Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

multipass exec yields unexpected result when command invoked uses sudo #3933

Open
jnsgruk opened this issue Feb 12, 2025 · 5 comments · May be fixed by #3959
Open

multipass exec yields unexpected result when command invoked uses sudo #3933

jnsgruk opened this issue Feb 12, 2025 · 5 comments · May be fixed by #3959
Labels
bug needs triage Issue needs to be triaged

Comments

@jnsgruk
Copy link
Member

jnsgruk commented Feb 12, 2025

Describe the bug
If I run a command with multipass exec that involves sudo, the SUDO_ environemnt variables inside the machine are not as I would expect

To Reproduce

multipass exec juju-dev -- sudo env | grep SUDO_
SUDO_COMMAND=/usr/bin/env
SUDO_USER=root
SUDO_UID=0
SUDO_GID=0

Expected behavior
I would expect the SUDO_USER to be set to ubuntu, SUDO_UID to 1000, etc. If multipass shell is used, that is the case:

multipass shell juju-dev

ubuntu@juju-dev:~$ sudo env | grep SUDO_
SUDO_COMMAND=/usr/bin/env
SUDO_USER=ubuntu
SUDO_UID=1000
SUDO_GID=1000

Logs
Please provide logs from the daemon, see accessing logs on where to find them on your platform.

Additional info

  • OS: Ubuntu 24.10
  • CPU architecture or model: amd64
  • multipass version: 1.15.0
  • multipass info:
multipass info
Name:           juju-dev
State:          Running
Snapshots:      0
IPv4:           10.61.201.101
                10.77.151.1
                10.1.0.60
Release:        Ubuntu 24.04.1 LTS
Image hash:     28d2f9df3ac0 (Ubuntu 24.04 LTS)
CPU(s):         2
Load:           1.06 1.09 0.83
Disk usage:     11.4GiB out of 48.4GiB
Memory usage:   2.2GiB out of 3.8GiB
Mounts:         /home/jon => /home/ubuntu/jon
                    UID map: 1000:default
                    GID map: 1000:default
  • multipass get local.driver: qemu

Additional context

First reported here: jnsgruk/concierge#37
cc @omar-selo
@jnsgruk jnsgruk added bug needs triage Issue needs to be triaged labels Feb 12, 2025
@jnsgruk jnsgruk mentioned this issue Feb 12, 2025
Closed
@levkropp
Copy link
Contributor

Hey @jnsgruk,

We've been able to reproduce this issue and have identified the cause. It appears that when the home directory (~) is mounted using multipass launch ... --mount ., multipass exec results in SUDO_USER=root, SUDO_UID=0, and SUDO_GID=0 instead of the expected values. However, when the home directory is not mounted, or if a subdirectory inside the home folder is mounted (e.g., ~/tmp instead of ~), the issue does not occur.

Minimal Reproducible Example

This fails (produces incorrect SUDO_ values):

multipass launch noble --disk 50G --memory 4G --cpus 2 --mount . --name juju-dev
multipass exec juju-dev -- sudo env | grep SUDO_

Output:

SUDO_COMMAND=/usr/bin/env
SUDO_USER=root
SUDO_UID=0
SUDO_GID=0

This works (produces expected SUDO_ values):

multipass launch noble --disk 50G --memory 4G --cpus 2 --mount ~/tmp --name juju-dev
multipass exec juju-dev -- sudo env | grep SUDO_

Output:

SUDO_COMMAND=/usr/bin/env
SUDO_USER=ubuntu
SUDO_UID=1000
SUDO_GID=1000

Since concierge relies on SUDO_USER to determine the real user (as noted in concierge issue #37), this behavior in multipass exec is likely causing concierge to run as root instead of ubuntu.

We’re actively investigating the root cause right now, but in the meantime, mounting a subdirectory (e.g., ~/tmp) instead of the entire home folder (~) appears to avoid the issue. Would this workaround be acceptable for concierge’s use case, or does concierge require /home/user to be mounted as a whole?

@jnsgruk
Copy link
Member Author

jnsgruk commented Feb 12, 2025

Concierge itself has no requirement for any mounts 😃

I have that example as it was what was reported by @omar-selo - I'm sure he'll appreciate knowing this workaround while you look into the cause 😃

Thank you!

@tonyandrewmeyer tonyandrewmeyer mentioned this issue Feb 12, 2025
Closed
@omar-selo
Copy link

Thank you for looking into this @levkropp & @jnsgruk.

I've tested the workaround and found that we missed something. Specifically, the issue does not occur when the mounted directory is the home directory. Instead, it occurs when the mounted directory is ., irrelevant of what directory that is. For instance, you can try the following:

  1. cd ~
  2. mkdir tmp
  3. cd tmp
  4. multipass launch noble --disk 50G --memory 4G --cpus 2 --mount . --name juju-dev
  5. multipass exec juju-dev -- sudo env | grep SUDO_

Which will output:

SUDO_COMMAND=/usr/bin/env
SUDO_USER=root
SUDO_UID=0
SUDO_GID=0

@omar-selo
Copy link

omar-selo commented Feb 13, 2025
edited
Loading

Ah looks like I was wrong. The issue is yet something else. If you run multipass exec juju-dev -- sudo env | grep SUDO_ inside the directory that you mounted or any of the sub-directories, then the issue occurs.

For instance:

  1. cd ~
  2. mkdir tmp
  3. multipass launch noble --disk 50G --memory 4G --cpus 2 --mount tmp --name juju-dev
  4. multipass exec juju-dev -- sudo env | grep SUDO_ shows correct result
  5. cd tmp
  6. multipass exec juju-dev -- sudo env | grep SUDO_ shows incorrect result

@ricab
Copy link
Collaborator

ricab commented Feb 13, 2025

Well spotted @omar-selo. So this is being caused by the directory mapping. If I just opt out of that, I don't get the issue any more:

$ multipass mount tmp/ nourished-flamingo
$ cd tmp/
$ multipass exec nourished-flamingo -- sudo env | grep SUDO_
SUDO_COMMAND=/usr/bin/env
SUDO_USER=root
SUDO_UID=0
SUDO_GID=0
$ multipass exec -n nourished-flamingo -- sudo env | grep SUDO_
SUDO_COMMAND=/usr/bin/env
SUDO_USER=ubuntu
SUDO_UID=1000
SUDO_GID=1000

This was referenced Feb 25, 2025
Closed
Draft
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug needs triage Issue needs to be triaged
Projects
None yet
Milestone
No milestone
4 participants
@jnsgruk @omar-selo @ricab @levkropp