Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

cli: k3s fails to execute for users lacking read perms for /etc/rancher/k3s/config.yaml #4321

Closed
1 of 5 tasks
dweomer opened this issue Oct 24, 2021 · 2 comments
Closed
1 of 5 tasks

cli: k3s fails to execute for users lacking read perms for /etc/rancher/k3s/config.yaml #4321

dweomer opened this issue Oct 24, 2021 · 2 comments
Assignees
@dereknola @ShylajaDevadiga
Labels
kind/bug Something isn't working
Milestone
v1.27.3+k3s1

Comments

@dweomer
Copy link
Contributor

dweomer commented Oct 24, 2021
edited
Loading

Environmental Info:
K3s Version:

k3s version v1.22.2+k3s2 (3f5774b4)
go version go1.16.8

Also encountered with:

  • v1.21.5+k3s2
  • v1.20.11+k3s2

Node(s) CPU architecture, OS, and Version:
all

Cluster Configuration:
n/a

Describe the bug:
Invoking k3s --version, k3s --help, or any k3s command, actually, fail when the /etc/rancher/k3s/config.yaml is unreadable due to permissions.

Steps To Reproduce:

  1. fire up an alpine container and apk add su-exec wget
  2. wget -P /usr/local/bin/ 'https://github.com/k3s-io/k3s/releases/download/v1.22.2%2Bk3s2/k3s'
  3. chmod+x /usr/local/bin/k3s
  4. umask 0066
  5. mkdir -p /etc/rancher/k3s
  6. ls -alF /etc/rancher/k3s 
    total 8
drwx--x--x    2 root     root          4096 Oct 24 02:29 ./
drwx--x--x    3 root     root          4096 Oct 24 02:29 ../
  7. su-exec nobody:nobody k3s --version 
    k3s version v1.22.2+k3s2 (3f5774b4)
go version go1.16.8
  8. touch /etc/rancher/k3s/config.yaml
  9. su-exec nobody:nobody k3s --version 
    FATA[0000] open /etc/rancher/k3s/config.yaml: permission denied

Expected behavior:
k3s --version displays the version and k3s --help should show the help info regardless of filesystem permissions (assuming that the k3s binary has execute perms for the invoking user)

Actual behavior:
See the "permission denied" error above.

Backporting

  • Needs backporting to older releases
    • release-1.22
    • release-1.21
    • engine-1.21
    • release-1.20
@dweomer
Copy link
Contributor Author

dweomer commented Oct 24, 2021

Also fails if you remove the config file and chmod 0700 /etc/rancher/k3s (or /etc/rancher)

@dweomer dweomer added the kind/bug Something isn't working label Oct 25, 2021
@dweomer dweomer changed the title k3s fails to execute for users lacking read perms for /etc/rancher/k3s/config.yaml cli: k3s fails to execute for users lacking read perms for /etc/rancher/k3s/config.yaml Oct 25, 2021
@caroline-suse-rancher caroline-suse-rancher moved this from New to To Triage in K3s Development Apr 24, 2023
@dereknola dereknola mentioned this issue Jun 7, 2023
Merged
@dereknola dereknola moved this from To Triage to Peer Review in K3s Development Jun 7, 2023
@dereknola dereknola modified the milestones: v1.27.4+k3s1, v1.27.3+k3s1 Jun 7, 2023
@dereknola dereknola moved this from Peer Review to To Test in K3s Development Jun 7, 2023
@dereknola dereknola self-assigned this Jun 7, 2023
This was referenced Jun 7, 2023
Closed
Closed
Closed
@ShylajaDevadiga ShylajaDevadiga self-assigned this Jun 9, 2023
@ShylajaDevadiga
Copy link
Contributor

Validated on master branch using commit id 318ef4e

Environment Details

Infrastructure
Cloud EC2 instance

Node(s) CPU architecture, OS, and Version:
Ubuntu 22.04

Cluster Configuration:
Single node

Steps to reproduce from the PR

  1. touch /etc/rancher/k3s/config.yaml
  2. sudo chmod 700 /etc/rancher/k3s/config.yaml
  3. Install k3s
  4. Call k3s --help, k3s --version, k3s -h, k3s server -h

Results from reproduce the issue:

ubuntu@ip-172-31-14-48:~$ ls -l /etc/rancher/k3s/config.yaml
-rwx------ 1 root root 14 Jun 12 15:14 /etc/rancher/k3s/config.yaml
ubuntu@ip-172-31-14-48:~$ k3s --version
FATA[0000] open /etc/rancher/k3s/config.yaml: permission denied 
ubuntu@ip-172-31-14-48:~$ k3s -v
FATA[0000] open /etc/rancher/k3s/config.yaml: permission denied 
ubuntu@ip-172-31-14-48:~$

Results from validation:

ubuntu@ip-172-31-6-12:~$ ls -l  /etc/rancher/k3s/config.yaml
-rwx------ 1 root root 0 Jun 12 15:40 /etc/rancher/k3s/config.yaml
ubuntu@ip-172-31-6-12:~$ k3s -v
k3s version v1.27.2+k3s-318ef4e0 (318ef4e0)
go version go1.20.4
ubuntu@ip-172-31-6-12:~$ k3s --help
NAME:
   k3s - Kubernetes, but small and simple

@github-project-automation github-project-automation bot moved this from To Test to Done Issue in K3s Development Jun 12, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@dereknola dereknola

@ShylajaDevadiga ShylajaDevadiga

Labels
kind/bug Something isn't working
Projects
K3s Development
Archived in project
Milestone
v1.27.3+k3s1
Development

No branches or pull requests
3 participants
@dweomer @dereknola @ShylajaDevadiga