From c64ea4f213afebd1602d05cdd4d5bc14eaf5356b Mon Sep 17 00:00:00 2001 From: yatinkarel Date: Wed, 20 Apr 2022 12:30:09 +0530 Subject: [PATCH] Fix doc and user create script to set homedir permissions RHEL based distros set homedir permissions to 700, and Ubuntu 21.04+ to 750[1], i.e missing executable permission for group or others, this results into failures as defined in the below bug. Since in doc we add useradd command, it's good to add instructions to fix the permissions there itself instead of getting failures during installation and then fixing it. Also update user create script to fix permissions by adding executable bit to DEST directory if missing. [1] https://discourse.ubuntu.com/t/private-home-directories-for-ubuntu-21-04-onwards/19533 Closes-Bug: #1966858 Change-Id: Id2787886433281238eb95ee11a75eddeef514293 --- doc/source/guides/multinode-lab.rst | 8 ++++++++ doc/source/guides/single-machine.rst | 8 ++++++++ doc/source/index.rst | 8 ++++++++ tools/create-stack-user.sh | 9 +++++++++ 4 files changed, 33 insertions(+) diff --git a/doc/source/guides/multinode-lab.rst b/doc/source/guides/multinode-lab.rst index 81c5945307..79a76dedb1 100644 --- a/doc/source/guides/multinode-lab.rst +++ b/doc/source/guides/multinode-lab.rst @@ -75,6 +75,14 @@ Otherwise create the stack user: useradd -s /bin/bash -d /opt/stack -m stack +Ensure home directory for the ``stack`` user has executable permission for all, +as RHEL based distros create it with ``700`` and Ubuntu 21.04+ with ``750`` +which can cause issues during deployment. + +:: + + chmod +x /opt/stack + This user will be making many changes to your system during installation and operation so it needs to have sudo privileges to root without a password: diff --git a/doc/source/guides/single-machine.rst b/doc/source/guides/single-machine.rst index a0e97edb37..03d93743f7 100644 --- a/doc/source/guides/single-machine.rst +++ b/doc/source/guides/single-machine.rst @@ -49,6 +49,14 @@ below) $ sudo useradd -s /bin/bash -d /opt/stack -m stack +Ensure home directory for the ``stack`` user has executable permission for all, +as RHEL based distros create it with ``700`` and Ubuntu 21.04+ with ``750`` +which can cause issues during deployment. + +.. code-block:: console + + $ sudo chmod +x /opt/stack + Since this user will be making many changes to your system, it will need to have sudo privileges: diff --git a/doc/source/index.rst b/doc/source/index.rst index feb50ce4e9..a79a7e602c 100644 --- a/doc/source/index.rst +++ b/doc/source/index.rst @@ -57,6 +57,14 @@ to run DevStack with $ sudo useradd -s /bin/bash -d /opt/stack -m stack +Ensure home directory for the ``stack`` user has executable permission for all, +as RHEL based distros create it with ``700`` and Ubuntu 21.04+ with ``750`` +which can cause issues during deployment. + +.. code-block:: console + + $ sudo chmod +x /opt/stack + Since this user will be making many changes to your system, it should have sudo privileges: diff --git a/tools/create-stack-user.sh b/tools/create-stack-user.sh index 919cacb036..cb8d7aa328 100755 --- a/tools/create-stack-user.sh +++ b/tools/create-stack-user.sh @@ -44,6 +44,15 @@ fi if ! getent passwd $STACK_USER >/dev/null; then echo "Creating a user called $STACK_USER" useradd -g $STACK_USER -s /bin/bash -d $DEST -m $STACK_USER + # RHEL based distros create home dir with 700 permissions, + # And Ubuntu 21.04+ with 750, i.e missing executable + # permission for either group or others + # Devstack deploy will have issues with this, fix it by + # adding executable permission + if [[ $(stat -c '%A' $DEST|grep -o x|wc -l) -lt 3 ]]; then + echo "Executable permission missing for $DEST, adding it" + chmod +x $DEST + fi fi echo "Giving stack user passwordless sudo privileges"