mkdir: cannot create directory: Permission denied when specifying tmpdir
gawainXX opened this issue · 1 comments
Describe the Bug
When running a task or plan via ssh and a custom tmpdir and run-as root are specified the task will fail due to permissions.
This mkdir command appears to be ran before elevation occurs, so it's restricted to the non-sudo rights of the account being used for ssh authentication.
Task will successfully run if the service account being used for ssh is discretely set as the owner over the folder specified with the tmpdir var.
Expected Behavior
mkdir command will run in root context.
Steps to Reproduce
Steps to reproduce the behavior:
- create a directory on target system (/var/cache)
- chmod 664 that directory (/var/cache)
- have a service account that is a member of sudoers for your connection:
config:
ssh:
host-key-check: false
user: {serviceaccountname}
private-key: /etc/puppetlabs/puppet/keys/{serviceaccount}_private_key.pem
run-as: root
tmpdir: '/var/cache' - attempt to run any bolt plan or task against the host
This has been observed on Ubuntu 20.04 and AlmaLinux 8.X hosts.
Environment
- 7.20.0
- Ubuntu Server 20.04
Additional Context
If this is expected behavior, can the following document possibly be updated to note that the tmpdir folder must be writable to the account you are establishing the ssh connection with PRIOR to sudo? https://puppet.com/docs/bolt/latest/bolt_transports_reference.html
This issue has not had activity for 60 days and will be marked as stale.
If this issue continues to have no activity for 7 days, it will be closed.