Skip to content

Fix __owner_group for non-setgid setups#2571

Closed
f-barth wants to merge 2 commits intoethstaker:mainfrom
f-barth:fix/owner-group-setgid
Closed

Fix __owner_group for non-setgid setups#2571
f-barth wants to merge 2 commits intoethstaker:mainfrom
f-barth:fix/owner-group-setgid

Conversation

@f-barth
Copy link
Copy Markdown

@f-barth f-barth commented Apr 25, 2026

Summary

  • Fix regression from commit 7c07d3a (PR Make it easier to run eth-docker with an app user #2545) where __owner_group always uses the directory's group, causing spurious "Fixing ownership" messages on every start when the directory group differs from the owner's primary group
  • Check the setgid bit on the directory: use directory group when set (multi-admin setup), owner's primary group otherwise (standard single-user setup)

Test plan

  • On a system without setgid on the eth-docker dir (the common case): verify __owner_group equals the owner's primary group and no spurious "Fixing ownership" messages appear
  • On a system with setgid (app-user setup from PR Make it easier to run eth-docker with an app user #2545): verify __owner_group equals the directory's group, preserving multi-admin behavior

Fixes #2570

🤖 Generated with Claude Code

@f-barth @claude
Fix __owner_group regression for non-setgid setups
e013653 
Commit 7c07d3a changed __owner_group to always use the directory's
group. This is correct when setgid is set (multi-admin setup), but
causes spurious "Fixing ownership" on every start when the directory
group differs from the owner's primary group (the common single-user
case).

Check the setgid bit: use directory group when set, owner's primary
group otherwise.

Fixes ethstaker#2570

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Copilot AI review requested due to automatic review settings April 25, 2026 08:20
Copilot AI reviewed Apr 25, 2026
View reviewed changes
Copy link
Copy Markdown

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Fixes a regression in ethd startup ownership handling by selecting the correct __owner_group depending on whether the project directory has the setgid bit enabled (multi-admin setup) or not (single-user setup), preventing repeated “Fixing ownership” noise.

Changes:

  • Detect setgid on the eth-docker directory and use the directory’s group only when setgid is set.
  • Fall back to the owner’s primary group when setgid is not set.

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

Comment thread ethd Outdated
Comment on lines +6063 to +6067
__owner=$(ls -ld . | awk '{print $3}')
# shellcheck disable=SC2012
__owner_group=$(ls -ld . | awk '{print $4}')
if [[ -g . ]]; then
# setgid: new files inherit directory group
# shellcheck disable=SC2012
__owner_group=$(ls -ld . | awk '{print $4}')
Copy link

Copilot AI Apr 25, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

ls -ld . | awk ... is now executed twice (once for __owner, again for __owner_group when setgid is set). Consider capturing the ls -ld . output once and extracting both fields from that single value (or using stat) to reduce duplication and keep owner/group derived from the same source.

Copilot uses AI. Check for mistakes.
@f-barth @claude
Capture ls -ld output once for owner and group
ea8ab24 
Avoid calling ls -ld twice by storing the output and extracting
both __owner and __owner_group from the same listing.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
@yorickdowne
Copy link
Copy Markdown
Collaborator

yorickdowne commented Apr 26, 2026

I appreciate the thought, Florian, I do. But this does not express the intent. For example, if the directory is user:admin-group and the user is user:user, and there is not setgid, then your code would cause an adjustment of dkg_output to user:user, which is not desirable:

if find .eth/dkg_output \( \! -user "${__owner}" -o \! -group "${__owner_group}" \) -print -quit | grep -q .; then
    if [[ "${__cannot_sudo}" -eq 0 ]]; then
      echo "Fixing ownership of .eth/dkg_output"
      ${__auto_sudo} chown -R "${__owner}:${__owner_group}" .eth/dkg_output
      ${__as_owner} chmod u=rwx,go=rx .eth/dkg_output
    else
      echo "Ownership of .eth/dkg_output should be fixed, but this user can't sudo"
    fi
  fi

I am currently iterating on this multi-user code in #2575 , and just handling the check for whether .env needs to be adjusted better.

Give me a bit of time to test that thoroughly, and for pietjepuk to review it when it's ready. In the meanwhile, please chown -R user:user <eth-docker-dir> and don't do a user:admin-group setup quite yet.

I'll close this PR once I have something that works in a multi-user setup and doesn't break the typical user:user setup

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Spurious ownership fix on every start when directory group differs from owner's primary group

3 participants

@f-barth @yorickdowne