Image - an etc/uci-defaults script to chown

manywrt · September 2, 2021, 4:08pm

Could someone show me what an /etc/uci-defaults script would have to look like, to set the owner of a directory and a file (as below) to user and group bobby (supposing bobby was the only non-root user I added and had uid 1000)?

I believe it might contain lines such as:

#!/bin/sh
chown bobby:bobby /home/bobby
chown bobby:bobby /home/bobby/.ssh/authorized_keys

Would I name the script any file name ending in .sh and place it in files/etc/uci-defaults/ (within the image builder directory)`?

What would be great is if someone showed me the whole script if there are not too many lines. Thanks.

LATER ADDED

My question assumes this situation.

I have manually added a non-root user bobby to the router, made it a superuser, replaced Dropbear with OpenSSH, and added public keys to bobby's authorized_keys.
Extracted the resulting configs (e.g. /etc/group, /etc/passwd, /etc/shadow, /etc/sudoers, /etc/sudoers.d, /home/bobby/.ssh/authorized_keys, /etc/ssh/sshd_config) from the router to Ubuntu, made them bobby owned in Ubuntu, and included them in the 'make image' command as FILES=
Therefore, all that a /etc/uci-defaults script has to do is to make certain files bobby owned
The script need not create any user etc.

One minor advantage of this method is that I get to preserve authorized_keys from 'make image` version to version.

The major advantage is that I might actually understand the script (much simpler than one that would first create bobby).

STILL LATER ADDED

My mad idea, based on vgaetera's (sane) reply, worked!

All I had to do was to include in the /etc/uci-defaults folder (of the make image files folder) a file called "xx_custom" consisting of this single line:

chmod -R 777 /etc/dump

so as to change the permissions of that folder and all contents (yes, different from the stated object, but for testing).

No shbang line needed.

vgaetera · September 2, 2021, 4:49pm

https://openwrt.org/docs/guide-user/additional-software/imagebuilder#restricting_root_access

manywrt · September 3, 2021, 12:25am

Thank you. Please see ADDED LATER portion of OP.

Looking at your link, they seem to be commands for creating the script.

This line,

cat << "EOF" > files/etc/uci-defaults/xx_custom

seems to mean, "I want a script called xx_custom and I want the following stuff to go in it."

That's too highly advanced for me. I am not yet up to speed on use of variables, for instance.

I need the script itself, which I could simply put in the FILES= folder. The script only has to chown some files, not create them.

It seems to me the relevant portion would then be somewhere around:

cat << EOI > "${USER_HOME}"/.ssh/authorized_keys
${USER_SSHPUB}
EOI
chown -R "${USER_NAME}:${USER_GROUP}" "${USER_HOME}"
chmod -R go= "${USER_HOME}"
EOF

I need to know what that translates to, in terms of the script that I would put in files/etc/uci-defaults/. Thanks.

On a mad inspiration, I entered all the lines of your linked box into Terminal, and it actually gave me a file called xx_custom that's got all the lines I entered (but no #!/bin/sh to start off the file).

So it looks to me that all my script needs to have would be just the chown lines I want! I'll try that.

vgaetera · September 3, 2021, 4:25am

Note that shebang is redundant since the uci-defaults scripts are sourced.
By the way, you can use exactly the same script name as in the example.

manywrt · September 3, 2021, 6:48am

Thank you again. Is there any significance to file name "xx_custom"? Can it be any other "regular" expression (not to include space, special symbols, etc.)?

hnyman · September 3, 2021, 8:16am

The xx is usually two digits providing the startup priority. (but they are run in alphabetical order, not in pure numeric, so 100 would be before 99)

uci_defaults script files are deleted after a successful run, but in most routers you can see the original in /rom.

See the existing uci_defaults in /rom/etc/uci_defaults:

root@router1:~# ls  /rom/etc/uci-defaults/
00_uhttpd_ubus                          30_luci-theme-openwrt-2020
04_led_migration                        30_uboot-envtools
10-fstab                                40_luci-ddns
10_migrate-shadow                       40_luci-miniupnp
12_network-generate-ula                 40_luci-statistics
13_fix-group-user                       50-dnsmasq-migrate-resolv-conf-auto.sh
14_migrate-dhcp-release                 50-luci-sqm
15_odhcpd                               50-migrate-rpcd-ubus-sock.sh
20_migrate-feeds                        50_luci-mod-admin-full
30_luci-theme-bootstrap                 99-miniupnpd
30_luci-theme-material                  bcp38

manywrt · September 3, 2021, 9:01am

Understood. I see how the execution order would become critical if one thing presumes another. Thanks!

system · September 13, 2021, 9:02am

This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.