Init lifecycle hook runs as hab user, not honouring $pkg_svc_user variable


#1

I was expecting the below init hook to be run as root based on the values of pkg_svc_user and pkg_svc_group in the plan.sh, but it was being run as hab resulting in a permission error reading /hab/sup/default/CTL_SECRET when calling hab file upload.

plan.sh

pkg_svc_user="root"
pkg_svc_group="root"

hooks/init

#!{{pkgPathFor "core/bash"}}/bin/bash

whoami

hab file upload {{bind.fluentd.first.service}}.{{bind.fluentd.first.group}} $(date +%s%N) {{pkg.svc_config_path}}/squid_fluent.conf
hab file upload {{bind.logrotator.first.service}}.{{bind.fluentd.first.group}} $(date +%s%N) {{pkg.svc_config_path}}/squid_logrotate.conf

Logs

outbound_proxy.default hook[init]:(HK): hab
outbound_proxy.default hook[init]:(HK): ✗✗✗
outbound_proxy.default hook[init]:(HK): ✗✗✗ [Err: 1] IoError while reading or writing ctl secret, /hab/sup/default/CTL_SECRET, Permission denied (os error 13)

When I moved the content out of the init and into the run hook, root user was logged and everything worked. Is it expected that early lifecycle hooks run as hab by default before the user/group defined in plan.sh is honoured in later hooks?


#2

IIRC the init hook should run as the user defined as pkg_svc_user. @christophermaier do you have any thoughts around why that might not be the case?