AWS re:Post을(를) 사용하면 다음에 동의하게 됩니다. AWS re:Post 이용 약관
AWS re:Postre:Post

Dir owner 'nobody' and group 'root' after mounting container volume with `addGroupOwner` set to true.

0

When running a lambda function component in Greengrass v2.12.2 the mounted volume does not seem to have the correct owner.

For the host dir I have the following owner, group and permissions: drwxr-xr-x root root.

Greengrass is installed with --component-default-user ggc_user:ggc_group which I can confirm in the effective config as posixUser: "ggc_user:ggc_group"

My lambda configuration is as follows

{
  "lambdaFunction": {
    ...
    "componentLambdaParameters": {
      "pinned": true,
      ...
      "linuxProcessParams": {
        ...
        "containerParams": {
          "volumes": [
            {
              "sourcePath": "/host/dir",
              "destinationPath": "/dir",
              "addGroupOwner": true,
              "permission": "rw"
            }
          ]
        }
      }
    }
  }
}

And in my lambda the owner I get is nobody and group is root while the posix permisssions for the mounted directory are drwxr-xr-x.

Also neithrer addGroupOwner nor permission seem to make a difference in my case; it's always drwxr-xr-x nobody root.

(Just in case it is relevant I fetch the owner programmatically in Kotlin/Java with Files.getOwner(path) and group with Files.getAttribute(this, "posix:group", NOFOLLOW_LINKS))

I was expecting the group to be ggc_group and owner to be ggc_user. Am I missing something?

My ultimate goal is to be able to create a file in the mounted volume but I get permission denied not surprisingly.

주제
사물 인터넷(IoT)서버리스컴퓨팅컨테이너
태그
AWS IoT GreengrassAWS Lambda컨테이너
언어
English
George H
질문됨 2달 전178회 조회
1개 답변
1
수락된 답변

Hello,

When using local resources the local resources must not be owned by root, or else only root can access those resources. Please use a directory that you have permission to write to. Lambdas are always started with a current working directory which is writable, you can write to .; the current working directory without any other changes.

You are migrating from Greengrass V1, what was the exact configuration of your lambda in Greengrass V1? That same configuration should be used with Greengrass v2.

AddGroupOwner would mean that your lambda is execute with the group ID which owns the volume. Your lambda cannot run as the root group, so this has no effect as root owns the volume. Using the default path that Greengrass gives you will work without needing to mount anything. File permissions are not changed by this setting.

If you still need assistance please enable DEBUG level logs in the Greengrass Nucleus component configuration and provide the debug logs from the lambda component. They will show what is happening.

Regards,

Michael

AWS
전문가
MichaelDombrowski-AWS
답변함 2달 전
profile picture
전문가
Oleksii Bebych
검토됨 2달 전
  • George H
    2달 전

    Changing owner to ggc_user:ggc_group for the relevant dir worked indeed.

로그인하지 않았습니다. 로그인해야 답변을 게시할 수 있습니다.

좋은 답변은 질문에 명확하게 답하고 건설적인 피드백을 제공하며 질문자의 전문적인 성장을 장려합니다.

질문 답변하기에 대한 가이드라인

관련 콘텐츠