'snap login' behavior and user permissions

It might be against snap’s philosophy, but I’d want only the root user to be able to mess with the execution of some snaps (start/stop/getting infos about a private snap’s channels…).

When using ‘snap login’ with root user account, it does what I want: only the root user can start/stop snaps.
But this method does not work in bash scripts that I use to set up the environment. I also prefer not doing much things loged in as root.

Using ‘sudo snap login’ with a user account, logs in the current user and then this user can start/stop snaps. This is not the behavior that I’d want.

I found a workaround, I run ‘sudo snap login’ and then I change permissions of “.snap/auth.json” and then move the “.snap” folder into the root home folder, only the root user gets the right permissions and the user loses it.

It seems to be ok for my use case but I feel like reaaally bending snap. I’d like to know if there is a cleaner way to do what I want. I’d also like a bit of background about how all this works to have a better understanding of what goes on.

Thanks for the help !

is there a particular reason you want to be logged in at all ?
just do not log in and use sudo for all snap commands …
snap login is optional …

Yes, I use a private snap.

ah, in that case it is indeed not optional :slight_smile: