On Thu 11/06/20 07:46, Michael Olbrich wrote:
On Wed, Jun 10, 2020 at 01:42:25PM +0200, Nico Lastzka wrote:
On Wed 10/06/20 11:32, Bruno Thomsen wrote:
> > From: ptxdist <[email protected]> on behalf of Nico Lastzka
<[email protected]>
> > Sent: Wednesday, June 10, 2020 11:35
> > To: [email protected] <[email protected]>
> > Subject: [ptxdist] Hard-coded directory permissions
> >
> > Hi,
> >
> > I ran into a problem with the latest ptxdist 2020.06 when trying to install
an ssh key to
> > "/root/.ssh/authorized_keys".
> >
> >
> > Here, the "image-enhancements rule" contains the following code which
breaks the image creation:
> >
> > @$(call install_copy, image_enhancements, 0, 0, 0400,
$(PTXDIST_PLATFORMCONFIGDIR)/access/key-develop_id_ed25519.pub,
/root/.ssh/authorized_keys )
>
> I think you need to create the parent directory first with correct
permissions.
>
> @$(call install_copy, image_enhancements, 0, 0, 0400, /root/.ssh)
>
Already tried that without success.
You need to explicitly create the directory, the error complains about,
with the correct permissions:
@$(call install_copy, image_enhancements, 0, 0, 0700, /root)
Thanks for the quick reply. I tried your solution but it did not work either.
Although I can create
folders like '/root' and '/root/.ssh' without a problem, the issue comes from
the fact that the awk
script uses hardcoded permissions for folders within a given file path. Now I
have the following in
my rule:
--8<--------------------
@$(call install_copy, image_enhancements, 0, 0, 0700, /root)
@$(call install_copy, image_enhancements, 0, 0, 0700, /root/.ssh)
@$(call install_copy, image_enhancements, 0, 0, 0400,
$(PTXDIST_PLATFORMCONFIGDIR)/access/key-develop_id_ed25519.pub,
/root/.ssh/authorized_keys )
-------------------->8--
This leads to the following results:
1. '/root' is checked ok, since it uses the same permissions as defined by the
rootfs
2. '/root/.ssh is checked ok, since it is not included by any other package (I
can even change
permissions here)
3. '/root/.ssh/authorized_keys' is split into the following checks by the
script:
3a. '/root/.ssh/authorized_keys' is checked ok because no other package
defines it
3b. '/root/.ssh is checked ok although the permissions checked for are now
0755, since it is not included by any other package
3c. '/root' check fails, since it now uses the hardcoded permissions 0755,
whereas the rootfs defines 0700)
I think rather to use the hardcoded values for these folders the script should
try to look it up
from 'perms[path]' first and only use the 0755 as a fallback.
Michael
--
Pengutronix e.K. | |
Steuerwalder Str. 21 | http://www.pengutronix.de/ |
31137 Hildesheim, Germany | Phone: +49-5121-206917-0 |
Amtsgericht Hildesheim, HRA 2686 | Fax: +49-5121-206917-5555 |
_______________________________________________
ptxdist mailing list
[email protected]
To unsubscribe, send a mail with subject "unsubscribe" to
[email protected]
_______________________________________________
ptxdist mailing list
[email protected]
To unsubscribe, send a mail with subject "unsubscribe" to
[email protected]