Skip to content

Add tests for getHomeDirOwner helper function #1222

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
Copilot wants to merge 49 commits into from
Closed

Add tests for getHomeDirOwner helper function #1222

Copilot wants to merge 49 commits into from

Conversation

Copy link

Copilot AI commented Jan 27, 2026
edited
Loading

Adds test coverage for getHomeDirOwner, a helper function that retrieves directory ownership via os.Stat and syscall metadata, used when changing UIDs/GIDs to verify and update home directory ownership.

Changes:

  • Export getHomeDirOwner via export_test.go for test access
  • Add TestGetHomeDirOwner covering success cases (directory, file) and error cases (non-existent path, permission denied)
  • Verify correctness by comparing returned UID/GID against syscall.Stat_t rather than assuming process ownership (handles diverse CI environments)
// Test validates function correctly extracts ownership metadata
uid, gid, err := users.GetHomeDirOwner(path)
require.NoError(t, err)

sys := fileInfo.Sys().(*syscall.Stat_t)
require.Equal(t, sys.Uid, uid)
require.Equal(t, sys.Gid, gid)

✨ Let Copilot coding agent set things up for you — coding agent works faster and does higher quality work when set up for your repo.

adombeck added 30 commits January 26, 2026 22:08
@adombeck
refactor: Split cmd/authctl/user/user_test.go
6003598
@adombeck
Fix comment
94065d3 
There's nothing encrypted in this string.
@adombeck
Add gRPC method SetUserID
a787555
@adombeck
Add authctl user set-uid command
1747b57
@adombeck
Return a gRPC error with code PermissionDenied
2e24ad8 
... instead of prefixing the error message with "permission denied"
@adombeck
debian/authd.service.in: Grant capability CAP_DAC_READ_SEARCH
82a571a 
Required to change the ownership of the user's home directory when
changing the user's UID.
@adombeck
fileutils: Add ChownRecursiveFrom
99e55e9 
We use this to recursively change the owner and group of the user's home
directory when changing the user's UID.
@adombeck
testutils: Add RunTestAsRoot
09de1bd 
Needed to test fileutils.ChownRecursiveFrom. We can't use bubblewrap for
that because bubblewrap only creates UID mapping for one user, using
chown with a different UID fails with:

    chown: changing ownership of 'file': Invalid argument
@adombeck
Add TestChownRecursiveFrom
9632666
@adombeck
Automatically change owner of home directory when changing UID
85033ba 
Do the same usermod does when changing a UID of a user: If the home
directory is currently owned by the user, recursively change the owner
and group of the home directory and all files in the home directory from
the old UID and GID to the new UID and GID.
@adombeck
Add TestSetUIDCommand
5b8a218
@adombeck
Add db_test.TestSetUserID
a10ce88
@adombeck
Support creating users/groups in bubblewrap
07f0860 
We need that for the SetUserID tests
@adombeck
tests: Support chown in bubblewrap
3fa2dc2
@adombeck
tests: Run TestChownRecursiveFrom in bubblewrap
6239815 
We now support chown in bubblewrap, so we don't have to run the test as
root anymore.
@adombeck
refactor: Remove unused parameter from runInBubbleWrap
d0d9b26
@adombeck
testutils/bubblewrap: Support updating golden files
8eab98f
@adombeck
testutils: Skip cleanup when in bubblewrap
06f2bde
@adombeck
bubblewrap: Mount a tmpfs to /tmp in the sandbox
5fa76fc 
We have a use case where we want to create a directory at a
deterministic path in /tmp. That fails if /tmp is shared with the host
and other bubblewrap sandboxes which use the same directory.
@adombeck
Add users_test.TestSetUserID
024785f
@adombeck
Add SetGroupID
2a49f7d
@adombeck
Add db_test.TestSetGroupID
22503b8
@adombeck
Add users_test.TestSetGroupID
d45de53
@adombeck
Add authctl group command
bb5718d
@adombeck
Add authctl group set-gid command
6bf162f
@adombeck
Add TestSetGIDCommand
bf0272f
@adombeck
pam/integration-tests: Don't print authctl usage message in VHS tape
ea2ac9c 
It doesn't test anything that's not already covered by other tests and
it's annoying to have to manually update the golden files of the SSH
integration tests whenever the authctl usage message changes.
@adombeck
authctl: Add long description for set-uid command
167c881
@adombeck
authctl: Add long description for set-gid command
78b62e9
@adombeck
Take lock in SetUserID/SetGroupID
5db300a 
userslocking.WriteLock() immediately returns ErrLock if the lock is
already taken *by the current process*. lckpwdf behaves similarly (even
though the man page doesn't mention it).

To avoid that issue, we now take another lock which blocks concurrent
goroutines.
adombeck and others added 16 commits January 26, 2026 22:08
@adombeck
tests: Don't skip bubblewrap tests in CI
73b39b9 
We broke the bubblewrap tests in the CI without noticing it (at first)
because the tests were skipped. The only case where we really want to
skip the tests is on Launchpad builders. To detect that, we check if the
DEB_BUILD_ARCH environment variable is set and we're *not* in GitHub CI.
@adombeck
Try enabling unprivileged user namespaces in CI
a2bcab2
@adombeck
tests: Avoid unshare hanging forever in some environments
545661a 
When executing `unshare --map-user` via exec.Command and connecting the
process's stdout or stderr, the command hangs forever if unprivileged
user namespaces are disabled.

We avoid that by checking via `unshare --user` if unprivileged user
namespaces are enabled.
@adombeck
tests: Make chown work with bubblewrap executed via sudo
049b7dc
@adombeck
tests: Skip bubblewrap tests in autopkgtest
f6f84b9 
The "Run autopkgtests" CI job runs the tests in an LXD container which
doesn't allow using bubblewrap. It fails with:

    bwrap: Failed to make / slave: Permission denied

To avoid that these jobs fail, we allow them to skip the bubblewrap
tests. We still run the tests in the "Go Tests" CI jobs.
@adombeck
ci: Group log lines of llvm-symbolizer installation
d5511f5
@adombeck
autopkgtest: Run go tests without -v
225b205 
Running our tests with -v produces so much output that it makes it
harder to inspect test failures, for example when viewing the logs of
the "Run autopkgtests" CI job in GitHub.

Running the tests without -v still prints the logs of the failed tests
which should include all the information we need to debug test failures.
@adombeck
Check if user is busy before changing its UID
a1a514f
@adombeck
authctl: Add argument completion
33b3e20
@adombeck
testlog: Fix duplicate newlines
9b4fa0b
@adombeck
tests: Improve logging of bubblewrap commands
6b124f4
@adombeck
tests: Improve logging when building authd and authctl
d17766f
@adombeck
tests: Improve logging of authctl tests
0b45588
@adombeck
authctl: Tell authd which language to return warnings in
ad0dd6d 
As suggested by reviewer. It's not implemented for now, warnings are
always returned in English.
@adombeck
Revert "ci: Install and load apparmor-profiles"
d2585ba 
We don't need to load the bwrap-userns-restrict AppArmor profile for the
bubblewrap tests to work. In fact, we even have to circumvent the
AppArmor profile (if it's loaded) for the tests to work.

This reverts commit 7b926c0.
Initial plan
b2954fe
Copilot AI mentioned this pull request Jan 27, 2026
Open
Copilot AI changed the title [WIP] Add tests for getHomeDirOwner in authctl user set-uid Add tests for getHomeDirOwner helper function Jan 27, 2026
Copilot AI requested a review from 3v1n0 January 27, 2026 19:20
@adombeck adombeck force-pushed the 630-set-uid branch 3 times, most recently from e905615 to de040d5 Compare February 3, 2026 19:48
@adombeck adombeck closed this Feb 3, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@3v1n0 3v1n0 Awaiting requested review from 3v1n0

Assignees

@3v1n0 3v1n0

Copilot code review Copilot

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@3v1n0 @adombeck