Owner of files installed by tedge-container-plugin

Hi,

Error
I use the tedge-container-plugin to install container-group. One image contains the configuration file etc/project-conf/my-signal-manager-conf.json,
Which works fine.

Now I want to update the configuration using the tedge-configuration-plugin and get an error, maybe due to wrong owner/permissions.

failed to deploy configuration file: process ‘/usr/bin/sudo’ returned non-zero exit code (1); stderr=“sudo: a password is required”

Setup
On startup of the tedge-container-bundle (version ghcr.io/thin-edge/tedge-container-bundle:20250127.0909 ) I mount a volume that will contain my configuration file my-signal-manager-conf.json after the update/installation:

-v "project-conf:/etc/project-conf"

The directory is owned by tedge:

$ ls -la /etc
drwxr-xr-x    2 tedge    tedge         4096 Jan 31 11:21 project-conf
...

but the file inside are owned by root:

/ $ ls -la /etc/project-conf/
total 16
drwxr-xr-x    2 tedge    tedge         4096 Jan 31 11:21 .
drwxr-xr-x    1 root     root          4096 Jan 31 10:39 ..
-rw-r--r--    1 root     root           817 Jan 30 10:53 my-signal-manager-conf.json

What changes do I have to make in order to avoid this error?

As the file is mounted to your container I guess you need to change the permission of that file (and folder) locally to tedge:tedge and not root:root before it is mounted to your container. Otherwise the tedge user within the container cannot access this file.

The file is not mounted, but the volume project-conf. And when the tedge-container-plugin deploys the image, the specifc files are copied.
They inherit the ownership (user and group IDs) from the process that creates them. I guess this is the tedge-container-plugin and they seem to be owned by root
Now I look for a way to change this when the tedge-container-plugin` installs the image.

1 Like

I guess you mean tedge-configuration-plugin (not tedge-container-plugin here).

But after doing a bit of digging, it seems your problem is just caused by the fact that the tedge-write utility (which tedge-configuration-plugin uses to set the file’s ownership and permissions) is not defined in the /etc/sudoers.d/tedge file in the tedge-container-bundle (I’ve created a PR to fix this, fix: add tedge-write to tedge's sudoers rule by reubenmiller · Pull Request #66 · thin-edge/tedge-container-bundle · GitHub).

Update:

This has been fixed in tedge-container-bundle:20250131.2034, and a system test has been added.

1 Like

This topic was automatically closed 24 hours after the last reply. New replies are no longer allowed.