Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Can't create user space when using the Joint Access Storage Driver as non root #9734

Open
SpeakinTelnet opened this issue Aug 5, 2024 · 3 comments
Labels

Comments

@SpeakinTelnet
Copy link

Describe the bug

When deploying OCIS with the posix storage driver using systemd and user ocis (as per the docs) the service fails to create the user space.

Steps to reproduce

Here's my full deployment procedure runable from a bash script:

wget -O /usr/local/bin/ocis https://github.com/owncloud/ocis/releases/download/v6.2.0/ocis-6.2.0-linux-amd64
chmod +x /usr/local/bin/ocis

useradd --system --no-create-home --shell=/sbin/nologin ocis

mkdir -p /var/lib/ocis/posix-storage
mkdir -p /etc/ocis
touch /etc/ocis/ocis.env
chown -R ocis:ocis /var/lib/ocis
chown -R ocis:ocis /etc/ocis

cat > /etc/ocis/ocis.env << EOF
OCIS_URL=https://owncloud.homelab:9200
PROXY_HTTP_ADDR=0.0.0.0:9200

OCIS_LOG_LEVEL=warn

OCIS_CONFIG_DIR=/etc/ocis
OCIS_BASE_DATA_PATH=/var/lib/ocis

STORAGE_USERS_DRIVER="posix"
STORAGE_USERS_POSIX_ROOT="/var/lib/ocis/posix-storage"
STORAGE_USERS_POSIX_WATCH_TYPE="inotifywait"
STORAGE_USERS_ID_CACHE_STORE="nats-js-kv"
STORAGE_USERS_ID_CACHE_STORE_NODES="localhost:9233"
EOF

sudo -u ocis ocis init --config-path /etc/ocis

cat > /etc/systemd/system/ocis.service << EOF
[Unit]
Description=OCIS server

[Service]
Type=simple
User=ocis
Group=ocis
EnvironmentFile=/etc/ocis/ocis.env
ExecStart=/usr/local/bin/ocis server
Restart=always

[Install]
WantedBy=multi-user.target
EOF

systemctl daemon-reload
systemctl enable --now ocis

Expected behavior

The user space is created and the service run as usual

Actual behavior

The user space is not created and the following errors occurs:

Aug 05 14:14:28 owncloud ocis[5562]: {"level":"error","service":"storage-users","pkg":"rgrpc","traceid":"a03ca61801683eeb9d986de767a85144","error":"open .flock: permission denied","status":{"code":15,"message":"error creating space","trace":"a03ca61801683eeb9d986de767a85144"},"request":{"opaque":{"map":{"space_id":{"decoder":"plain","value":"M2ZmYzIyZGMtZjE5ZS00ZWU2LWJjYTMtODY0NDA1N2YyNzlk"}}},"owner":{"id":{"idp":"https://owncloud.homelab:9200","opaque_id":"3ffc22dc-f19e-4ee6-bca3-8644057f279d","type":1},"username":"admin","mail":"admin@example.org","display_name":"Admin","uid_number":99,"gid_number":99},"type":"personal","name":"Admin"},"time":"2024-08-05T14:14:28Z","message":"failed to create storage space"}
Aug 05 14:14:28 owncloud ocis[5562]: {"level":"error","service":"proxy","error":"gateway: grpc failed with code CODE_INTERNAL","time":"2024-08-05T14:14:28Z","message":"error when calling Createhome"}

Additional context

  • If I run the service as the root user instead everything runs correctly.
  • I have the same errors if I create a home for user ocis and set the storage in the home directory.
  • I have the same errors if I run chmod -R 777 /var/lib/ocis/posix-storage
  • Removing the posix storage driver section makes the service run correctly.

Thanks!

@rhafer
Copy link
Contributor

rhafer commented Aug 8, 2024

I can confirm the issue. For some reason ocis tries to create lockfile in it's current working directory (which I think is a bug in ocis).

The working directory of service run by systemd defaults /, where the ocis user obivously can't write anything. As a workaround please try adding:

WorkingDirectory=/var/lib/ocis/

to the [Service] section of your unit file. Then systemctl daemon-reload and systemctl restart ocis

@rhafer
Copy link
Contributor

rhafer commented Aug 8, 2024

cc @aduffeck

@SpeakinTelnet
Copy link
Author

@rhafer Thank you! The workaround works

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
Projects
Status: Qualification
Development

No branches or pull requests

2 participants