Snap install permissions glitch

snapd
1

(For reference, I’m using snapd on Debian Stretch on WSL - per my post on Windows Subsystem for Linux for that last one - but FWIW, I don’t think this is a specifically WSL-related problem. I’m using wormhole as my example, here, but the same issue comes up with essentially every snap.)

Specifically, when I install a snap, various of the files placed under /var/lib/snapd are installed with group instead of group root, in turn meaning that a “not root-owned” error occurs on trying to run the snap.

Example:

# avatar @ athena in ~ [12:00:02]
$ sudo snap install wormhole
wormhole 0.11.2 from Snapcrafters installed

# avatar @ athena in ~ [12:01:55]
$ wormhole foo
/var/lib/snapd/seccomp/bpf/snap.wormhole.wormhole.bin not root-owned 0:1000
[1]    26627 exit 1     wormhole foo

This is easily fixed, or at least worked around, by

sudo chgrp root /var/lib/snapd/seccomp/bpf/snap.wormhole.wormhole.*

But this really shouldn’t be necessary. Any thoughts, anyone?

2

It sounds like you started snapd such that its group is non-root. Check if that is the case with ps ax o pid,euid,egid,comm|grep snapd

2 Likes
3

Ha! That was exactly it, only more so - thanks to a bug elsewhere, I’d managed to get my pid 1 systemd running with egid=1000, and that broke the groups of every service, snapd included. Not sure how the system worked at all like that, but…

Thanks for the help.