[lxc-users] LXD: Changing ownership on /root not permitted.

Stéphane Graber stgraber at ubuntu.com
Thu Oct 1 21:58:25 UTC 2015


On Thu, Oct 01, 2015 at 04:54:08PM -0500, Luis Michael Ibarra wrote:
> Hi,
> 
> I found an interesting behavior today which I think is not wrong but it's
> still interesting.
> 
> When I tried to copy a file from the host to /root inside the container
> using cp, this happened.
> 
> On the host:
> $sudo cp some_file.sh /var/lib/lxc/containers/c1/rootfs/root/
> 
> On the container:
> #ls -la /root/ | grep some_file.sh
> -rwxr-xr-x  1 *nobody nogroup* 3450 Oct  1 21:34 some_file.sh
> 
> #chown root.root /root/some_file.sh
> chown: changing ownership of 'some_file.sh': Operation not permitted
> 
> This behavior happens only in the /root/ directory on the container,
> because this directory has 700 as its permissions. So, the only way to
> write inside is being root on the host, but id 0 is not mapped in
> /etc/subuid/ inside the container. I can write directly to any other
> directory of the container's root tree from the host without getting sudo
> privileges because my user is in the lxd group.
> 
> So, lesson learned that always use push/pull to copy files.
> 
> Disclaimer: I know how push/pull works, I was trying to copy a file in the
> old fashioned way.

Yep, there is a reason (besides network transparency) for push/pull :)

-- 
Stéphane Graber
Ubuntu developer
http://www.ubuntu.com
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: Digital signature
URL: <http://lists.linuxcontainers.org/pipermail/lxc-users/attachments/20151001/ea2ac16d/attachment.sig>


More information about the lxc-users mailing list