Hi Robert, Thanks for the patch. I tested it and it worked ... partially.
Taking an existing image and then using `opkg install base-files.ipk` will correctly set the permission to 0700. However, when I rebuild the full image rootfs, /home/root still ends up with the wrong permission. I suspect another recipe is modifying the permission. Is there a way (ie. bitbake command) to find out which recipe is causing the change? Thanks again, Charles On Tue, Apr 5, 2016 at 10:33 PM, Robert Yang <[email protected]> wrote: > > I think that it should be a bug, would you please try this patch? > > diff --git a/meta/recipes-core/base-files/base-files_3.0.14.bb > b/meta/recipes-core/base-files/base-files_3.0.14.bb > index d391707..2082ed4 100644 > --- a/meta/recipes-core/base-files/base-files_3.0.14.bb > +++ b/meta/recipes-core/base-files/base-files_3.0.14.bb > @@ -95,6 +95,7 @@ do_install () { > for d in ${dirs755}; do > install -m 0755 -d ${D}$d > done > + chmod 0700 ${D}${ROOT_HOME} > for d in ${dirs1777}; do > install -m 1777 -d ${D}$d > done > > // Robert > > On 04/06/2016 01:03 PM, Charles Chan wrote: > >> (This is my first post to OE list, hopefully I am posting to the right >> mailing >> list.) >> >> Background: During the process of trying to configure SSH keys for root >> user >> login via dropbear, we realized the permission for /home/root directory >> is set >> too loose for group and other members [1]. As a result, dropbears fails >> when we >> try to put the key under /home/root/.ssh >> >> --------- >> >> In the image, /home/root directory is set to 0755: >> >> $ stat /home/root >> File: /home/root >> Size: 4096 Blocks: 8 IO Block: 4096 directory >> Device: b302h/45826d Inode: 13268 Links: 4 >> Access: (0755/drwxr-xr-x) Uid: ( 0/ root) Gid: ( 0/ >> root) >> Access: 2016-04-05 22:21:13.000000000 >> Modify: 2016-04-05 22:08:57.000000000 >> Change: 2016-04-05 22:08:57.000000000 >> >> >> After some debugging, we believe the permission (0755) is initialized in >> base-files_3.0.14.bb <http://base-files_3.0.14.bb> (in line 35) [2]. >> >> A few questions: >> 1. I tried looking at the git log for the history, but wasn't able to >> find any >> background on why the permission was set this way. eg. on a desktop Linux >> (Ubuntu), /root is set to 0700: >> >> $ sudo stat /root >> File: `/root' >> Size: 4096 Blocks: 8 IO Block: 4096 directory >> Device: 801h/2049dInode: 1441793 Links: 3 >> Access: (0700/drwx------) Uid: ( 0/ root) Gid: ( 0/ >> root) >> Access: 2016-04-05 21:29:17.389725228 -0700 >> Modify: 2016-03-22 17:11:54.912479000 -0700 >> Change: 2016-03-22 17:11:54.912479000 -0700 >> Birth: - >> >> >> 2. If we would like to override the directory permission for /home/root >> in our >> image, what is the best way to do it? I am not an expert with bitbake, >> should I >> be patching the base-files_3.0.14.bb <http://base-files_3.0.14.bb>? using >> *_append? or I should be looking at some other recipe altogether? >> >> Sorry for the long email. Thanks in advance. >> Charles >> >> [1] >> https://wiki.openwrt.org/doc/howto/dropbear.public-key.auth#troubleshooting >> >> [2] >> >> http://cgit.openembedded.org/cgit.cgi/openembedded-core/tree/meta/recipes-core/base-files/base-files_3.0.14.bb?h=master#n35 >> >> >>
-- _______________________________________________ Openembedded-core mailing list [email protected] http://lists.openembedded.org/mailman/listinfo/openembedded-core
