Can't write in homefolder via install hook

I have a super simple install script in the snap/hooks directory with

#!/bin/sh
set -e
mkdir -p /home/myuser/mysnap

In my snapcraft.yml I have

hooks:
  install:
    plugs: [home]

Which I expect should allow me to create a directory in the myusers homefolder. It’s not a hidden file which would, I assume, be denied. Installing the snap (locally via --dangerous) gives me a permission error.

Run install hook of “mysnap” snap if present (run hook “install”: mkdir: cannot create directory ‘/home/myuser/mysnap’: Permission denied)

Any idea what I am missing here?

Snap packages are installed system wide so that any user can use the app. Even if you think of most Linux desktops as single user, some distros have a “guest mode” that sets up a temporary user account, so it is more common than you might think.

As for the technical reason for the error, your install hook is running as root under your snap’s confinement policy. The AppArmor rules that grant access to files under /home use the @owner modifier, which requires that the file and process ownership match. Since the user’s files aren’t owned by root, access is denied.

If you need to set up some default user configuration, it would be better to do that when the application is run. This way you can be sure the initialisation is run for each user that wants to use your snap: even those user accounts created after your snap is installed (as might be the case for a guest account).

1 Like