Which interface exposes user folder to root

Jamie Strandboge jamie at canonical.com
Tue Feb 7 16:07:35 UTC 2017 

On Tue, 2017-02-07 at 12:27 +0800, Tonny Tzeng wrote:
> Hi Jamie,
> 
> Thanks for the detailed explanation, it's really helpful!
> 
> However, I am hesitated to package my example files in the snap, just
> curious, what's the proper way to package a "development snap" which reads
> user given files and requires root permission? For example, I'd like to
> package necessary node.js components in a snap for developers to design
> their node.js based BLE apps, I've add node, bleno and noble modules in a
> snap, so the idea is to let the users create their own node.js sample apps
> (under their $HOME) and invoke the node command in my snap to run their
> sample apps. Since the bleno/noble node modules require root privilege for
> accessing BLE, I used "sudo mysnap.node <sample_file_in_home>" to run the
> snap command. But as you pointed out, the fsuid=0 but ouid=1000 which
> prevents the sample file being read from the snap command?

As mentioned before:

"In general, it is best practice to avoid processing files that are under
another user's control since those files could potentially be used to alter the
behavior of the running process"

If the user experience must be what you described where the files must live in
the user's home and the command accessing them must run as root, then you can
do:
$ sudo chown -R root:root <sample_file_in_home>
$ sudo mysnap.node <sample_file_in_home>

Alternatively, create a shared directory in SNAP_DATA. Eg:

$ sudo mkdir -m 1777 /var/snap/mysnap/current/examples # this could be done by
your snap
$ ln -s /var/snap/mysnap/current/examples <parent_dir_of_sample_file_in_home>
$ sudo mysnap.node <sample_file_in_home>

Alternatively, you can change how you think about this and you can put the files
in /root/<sample_file_in_root> and use 'sudo -H'.

Alternatively, you can change the work flow and do:
$ sudo mkdir -m 1777 /var/snap/mysnap/current/examples # this could be done by
your snap
$ sudo mysnap.node <sample_file_in_SNAP_DATA/examples>


Lastly, one thing I'm working on is how to allow dropping privileges. Once this
is in place you could adjust 'mysnap.node' to drop privileges to the real user
to read/copy/whatever the files such that this works:

$ sudo mysnap.node <sample_file_in_home>

-- 
Jamie Strandboge             | http://www.canonical.com

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: This is a digitally signed message part
URL: <https://lists.ubuntu.com/archives/snapcraft/attachments/20170207/136c720f/attachment.sig>

More information about the Snapcraft mailing list