docs: Explicit restrictions of atlantis user apply to the --data-dir flag

[bschaatsbergen]

what

As the atlantis user is restricted to the home directory of atlantis (/home/atlantis), setting the --data-dir flag to another path will result in a permission denied error.

I've updated the documentation to be more explicit on this common pitfall.

why

This is a common made mistake as we nowhere document how restricted the atlantis user is, I had to look at the docker-base to understand why, what and where the atlantis user permissions were applied.

tests

references

• Closes If --data-dir is not /home/atlantis results in permission denied #2903
• Previous PR docs: Explicit restrictions of atlantis user apply to the --data-dir flag #2908

[bschaatsbergen]

Previous branch was branched from master, I suppose that's why the circle-ci job failed..

[nitrocode]

Please do not close the old PR and open a new one just to resolve a test issue. This adds to the notifications.

We usually rerun an inconsistent test if it fails.

Now that this is open and the other is closed, please keep this one open until it's ready to merge.

[bschaatsbergen]

Previous branch was branched from master, I suppose that's why the circle-ci job failed..

Seems to work now :)

[nitrocode]

Thank you. We deleted the master branch to avoid the issue in the future.

[GenPage]

This is technically not true as the Default Date Dir is set to ~/.atlantis

atlantis/cmd/server.go

Line 143 in 6ca3604

DefaultDataDir = "~/.atlantis"

What should probably be addressed is the fact that most shells use tilde as an expression to expand the user's home directory. It's a shortcut and we really should be using an absolute path instead of a relative one here as it causes confusion with functionality based on the shell the user is using.

Changing default is a big deal and could have unintended consequences as people could be relying on unintended behavior of their shell, but for consistency I think it's worth a breaking change.

[bschaatsbergen]

This is technically not true as the Default Date Dir is set to ~/.atlantis

atlantis/cmd/server.go

Line 143 in 6ca3604

DefaultDataDir = "~/.atlantis"

What should probably be addressed is the fact that most shells use tilde as an expression to expand the user's home directory. It's a shortcut and we really should be using an absolute path instead of a relative one here as it causes confusion with functionality based on the shell the user is using.

Changing default is a big deal and could have unintended consequences as people could be relying on unintended behavior of their shell, but for consistency I think it's worth a breaking change.

Hmm that's right indeed, this also seems to conflict with the hardcoded absolute path in the Docker base. What do you suggest? I don't plan on changing the DefaultDataDir through this PR though.

[GenPage]

I don't expect you to, maybe instead of changing the wording from ~/.atlantis to /home/<user>/.atlantis we add a note about the default directory expanding to the current users home directory based on the shell they use.

[bschaatsbergen]

I don't expect you to, maybe instead of changing the wording from ~/.atlantis to /home/<user>/.atlantis we add a note about the default directory expanding to the current users home directory based on the shell they use.

I've reverted it back to ~/atlantis. To avoid further confusion I won't add another note.
What you had mentioned regarding to changing the DefaultDataDir is probably something we should do at some point.

[GenPage]

I don't expect you to, maybe instead of changing the wording from ~/.atlantis to /home/<user>/.atlantis we add a note about the default directory expanding to the current users home directory based on the shell they use.

I've reverted it back to ~/atlantis. To avoid further confusion I won't add another note. What you had mentioned regarding to changing the DefaultDataDir is probably something we should do at some point.

Thank you, just to note it is ~/.atlantis not ~/atlantis if you could fix that. After that, we can squash merge the doc update.

[bschaatsbergen]

My bad, was a bit too quick @GenPage. Thanks for being sharp 👍

[GenPage]

No worries that's what PRs are for!