Set symlink owner

2 files changed, 7 insertions, 3 deletions

diff --git a/node-admin/src/main/java/com/yahoo/vespa/hosted/node/admin/task/util/fs/ContainerFileSystemProvider.java b/node-admin/src/main/java/com/yahoo/vespa/hosted/node/admin/task/util/fs/ContainerFileSystemProvider.java
index 51c9c666c9c..c956cae868b 100644
--- a/node-admin/src/main/java/com/yahoo/vespa/hosted/node/admin/task/util/fs/ContainerFileSystemProvider.java
+++ b/node-admin/src/main/java/com/yahoo/vespa/hosted/node/admin/task/util/fs/ContainerFileSystemProvider.java
@@ -121,9 +121,11 @@ class ContainerFileSystemProvider extends FileSystemProvider {
     @Override
     public void createSymbolicLink(Path link, Path target, FileAttribute<?>... attrs) throws IOException {
         Path pathOnHost = pathOnHost(link);
+        boolean existedBefore = Files.exists(pathOnHost, LinkOption.NOFOLLOW_LINKS);
         if (target instanceof ContainerPath)
             target = pathOnHost.getFileSystem().getPath(toContainerPath(target).pathInContainer());
         provider(pathOnHost).createSymbolicLink(pathOnHost, target, attrs);
+        if (!existedBefore) fixOwnerToContainerRoot(toContainerPath(link));
     }
 
     @Override
@@ -231,8 +233,8 @@ class ContainerFileSystemProvider extends FileSystemProvider {
     }
 
     private void fixOwnerToContainerRoot(ContainerPath path) throws IOException {
-        setAttribute(path, "unix:uid", 0);
-        setAttribute(path, "unix:gid", 0);
+        setAttribute(path, "unix:uid", 0, LinkOption.NOFOLLOW_LINKS);
+        setAttribute(path, "unix:gid", 0, LinkOption.NOFOLLOW_LINKS);
     }
 
     private class ContainerDirectoryStream implements DirectoryStream<Path> {
diff --git a/node-admin/src/test/java/com/yahoo/vespa/hosted/node/admin/task/util/fs/ContainerFileSystemTest.java b/node-admin/src/test/java/com/yahoo/vespa/hosted/node/admin/task/util/fs/ContainerFileSystemTest.java
index 0faee05a9b1..14c1378fbd7 100644
--- a/node-admin/src/test/java/com/yahoo/vespa/hosted/node/admin/task/util/fs/ContainerFileSystemTest.java
+++ b/node-admin/src/test/java/com/yahoo/vespa/hosted/node/admin/task/util/fs/ContainerFileSystemTest.java
@@ -11,6 +11,7 @@ import java.io.IOException;
 import java.nio.charset.StandardCharsets;
 import java.nio.file.FileSystem;
 import java.nio.file.Files;
+import java.nio.file.LinkOption;
 import java.nio.file.Path;
 import java.nio.file.StandardCopyOption;
 import java.nio.file.StandardOpenOption;
@@ -133,6 +134,7 @@ class ContainerFileSystemTest {
         // Symlinks from ContainerPath to a ContainerPath: Target is resolved within container with base FS provider
         Files.createSymbolicLink(source, ContainerPath.fromPathInContainer(containerFs, Path.of("/path/in/container")));
         assertEquals(fileSystem.getPath("/path/in/container"), Files.readSymbolicLink(source));
+        assertOwnership(source, 0, 0, 10000, 11000);
     }
 
     private static void assertOwnership(ContainerPath path, int contUid, int contGid, int hostUid, int hostGid) throws IOException {
@@ -141,7 +143,7 @@ class ContainerFileSystemTest {
     }
 
     private static void assertOwnership(Path path, int uid, int gid) throws IOException {
-        Map<String, Object> attrs = Files.readAttributes(path, "unix:*");
+        Map<String, Object> attrs = Files.readAttributes(path, "unix:*", LinkOption.NOFOLLOW_LINKS);
         assertEquals(uid, attrs.get("uid"));
         assertEquals(gid, attrs.get("gid"));
     }