From b8bd3b1f412c76e8ed1f38aec5dd9d1e73566627 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Reinhard=20N=C3=A4gele?= Date: Wed, 27 Feb 2019 21:34:58 +0100 Subject: [PATCH] Fix permissions This is a follow-up PR for #7, since https://github.com/rancher/local-path-provisioner/commit/3256bdf61b14c6b7e517ede0f56cfebeaf28e616, unfortunately, did not fully fix the issue. The example I supplied is not ideal. It works with your fix because it uses Busybox which doesn't have group 1000 so the user runs with gid=0. I added `id` to the script which prints the following: `uid=1000 gid=0(root) groups=0(root),1000` Now, when I use an image that actually has a user with uid=1000, gid=1000, such as `jenkins/jenkins` it doesn't work because the user does not belong to group 0 in this case: `uid=1000 gid=0(root) groups=0(root),1000` This fixes the issue using `0777` as Minikube does. --- examples/pod-with-security-context.yaml | 5 ++++- provisioner.go | 2 +- 2 files changed, 5 insertions(+), 2 deletions(-) diff --git a/examples/pod-with-security-context.yaml b/examples/pod-with-security-context.yaml index c7cfaae3..f191c87e 100644 --- a/examples/pod-with-security-context.yaml +++ b/examples/pod-with-security-context.yaml @@ -7,7 +7,9 @@ metadata: spec: containers: - name: test - image: busybox + # Jenkins image used for illustration purposes because it has a user + # with uid=1000 and gid=1000 that matches the specified security context + image: jenkins/jenkins command: - /config/test.sh volumeMounts: @@ -39,6 +41,7 @@ metadata: data: test.sh: | #!/bin/sh + id ls -al /test && \ echo 'Hello from local-path-test' && \ cp /config/text.txt /test/test.txt && \ diff --git a/provisioner.go b/provisioner.go index f1d63662..dd408a4c 100644 --- a/provisioner.go +++ b/provisioner.go @@ -186,7 +186,7 @@ func (p *LocalPathProvisioner) Provision(opts pvController.VolumeOptions) (*v1.P createCmdsForPath := []string{ "mkdir", - "-m", "0770", + "-m", "0777", "-p", } if err := p.createHelperPod(ActionTypeCreate, createCmdsForPath, name, path, node.Name); err != nil {