Skip to content

docs: Explicit restrictions of atlantis user apply to the --data-dir flag #2908

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
wants to merge 4 commits into from
Closed

docs: Explicit restrictions of atlantis user apply to the --data-dir flag #2908

wants to merge 4 commits into from

Conversation

bschaatsbergen
Copy link
Member

@bschaatsbergen bschaatsbergen commented Jan 2, 2023
edited by nitrocode
Loading

what

As the atlantis user is restricted to the home directory of atlantis (/home/atlantis), setting the --data-dir flag to another path will result in a permission denied error.

I've updated the documentation to be more explicit on this common pitfall.

why

This is a common made mistake as we nowhere document how restricted the atlantis user is, I had to look at the docker-base to understand why, what and where the atlantis user permissions were applied.

tests

references

@bschaatsbergen bschaatsbergen requested a review from a team as a code owner January 2, 2023 23:01
jamengual
jamengual reviewed Jan 3, 2023
View reviewed changes
@jamengual jamengual added the docs Documentation label Jan 3, 2023
@nitrocode nitrocode changed the title Be more explicit on how restrictions of the atlantis user may apply to the --data-dir flag usage. Explicit restrictions of atlantis user apply to the --data-dir flag Jan 3, 2023
nitrocode
nitrocode reviewed Jan 3, 2023
View reviewed changes
runatlantis.io/docs/server-configuration.md
Terraform binaries here. If Atlantis loses this directory, [locks](locking.html)
will be lost and unapplied plans will be lost.

Note that the atlantis user is restricted to `/home/atlantis/`.
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I'd mention the gosu portion in the atlantis-base image

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Is it not rather confusing to document this under the --data-dir flag?

@nitrocode nitrocode changed the title Explicit restrictions of atlantis user apply to the --data-dir flag docs: Explicit restrictions of atlantis user apply to the --data-dir flag Jan 3, 2023
@bschaatsbergen
Copy link
Member Author

Not sure why the CI build is failing though, it seems unrelated to my change

@bschaatsbergen bschaatsbergen deleted the document-atlantis-user-filesystem-restriction branch January 3, 2023 21:09
@nitrocode nitrocode mentioned this pull request Jan 3, 2023
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@jamengual jamengual jamengual left review comments

@nitrocode nitrocode nitrocode left review comments

Assignees
No one assigned
Labels
docs Documentation
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

If --data-dir is not /home/atlantis results in permission denied
3 participants
@bschaatsbergen @jamengual @nitrocode