Permission error but permissions are permissive

Getting permission errors when trying to install plugins, but permissions are set correctly.

Steps to reproduce

  1. Install the, as of today, newest Mattermost Helm Chart.
  2. Try to install any plugin.
  3. Watch the logs.

Expected behavior
Plugins may be installed, as permission errors are not present.
Permissive permissions are respected and used accordingly.

Observed behavior

The issue is of the following type:

And many other issues just like that…

Here is the log excerpt, which is always the same across all issues, including mine:

"Unable to move plugin from temporary directory to final destination. Another plugin may be using the same directory name."

The difference between my issue and their is, that my permissions are actually correct and I’m on the newest Mattermost version, so I don’t have old bugs lingering, neither do I have actual permission errors on the OS.

The OS has chowned all the directories, including the plugin directory to the system user mattermost with the id 123. The securityContext in the Chart is set entirely to 123 and I checked the running pod and deployment specs. All show the expected and desired securityContext instances, entirely consisting of 123 owners and groups.

Everything on the OS and in the Kubernetes objects is set to use the user with the id 123 but the permission error still appears.

Of course, I already chowned the directories several times, I also set the permissions to 770 and not even that helped.

Somewhere in-between must be a place where the owner is not correctly applied or used. Because, it’s set everywhere correctly.

Apparently, the user mattermost inside the Docker Image is hard-coded to user and group ID 2000. Even though, the mattermost process is clearly running as the user (ID) I desire, it still uses the mattermost user with the ID 2000 somewhere in-between.

This is clearly a bug, as it would mean, that this app can collide with any other map, which uses the same ID for its user.

See the corresponding Github issue: