Files directory and permissions

UncleDonny · September 7, 2018, 2:45pm

Hi all,

I'm using /files to include /etc/dropbear/authorized_keys in the firmware. This file must have permissions 0600 and that is what I've set it to in the files directory.

However after building a firmware the permissions change to 0644. Does anyone know why? Or could you point me to where in the build system the /files are installed to rootfs. It's hard to grep for "files".

Thanks in advance,
Don

Per · September 7, 2018, 3:07pm

I think this answers it: https://patchwork.ozlabs.org/patch/536419/
Edit: or maybe not, the files seem to have changed.

jeff · September 7, 2018, 3:31pm

Permissions and ownership in the squashfs ROM are a bit challenging. To allow OpenWrt to be built by a non-root user, the squashfs file system is "hard coded" to assign ownership of everything to root. It also adjusts the dates, and apparently permissions as well. Details in mksquashfs itself and include/image.mk and related.

define Image/mkfs/squashfs
        $(STAGING_DIR_HOST)/bin/mksquashfs4 $(call mkfs_target_dir,$(1)) $@ \
                -nopad -noappend -root-owned \
                -comp $(SQUASHFSCOMP) $(SQUASHFSOPT) \
                -processors 1 \
                $(if $(SOURCE_DATE_EPOCH),-fixed-time $(SOURCE_DATE_EPOCH))
endef

The contents of ./files/ appear to be copied by prepare_rootfs in ./include/rootfs.mk which uses file_copy, defined in ./rules.mk, which uses $(CP), defined in ./rules.mk as cp -fpR. Which puts me at a loss as to why the permission are lost.

One way to handle this is with a script in /etc/uci-defaults which contains "run to success, once" scripts. Not as "clean" as being able to have the proper permission and ownership in the ROM itself, but at least functional.

JW0914 · September 7, 2018, 4:37pm

I've never had this issue... please post the results of
ls -la <buildroot>/files/etc/dropbear

UncleDonny · September 7, 2018, 4:51pm

Thanks everyone for you responses. I actually was coming back to report my findings. However it looks the link Per shared explains the issue perfectly. I'm just going to modify my include/image.mk to ignore authorized_keys as well.

If anyone is interested in where files gets copied look in package/Makefile. The target package/install does the copying over. You'll notice that the permissions are retained it is actually later in image.mk where permissions are altered to give the root user r+w,r,r access.

jeff · September 7, 2018, 5:59pm

Maybe it's not enough this morning, but I didn't see chmod getting called in include/image.mk, at least in recent master branch code. When you have some time, would you post where you've made the changes?

UncleDonny · September 7, 2018, 6:05pm

Hey Jeff, sorry I should have mentioned this is a relatively old OpenWRT. I quickly scanned master and indeed it is not there anymore. Sorry I won't forget to omit that detail in future.

system · September 2, 2021, 11:02am

This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.