Can I run `image make` even if some files are root-owned?

This User Guide on image building

https://openwrt.org/docs/guide-user/additional-software/imagebuilder#custom_packages

expressly states,

All operations should be performed with a non-root user account.

However some of the config files I want to include in this commeand,

make image PROFILE=[router-model] PACKAGES="luci" FILES=files/

are root-owned. (Maybe all of them as they originate in the /etc/config directory of the router.)

Will the command, run as non-root, be able to handle root-owned files? (If a file is root-owned in the router, its copy in my Ubuntu also ends up root-owned; because I use sudo rsync or sudo cp -aR and otherwise take care that my handling of the file does not change its ownership etc.)

I notice that other commands, e.g. cp and tar, when they come to root-owned files, fail unless they are run with sudo.

ADDENDA

Sorry, I realize that whether a command run as non-root could manipulate a file is not just a matter of ownership, but also permissions. So the question, better stated, may be whether image make run as non-root would have no trouble with files originating in the router's etc/config with their restrictive ownership and permissions.

Here might be a relevant bit from this User Guide

https://openwrt.org/docs/guide-user/additional-software/imagebuilder#custom_packages

Namely:

Examples

The following example shows:

• Creating the directory for the configuration files.
• Using scp to transfer uci configuration files from a WL500GP router to the files/etc/config directory.
• Generating an image for WL500GP with custom packages and uci configuration files.
  

mkdir -p files/etc/config
scp root@192.168.1.1:/etc/config/network files/etc/config/
scp root@192.168.1.1:/etc/config/wireless files/etc/config/
scp root@192.168.1.1:/etc/config/firewall files/etc/config/
make image PROFILE=wl500gp PACKAGES="nano openvpn -ppp -ppp-mod-pppoe" FILES=files/

I believe the result of scp as above is that when the files reach the destination, their owner will have become the non-root user by whom scp was run.

So maybe, the ownership of files for inclusion in image building should be non-root before the operation (as vgaetera had already told us in a comment before I began writing these addenda). Only there may be no need for any scripting vgaetera mentions if I am reading the User Guide's Example right. What a relief it would be not to have write a script!

N.b. Background to the comment I accept as solution is that the config files included in image building were set to non-root ownership (as above); which (per Solution) the the image building process reverts to root ownership.

Even if the files are owned by root. I guess the imagebuilder only reads the files into the biulder so this is more of a read rights that write rights.
Just copy the files to some general documents folder.

While building, set ownership to yourself.
But include a script to change ownership during the initial setup:
https://openwrt.org/docs/guide-developer/uci-defaults

You mean I have to come up with a script to tell the router to change the ownership of various files at some appropriate stages? That would take me a long time. (It'd be like, well, first become an expert.) Also, I would find it amazing that the User Guide (below) makes no mention of the need for such scripting and rather represents the image building process as a breeze. Just put files/ in the image builder root!

https://openwrt.org/docs/guide-user/additional-software/imagebuilder#custom_packages

It should work just fine with the default ownership/permissions.
Change is only required for files you want to be owned by a specific user/group.
Customization is pretty simple as you only need to use chown/chmod.

been doing this for 3 years... no problems...

Thank you. I believe by 'default ownership' you mean the non-root user who will run the image build command. Also I believe you are saying not to bother about a script for change of ownership unless I have some particular reason to want that. Am I right on these two points?

I think it must be obvious from the kind of post I leave, but all of this is wholly new to me. I even had to learn cp for this purpose.

Therefore I really appreciate everybody's entertaining my questions. I understand they sound like: Is car a vehicle; then can one get into it?

I've just tested adding custom files:

• The UID/GID is automatically set to root/root.
• The permission are preserved.

Please see these:

• Files directory and permissions

• https://patchwork.ozlabs.org/project/openwrt/patch/562ED1AD.9080008@mersenne.com/

According to them (as far as I can make out), the image building process does not preserve permissions but gives to every file root ownership plus 644. Therefore if a file started with 644, there is an appearance of preservation.

I think I am going to have the two links' problem once I start wanting to include (in the image) things like non-root users' home directories, which must not get the "root ownership plus 644" treatment.

I'll write a separate post about this. Thanks.

You were perfectly right about that, and I was wrong to go on (what must be) outdated information (in the two links on "644") without first checking it personally.

I have included more test results confirming preservation of permissions in this post. Thanks again.

Image - how to exclude files from "root owned plus 644"

This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.