Original task description:
Upgraded to VyOS 1.3-rolling-201912222230 rolling and noticed I still have a vyos user floating around:
kroy@route2:# show system login user vyos authentication { encrypted-password xxxxxxxxx plaintext-password "" } level admin [edit] kroy@route2:# delete system login user vyos [edit] kroy@route2:# commit Failed to generate committed config
On a different server running the same version, I didn't have an issue.
This was the only logging I could find:
cp w->tw failed[boost::filesystem::copy_file: Permission denied: "/opt/vyatta/config/tmp/new_config_5542/.unionfs-fuse/system/login/user/kroy/level/node.val_HIDDEN~", "/opt/vyatta/config/tmp/tmp_5542/work/.unionfs-fuse/system/login/user/kroy/level/node.val_HIDDEN~"] cp[/opt/vyatta/config/tmp/new_config_5874]->[/opt/vyatta/config/tmp/tmp_5874/work] cp w->tw failed[boost::filesystem::copy_file: Permission denied: "/opt/vyatta/config/tmp/new_config_5874/.unionfs-fuse/system/login/user/kroy/level/node.val_HIDDEN~", "/opt/vyatta/config/tmp/tmp_5874/work/.unionfs-fuse/system/login/user/kroy/level/node.val_HIDDEN~"] cp[/opt/vyatta/config/tmp/new_config_6357]->[/opt/vyatta/config/tmp/tmp_6357/work] cp w->tw failed[boost::filesystem::copy_file: Permission denied: "/opt/vyatta/config/tmp/new_config_6357/.unionfs-fuse/system/login/user/kroy/level/node.val_HIDDEN~", "/opt/vyatta/config/tmp/tmp_6357/work/.unionfs-fuse/system/login/user/kroy/level/node.val_HIDDEN~"]
Updated description:
During commit process .unionfs-fuse directory copied from an updated configuration to the /opt/vyatta/config/active/. During a new configuration session this metadata leaks to a temporary config directory, which blocks changes, if they are trying to be done by other users. So, the issue is wider, that it seems - actually, the ability to configure a router by multiple users is almost broken. To trigger issue you need to add something into a configuration, commit, then delete previously added part of config and commit again during the same config session.
Example:
Under vyos user:
set interfaces ethernet eth0 address dhcp commit delete interfaces ethernet eth0 address commit
And we have metadata folder in active config:
vyos@vyos# ls -la /opt/vyatta/config/active/ total 0 drwxrwxr-x 5 root vyattacfg 100 Apr 27 12:17 . drwxrwxr-x 4 root vyattacfg 100 Apr 27 12:16 .. drwxrwxr-x 4 vyos vyattacfg 80 Apr 27 12:17 interfaces drwxrwxr-x 8 vyos vyattacfg 160 Apr 27 12:17 system drwxrwxr-x 3 vyos vyattacfg 60 Apr 27 12:17 .unionfs-fuse
After this, changing configuration by any others users, except vyos will be impossible till the next reboot.
Unser test user:
test@vyos# set system name-server 8.8.8.8 [edit] test@vyos# commit Failed to generate committed config
I have not seen into commit algorithm deeply, but maybe mounting uinionfs with the -o hide_meta_files option will help us here.