[OpenWrt-Devel] Extra file permissions

Mon, 26 Oct 2015 18:23:43 -0700

I have been adding ssh authorized_keys files to my OpenWRT devices, and would like to have them built into the sysupgrade image, rather than adding to /overlay afterward. However, the process that copies files from .../files to the final image resets permissions to u+rw,g+r,o+r, which wrecks the 700 permission for ~root/.ssh. I modified include/image.mk to not do the permission "fixing." This works OK for me, but I don't know whether it would break things for anybody else. (I think I tested to see whether anything was actually having its permissions changed, but I don't remember the exact results. I definitely didn't see anything that looked problematic.) 

Here is the patch:

diff --git a/include/image.mk b/include/image.mk
index a92b13e..c22e287 100644
--- a/include/image.mk
+++ b/include/image.mk
@@ -243,10 +243,7 @@ define Image/mkfs/ext4
 endef

 define Image/mkfs/prepare/default
-       # Use symbolic permissions to avoid clobbering SUID/SGID/sticky bits
- - $(FIND) $(TARGET_DIR) -type f -not -perm /0100 -not -name 'ssh_host*' -not -name 'shadow' -print0 | $(XARGS) -0 chmod u+rw,g+r,o+r - - $(FIND) $(TARGET_DIR) -type f -perm /0100 -print0 | $(XARGS) -0 chmod u+rwx,g+rx,o+rx - - $(FIND) $(TARGET_DIR) -type d -print0 | $(XARGS) -0 chmod u+rwx,g+rx,o+rx + # We used to do something like "chmod -R go+rX" but it wasn't necessary 
        $(INSTALL_DIR) $(TARGET_DIR)/tmp $(TARGET_DIR)/overlay
        chmod 1777 $(TARGET_DIR)/tmp
 endef

Attachment: smime.p7s
Description: S/MIME Cryptographic Signature

_______________________________________________
openwrt-devel mailing list
openwrt-devel@lists.openwrt.org
https://lists.openwrt.org/cgi-bin/mailman/listinfo/openwrt-devel

Reply via email to