Can storage be mounted with specific user/group ownership?

I have a charm that currently runs a daemon as a specific user.

The daemon writes out config files that could be shared across a cluster, and using juju storage for this would be ideal, especially as the shared config includes certificates etc that should not diverge across units of the app.

However, from what I can see, if I specify storage of type “filesystem”, it’s always owned by root/root and the daemon would not be able to write to it. My testing is limited to LXD so far.

Rather than run the daemon as root, is there a way to get juju to mount the storage with specific user/group ownership?

There’s currently no way to mount as anything other than root. The juju agent simply runs “mount /devicepath /mountpoint” optionally with “-o ro” for readonly if needed. Feel free to raise a bug as an enhancement request. I would imagine it would be done by setting up a storage pool with user/group as attributes.

1 Like

Thanks Ian, bug raised.

I ended up cheating and just doing the following at the beginning of the config changed event handler:

# Ensure certificates and dynamic config storage is writable.
storage = self.model.storages['config'][0]

if os.path.exists(storage.location):
    cmd = ['chown', '-R', 'caddy:caddy', storage.location]
    subprocess.check_call(cmd) = f'{storage.location}'

Seems to work, Caddy is then able to write to the dedicated storage path once I later add the expected storage config entry to its config file and restart or reload the service.

1 Like

That’s how I usually end up doing aswell.

You could consider installing a systemd mount unit file for even more control.

1 Like

Do you have an example of that?



Example juju charm: