Comment 0 for bug 1981546

With the maas 3.2 snap (core20-based) we noticed a difference in behavior when running on a focal and jammy (tested in containers).

The snap has the `home` plug. On focal, an app running as root can read root-owned files in other users' homes, while when running on focal, that's not possible anymore:

# echo test > /home/ubuntu/testfile
# echo test > /home/ubuntu/testfile2
# chown ubuntu.ubuntu /home/ubuntu/testfile2
# ls -l /home/ubuntu/testfile*
-rw-rw-r-- 1 ubuntu ubuntu 5 Jul 12 13:44 /home/ubuntu/testfile
-rw-rw-r-- 1 root root 5 Jul 12 13:44 /home/ubuntu/testfile2
# snap install maas --channel=3.2

# focal host
root@f:~# snap run --shell maas -c 'cat /home/ubuntu/testfile'
cat: /home/ubuntu/testfile: Permission denied
root@f:~# snap run --shell maas -c 'cat /home/ubuntu/testfile2'
test

# jammy host
root@j:~# snap run --shell maas -c 'cat /home/ubuntu/testfile'
cat: /home/ubuntu/testfile: Permission denied
root@j:~# snap run --shell maas -c 'cat /home/ubuntu/testfile2'
cat: /home/ubuntu/testfile2: Permission denied