Chown to user set in ContainerPath

5 files changed, 33 insertions, 19 deletions

diff --git a/node-admin/src/main/java/com/yahoo/vespa/hosted/node/admin/nodeagent/NodeAgentContextImpl.java b/node-admin/src/main/java/com/yahoo/vespa/hosted/node/admin/nodeagent/NodeAgentContextImpl.java
index 82e630a1629..9ffb12ac1f7 100644
--- a/node-admin/src/main/java/com/yahoo/vespa/hosted/node/admin/nodeagent/NodeAgentContextImpl.java
+++ b/node-admin/src/main/java/com/yahoo/vespa/hosted/node/admin/nodeagent/NodeAgentContextImpl.java
@@ -61,7 +61,7 @@ public class NodeAgentContextImpl implements NodeAgentContext {
         this.containerNetworkMode = Objects.requireNonNull(containerNetworkMode);
         this.zone = Objects.requireNonNull(zone);
         this.containerFs = Objects.requireNonNull(containerFs);
-        this.pathToVespaHome = containerFs.getPath(pathToVespaHome);
+        this.pathToVespaHome = containerFs.getPath(pathToVespaHome).withUser(users().vespa());
         this.logPrefix = containerName.asString() + ": ";
         this.cpuSpeedup = cpuSpeedup;
         this.disabledNodeAgentTasks = NodeAgentTask.fromString(
diff --git a/node-admin/src/main/java/com/yahoo/vespa/hosted/node/admin/task/util/fs/ContainerFileSystem.java b/node-admin/src/main/java/com/yahoo/vespa/hosted/node/admin/task/util/fs/ContainerFileSystem.java
index bbcb971b78e..4167ba2d76e 100644
--- a/node-admin/src/main/java/com/yahoo/vespa/hosted/node/admin/task/util/fs/ContainerFileSystem.java
+++ b/node-admin/src/main/java/com/yahoo/vespa/hosted/node/admin/task/util/fs/ContainerFileSystem.java
@@ -64,7 +64,7 @@ public class ContainerFileSystem extends FileSystem {
 
     @Override
     public ContainerPath getPath(String first, String... more) {
-        return ContainerPath.fromPathInContainer(this, Path.of(first, more));
+        return ContainerPath.fromPathInContainer(this, Path.of(first, more), getUserPrincipalLookupService().userScope().root());
     }
 
     @Override
diff --git a/node-admin/src/main/java/com/yahoo/vespa/hosted/node/admin/task/util/fs/ContainerFileSystemProvider.java b/node-admin/src/main/java/com/yahoo/vespa/hosted/node/admin/task/util/fs/ContainerFileSystemProvider.java
index 0faa54f4487..5405a5acd61 100644
--- a/node-admin/src/main/java/com/yahoo/vespa/hosted/node/admin/task/util/fs/ContainerFileSystemProvider.java
+++ b/node-admin/src/main/java/com/yahoo/vespa/hosted/node/admin/task/util/fs/ContainerFileSystemProvider.java
@@ -87,7 +87,8 @@ class ContainerFileSystemProvider extends FileSystemProvider {
     @Override
     public DirectoryStream<Path> newDirectoryStream(Path dir, DirectoryStream.Filter<? super Path> filter) throws IOException {
         Path pathOnHost = pathOnHost(dir);
-        return new ContainerDirectoryStream(provider(pathOnHost).newDirectoryStream(pathOnHost, filter));
+        return new ContainerDirectoryStream(provider(pathOnHost).newDirectoryStream(pathOnHost, filter),
+                toContainerPath(dir).user());
     }
 
     @Override
@@ -233,15 +234,17 @@ class ContainerFileSystemProvider extends FileSystemProvider {
     }
 
     private void fixOwnerToContainerRoot(ContainerPath path) throws IOException {
-        setAttribute(path, "unix:uid", 0, LinkOption.NOFOLLOW_LINKS);
-        setAttribute(path, "unix:gid", 0, LinkOption.NOFOLLOW_LINKS);
+        setAttribute(path, "unix:uid", path.user().uid(), LinkOption.NOFOLLOW_LINKS);
+        setAttribute(path, "unix:gid", path.user().gid(), LinkOption.NOFOLLOW_LINKS);
     }
 
     private class ContainerDirectoryStream implements DirectoryStream<Path> {
         private final DirectoryStream<Path> hostDirectoryStream;
+        private final UnixUser user;
 
-        private ContainerDirectoryStream(DirectoryStream<Path> hostDirectoryStream) {
+        private ContainerDirectoryStream(DirectoryStream<Path> hostDirectoryStream, UnixUser user) {
             this.hostDirectoryStream = hostDirectoryStream;
+            this.user = user;
         }
 
         @Override
@@ -256,7 +259,7 @@ class ContainerFileSystemProvider extends FileSystemProvider {
                 @Override
                 public Path next() {
                     Path pathOnHost = hostPathIterator.next();
-                    return ContainerPath.fromPathOnHost(containerFs, pathOnHost);
+                    return ContainerPath.fromPathOnHost(containerFs, pathOnHost, user);
                 }
             };
         }
diff --git a/node-admin/src/main/java/com/yahoo/vespa/hosted/node/admin/task/util/fs/ContainerPath.java b/node-admin/src/main/java/com/yahoo/vespa/hosted/node/admin/task/util/fs/ContainerPath.java
index 9450c8d4612..4f12c9439f2 100644
--- a/node-admin/src/main/java/com/yahoo/vespa/hosted/node/admin/task/util/fs/ContainerPath.java
+++ b/node-admin/src/main/java/com/yahoo/vespa/hosted/node/admin/task/util/fs/ContainerPath.java
@@ -1,6 +1,8 @@
 // Copyright Yahoo. Licensed under the terms of the Apache 2.0 license. See LICENSE in the project root.
 package com.yahoo.vespa.hosted.node.admin.task.util.fs;
 
+import com.yahoo.vespa.hosted.node.admin.task.util.file.UnixUser;
+
 import java.io.IOException;
 import java.net.URI;
 import java.nio.file.LinkOption;
@@ -24,11 +26,13 @@ public class ContainerPath implements Path {
     private final ContainerFileSystem containerFs;
     private final Path pathOnHost;
     private final String[] parts;
+    private final UnixUser user;
 
-    private ContainerPath(ContainerFileSystem containerFs, Path pathOnHost, String[] parts) {
+    private ContainerPath(ContainerFileSystem containerFs, Path pathOnHost, String[] parts, UnixUser user) {
         this.containerFs = Objects.requireNonNull(containerFs);
         this.pathOnHost = Objects.requireNonNull(pathOnHost);
         this.parts = Objects.requireNonNull(parts);
+        this.user = Objects.requireNonNull(user);
 
         if (!pathOnHost.isAbsolute())
             throw new IllegalArgumentException("Path host must be absolute: " + pathOnHost);
@@ -39,6 +43,8 @@ public class ContainerPath implements Path {
 
     public Path pathOnHost() { return pathOnHost; }
     public String pathInContainer() { return '/' + String.join("/", parts); }
+    public ContainerPath withUser(UnixUser user) { return new ContainerPath(containerFs, pathOnHost, parts, user); }
+    UnixUser user() { return user; }
 
     @Override
     public ContainerFileSystem getFileSystem() {
@@ -47,7 +53,7 @@ public class ContainerPath implements Path {
 
     @Override
     public ContainerPath getRoot() {
-        return resolve(containerFs, new String[0], Path.of("/"));
+        return resolve(containerFs, new String[0], Path.of("/"), user);
     }
 
     @Override
@@ -59,7 +65,7 @@ public class ContainerPath implements Path {
     @Override
     public ContainerPath getParent() {
         if (parts.length == 0) return null;
-        return new ContainerPath(containerFs, pathOnHost.getParent(), Arrays.copyOf(parts, parts.length-1));
+        return new ContainerPath(containerFs, pathOnHost.getParent(), Arrays.copyOf(parts, parts.length-1), user);
     }
 
     @Override
@@ -83,7 +89,7 @@ public class ContainerPath implements Path {
         return Path.of(parts[beginIndex], rest);
     }
 
-    @Override public ContainerPath resolve(Path other) { return resolve(containerFs, parts, other); }
+    @Override public ContainerPath resolve(Path other) { return resolve(containerFs, parts, other, user); }
     @Override public ContainerPath resolve(String other) { return resolve(Path.of(other)); }
     @Override public ContainerPath resolveSibling(String other) { return resolve(Path.of("..", other)); }
 
@@ -133,7 +139,7 @@ public class ContainerPath implements Path {
     public ContainerPath toRealPath(LinkOption... options) throws IOException {
         Path realPathOnHost = pathOnHost.toRealPath(options);
         if (realPathOnHost.equals(pathOnHost)) return this;
-        return fromPathOnHost(containerFs, realPathOnHost);
+        return fromPathOnHost(containerFs, realPathOnHost, user);
     }
 
     @Override
@@ -176,7 +182,7 @@ public class ContainerPath implements Path {
         return containerFs.containerRootOnHost().getFileName() + ":" + pathInContainer();
     }
 
-    private static ContainerPath resolve(ContainerFileSystem containerFs, String[] currentParts, Path other) {
+    private static ContainerPath resolve(ContainerFileSystem containerFs, String[] currentParts, Path other, UnixUser user) {
         List<String> parts = other.isAbsolute() ? new ArrayList<>() : new ArrayList<>(Arrays.asList(currentParts));
         for (int i = 0; i < other.getNameCount(); i++) {
             String part = other.getName(i).toString();
@@ -190,28 +196,29 @@ public class ContainerPath implements Path {
 
         return new ContainerPath(containerFs,
                 containerFs.containerRootOnHost().resolve(String.join("/", parts)),
-                parts.toArray(String[]::new));
+                parts.toArray(String[]::new),
+                user);
     }
 
-    public static ContainerPath fromPathInContainer(ContainerFileSystem containerFs, Path pathInContainer) {
+    public static ContainerPath fromPathInContainer(ContainerFileSystem containerFs, Path pathInContainer, UnixUser user) {
         if (!pathInContainer.isAbsolute())
             throw new IllegalArgumentException("Path in container must be absolute: " + pathInContainer);
-        return resolve(containerFs, new String[0], pathInContainer);
+        return resolve(containerFs, new String[0], pathInContainer, user);
     }
 
-    public static ContainerPath fromPathOnHost(ContainerFileSystem containerFs, Path pathOnHost) {
+    public static ContainerPath fromPathOnHost(ContainerFileSystem containerFs, Path pathOnHost, UnixUser user) {
         pathOnHost = pathOnHost.normalize();
         Path containerRootOnHost = containerFs.containerRootOnHost();
         Path pathUnderContainerStorage = containerRootOnHost.relativize(pathOnHost);
 
         if (pathUnderContainerStorage.getNameCount() == 0 || pathUnderContainerStorage.getName(0).toString().isEmpty())
-            return new ContainerPath(containerFs, pathOnHost, new String[0]);
+            return new ContainerPath(containerFs, pathOnHost, new String[0], user);
         if (pathUnderContainerStorage.getName(0).toString().equals(".."))
             throw new IllegalArgumentException("Path " + pathOnHost + " is not under container root " + containerRootOnHost);
 
         List<String> parts = new ArrayList<>();
         for (int i = 0; i < pathUnderContainerStorage.getNameCount(); i++)
             parts.add(pathUnderContainerStorage.getName(i).toString());
-        return new ContainerPath(containerFs, pathOnHost, parts.toArray(String[]::new));
+        return new ContainerPath(containerFs, pathOnHost, parts.toArray(String[]::new), user);
     }
 }
diff --git a/node-admin/src/test/java/com/yahoo/vespa/hosted/node/admin/task/util/fs/ContainerFileSystemTest.java b/node-admin/src/test/java/com/yahoo/vespa/hosted/node/admin/task/util/fs/ContainerFileSystemTest.java
index 393e1ac34b2..b5f2ef41a1a 100644
--- a/node-admin/src/test/java/com/yahoo/vespa/hosted/node/admin/task/util/fs/ContainerFileSystemTest.java
+++ b/node-admin/src/test/java/com/yahoo/vespa/hosted/node/admin/task/util/fs/ContainerFileSystemTest.java
@@ -60,6 +60,10 @@ class ContainerFileSystemTest {
         assertOwnership(containerPath, 500, 200, 10500, 11200); // Owner should not have been updated as the file already existed
 
         assertEquals("hello world", unixPath.readUtf8File());
+
+        unixPath.deleteIfExists();
+        new UnixPath(containerPath.withUser(userScope.vespa())).writeUtf8File("test123");
+        assertOwnership(containerPath, 1000, 100, 11000, 11100);
     }
 
     @Test