I launched a container first with default profile, and updated the sudoer config file:
echo "Defaults: root runcwd=*" > /etc/sudoers.d/allow_root_chdir
Then I executed the command:
lxc exec first --cwd=/tmp -- sudo -u ubuntu -D /tmp -i
After that, I got an interactive shell with:
ubuntu@first:~$
This wasn’t expected, because the -D /tmp option should make the shell’s working directory to be /tmp, rather than ubuntu’s home dir.
Such issue occurs when the option --cwd and sudo -D are followed by the same dir.
When they’re different, for example,
lxc exec first --cwd=/ -- sudo -u ubuntu -D /tmp -i
The working dir turns to be correct:
ubuntu@first:/tmp$
This subtle case is blocking our Workshop development on top of LXD. What makes -D option of sudo command not work?
I’m not seeing this on latest/edge LXD with an ubuntu:24.04 VM. Can you please post reproducer steps?
As an alternative, could you run lxc exec first --cwd=/tmp -- su ubuntu instead?
Hi @markylaing, I just found that the issue occurs on 22.04 only, not 24.04.
The reporudcer steps are:
- Launch a container:
lxc launch ubuntu:22.04 first22
- Login to the container and update the sudocer config file:
lxc exec first22 -- bash
echo "Defaults: root runcwd=*" > /etc/sudoers.d/allow_root_chdir
- Execute
sudo command: lxc exec first22 --cwd=/tmp -- sudo -u ubuntu -D /tmp -i
In our case, su can’t serve as alternative command to sudo, because it dones’t provide an option (like -D for sudo) to change working directory.
I shelled into the container and tried the following:
$ cd /tmp
$ sudo -u ubuntu -D /tmp -i
$ pwd
/home/ubuntu
Then tried this on my physical machine (running 22.04):
$ cd /tmp
$ sudo -u test -D /tmp -i
$ pwd
/home/test
So this doesn’t seem to be on LXD after all. And since it works on 24.04, this seems to have been fixed somewhere along the way.
Yes, I understand that these commands in a separate interactive shell ( lxc exec xxx -- bash then sudo ...) works well.
But the issue is that lxc exec xxx --cwd ... behaves differently which is unexpected. It seems that LXD --cwd option conflicts with sudo -D.
Otherwise, is there a way to simulate lxc exec xxx --cwd ... cmd on pysical machine?
I think what @pedro-rib is saying here is that this behaviour is present in ubuntu 22.04 generally and is not related to LXD. For example, on my physical machine:
mark@RUBIX:/tmp$ lsb_release -a
No LSB modules are available.
Distributor ID: Ubuntu
Description: Ubuntu 22.04.5 LTS
Release: 22.04
Codename: jammy
mark@RUBIX:~$ sudo useradd -m test
mark@RUBIX:~$ cd /tmp
mark@RUBIX:/tmp$ sudo -u test -D /tmp -i
$ pwd
/home/test
So when you specify --cwd LXD is doing the correct thing by executing the command in /tmp, but the behaviour of sudo in 22.04 is causing the directory to change back to the homedir (I don’t know the reason for this).
So for ubuntu:22.04 you will need to specify --cwd for lxc or -D for sudo, but not both.
Thank you @markylaing. I realized that I misread @pedro-rib’s answer before. Now I understand that. It should be a confusing feature of sudo itself in 22.04, not a LXD issue.
1 Like