues later on.
This bug is the same as #57550

Setup
Ubuntu 20.04, python 3.7, salt 3002.2

Example of state used:

virtualenv_init:
  virtualenv.managed:
    - venv_bin: virtualenv
    - name: /opt/chimera/env/chimera
    - python: /usr/bin/python3.8
    - distribute: False
    - user: chimera
    - no_chown: True

virtualenv_setup_requirements/production.txt:
  pip.installed:
    - bin_env: /opt/chimera/env/chimera
    - user: chimera
    - no_chown: True
    - requirements: /opt/chimera/chimera/requirements/production.txt

Expected behavior
Execution of the above state is partially executed as root and .pyc files are written as such.
[ERROR ] stderr: ERROR: Could not install packages due to an EnvironmentError: [Errno 13] Permission denied: '/opt/penta/env/chimera/lib/python3.7/site-packages/__pycache__/zipp.cpython-37.pyc' Consider using the --user option or check the permissions.

Versions Report

salt --versions-report (Provided by running salt --versions-report. Please also mention any differences in master/minion versions.) 
Salt Version:
          Salt: 3002.2

Dependency Versions:
          cffi: Not Installed
      cherrypy: Not Installed
      dateutil: 2.7.3
     docker-py: Not Installed
         gitdb: Not Installed
     gitpython: Not Installed
        Jinja2: 2.10.1
       libgit2: Not Installed
      M2Crypto: Not Installed
          Mako: Not Installed
       msgpack: 0.6.2
  msgpack-pure: Not Installed
  mysql-python: Not Installed
     pycparser: Not Installed
      pycrypto: Not Installed
  pycryptodome: 3.6.1
        pygit2: Not Installed
        Python: 3.8.5 (default, Jul 28 2020, 12:59:40)
  python-gnupg: 0.4.5
        PyYAML: 5.3.1
         PyZMQ: 18.1.1
         smmap: Not Installed
       timelib: Not Installed
       Tornado: 4.5.3
           ZMQ: 4.3.2

System Versions:
          dist: ubuntu 20.04 focal
        locale: utf-8
       machine: x86_64
       release: 5.4.0-51-generic
        system: Linux
       version: Ubuntu 20.04 focal
@marangonico marangonico added the Bug broken, incorrect, or confusing behavior label Dec 4, 2020
@welcome
Copy link

welcome bot commented Dec 4, 2020

Hi there! Welcome to the Salt Community! Thank you for making your first contribution. We have a lengthy process for issues and PRs. Someone from the Core Team will follow up as soon as possible. In the meantime, here’s some information that may help as you continue your Salt journey.
Please be sure to review our Code of Conduct. Also, check out some of our community resources including:

There are lots of ways to get involved in our community. Every month, there are around a dozen opportunities to meet with other contributors and the Salt Core team and collaborate in real time. The best way to keep track is by subscribing to the Salt Community Events Calendar.
If you have additional questions, email us at [email protected]. We’re glad you’ve joined our community and look forward to doing awesome things with you!

@marangonico marangonico mentioned this issue Dec 4, 2020
Closed
@sagetherage sagetherage changed the title [BUG] [BUG] Commands triggered by virtualenv.managed might not respect the user param Dec 4, 2020
@Ch3LL Ch3LL added severity-medium 3rd level, incorrect or bad functionality, confusing and lacks a work around and removed needs-triage labels Dec 7, 2020
@Ch3LL Ch3LL added this to the Approved milestone Dec 7, 2020
@sagetherage sagetherage added the Aluminium Release Post Mg and Pre Si label Dec 8, 2020
@sagetherage sagetherage modified the milestones: Approved, Aluminium Dec 8, 2020
@sagetherage sagetherage added Needs-Testcase PR needs test cases written, or the issue is about a bug/feature that needs test cases Silicon v3004.0 Release code name status-to-do and removed Aluminium Release Post Mg and Pre Si status-in-prog labels Dec 11, 2020
@sagetherage sagetherage modified the milestones: Aluminium, Silicon Dec 11, 2020
@krionbsd
Copy link
Contributor

krionbsd commented Jan 5, 2021

@marangonico did you check permissions on pycache dir before executing the state?

@marangonico
Copy link
Contributor Author

marangonico commented Jan 5, 2021
edited
Loading

@marangonico did you check permissions on pycache dir before executing the state?

IIRC, yes... but it was a month ago, I cannot be sure. ¯\(ツ)

@mced
Copy link

mced commented Jan 8, 2021

@krionbsd I've just tested few minutes and I confirm that the virtualenv created with saltstack has root permissions on __pycache__ directory and not user's one...

/home/django/app:
  virtualenv.managed:
    - cwd: /home/django/app
    - requirements: /home/django/app/requirements.txt
    - user: django
    - python: /usr/bin/python3.8

Maybe @waynew would have an insight on how to fix that bug ?

@kornpow
Copy link

kornpow commented Jun 23, 2021

This is still an issue for me
salt 3002.6
Ubuntu 20.04

@noelmcloughlin
Copy link
Contributor

noelmcloughlin commented Jul 7, 2021
edited
Loading

salt 3003.1
Ubuntu 20.04 py 3.8
deleting the _pycache and passing " - env_vars: { PYTHONDONTWRITEBYTECODE: 1} " arg did not help

@noelmcloughlin noelmcloughlin mentioned this issue Jul 8, 2021
Open
@sagetherage sagetherage modified the milestones: Silicon, Approved Aug 12, 2021
@sagetherage sagetherage removed the Silicon v3004.0 Release code name label Aug 12, 2021
@noelmcloughlin
Copy link
Contributor

Combining runas: myuser with user: myuser fixed the issue for me on Ubuntu 20.04.
It took some time to discover that because runas is undocumented at virtualenv.managed

@noelmcloughlin noelmcloughlin mentioned this issue Sep 3, 2021
Merged
19 tasks
@ghost
Copy link

ghost commented Jan 18, 2023

Noting this bug persists in Ubuntu 22.04 too.
The runas workaround above fixed this for me.

@Vringe
Copy link

Vringe commented Jun 6, 2023

Still a problem with 3005.1..

@DasSkelett
Copy link

It looks like there was some work on this in #59089, which would need to be picked up again

@DasSkelett DasSkelett mentioned this issue Mar 12, 2024
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
Bug broken, incorrect, or confusing behavior Needs-Testcase PR needs test cases written, or the issue is about a bug/feature that needs test cases severity-medium 3rd level, incorrect or bad functionality, confusing and lacks a work around
Projects
None yet
Milestone
Approved
Development

Successfully merging a pull request may close this issue.

adds user and cwd params to pip.version execution penta-srl/salt
9 participants
@kornpow @marangonico @Ch3LL @mced @Vringe @noelmcloughlin @krionbsd @DasSkelett @sagetherage