I just configured LXD (sudo lxd init) on a fresh install of Ubuntu Server 20.04. My previous installs have not involved snap, and 20.04 appears to default to snap. After configuring successfully with my initial user, I added another user to the lxd group, logged on as that user, and get:
cannot create user data directory: /home/user/snap/lxd/15067: Permission denied
The inital user continues to work fine.
Can someone please direct me to what I’m missing? Thanks very much.
John
Also, did I make a mistake? Should I have installed LXD from apt?
John
Also, did I make a mistake? Should I have installed LXD from apt?
No you did the right thing, lxd will only be available through snap in the future (atleast for Ubuntu (and some other distros) as far as I know.
cannot create user data directory: /home/user/snap/lxd/15067: Permission denied
Can you run:
ls -l /home/user/snap/lxd/
I suspect the result will be that this folder is only accessable by the first user (this is the case for me).
Your result might still be odd though, because imo it should simply create a folder for the second user in the second users home, so maybe it’s a bug.
Potencial workaround:
You might solve the problem by allowing the second user access to it.
But be warned, I don’t know if thats a good solution.
Maybe consider writing an issue report instead:
Thanks for your response. Yes, I can run
ls -l /home/user/snap/lxd
without issue.
The listing is identical to the original user’s listing, except that the numeric directory (15067) of the original user contains a .config directory.
This was all so simple with the non-Snap version, so perhaps I’m doing something wrong.
I see that one possible solution is to simply always run lxc commands with sudo (e.g., sudo lxc list). I would rather figure out why I can’t give a regular user permission to run lxc commands, but if I did use sudo are there consequences?
Well you should post the result of that 
.
Can you post the results of:
id user1
id user2
Here’s user1:
$ ls -l /home/user1/snap/lxd/
total 12
drwxr-xr-x 3 user1 user1 4096 May 15 08:36 14804
drwxr-xr-x 3 user1 user1 4096 May 15 08:36 15067
drwxr-xr-x 2 user1 user1 4096 May 15 08:36 common
lrwxrwxrwx 1 user1 user1 5 May 15 11:40 current -> 15067
Here’s user2:
$ ls -l /home/user2/snap/lxd/
total 12
drwxr-xr-x 2 user2 user2 4096 May 15 11:27 14804
drwxr-xr-x 2 user2 user2 4096 May 15 11:39 15067
drwxr-xr-x 2 user2 user2 4096 May 15 11:27 common
lrwxrwxrwx 1 user2 user2 5 May 15 11:39 current -> 15067
id user1 and id user2 show that they are both in the lxd group.
I did notice an error in syslog that indicated apparmor is denying some action:
May 18 12:47:18 [myhost] kernel: [263369.012491] audit: type=1400 audit(1589820438.818:50): apparmor="DENIED" operation="open" profile="/usr/lib/snapd/snap-confine" name="/home/user2/" pid=8173 comm="snap-confine" requested_mask="r" denied_mask="r" fsuid=50224 ouid=50224
Could that be the issue? If so, wouldn’t most people have this issue?
Another thing to point out is that the initial user (user1) is of course a local user. But user2 is authenticated by our LDAP server.
Interesting.
Sadly I can’t help you with that.
I would recommend you open an issue report on github:
Thanks, toby63.
This has been solved. The issue is that our LDAP users have home directories in the form of /home/primarygroup/username, but snap requires user’s home directories to be in /home. The solution was pointed out to me (in the Snapcraft Forum) and is explained here.