Hi, I'm wondering what the best practice is for centrally creating and configuring users and groups, and then having certain recipes installing files with ownership according to those users and groups.
So far we've used EXTRA_USERS_PARAMS to create a bunch of users and groups, to segregate their responsibilities and rights/permissions as well as we can. We used to use a pkg_postinst_ontarget() in the recipes to set their file permissions correctly, because the users and groups created by the extrausers.bbclass weren't available during e.g. the recipe's do_install yet. Now we're moving towards using read-only-rootfs, so we can't use pkg_postinst_ontarget() for these files anymore. I tried using pkg_postinst, but the chown command fails because apparently pkg_postinst is executed before the extrausers.bbclass creates the users and groups. ROOTFS_POSTPROCESS_COMMAND also doesn't seem to help, as it only works from image recipes. I've also tried using the useradd.bbclass in the recipes, which allows us to set permissions from within the do_install task, but that started causing trouble when we tried to start using useradd-staticids, which we need to keep compatibility between software versions using the same files from a persistent partition. The useradd.bbclass in combination with the central extrausers.bbclass and useradd-staticids.bbclass is messy and hasn't resulted in a working build yet, with recipes complaining certain groups e.g. aren't available yet. I'm sure some of you have come up with neat and simple solutions, could you bright minds perhaps share your best practices to solve our issue? Thanks, Kind regards, -- *Maik Vermeulen* *Embedded Software Engineer* [image: 2.png] *[email protected] <[email protected]> * *quatt.io <http://www.quatt.io/>*
-=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#62970): https://lists.yoctoproject.org/g/yocto/message/62970 Mute This Topic: https://lists.yoctoproject.org/mt/105618946/21656 Group Owner: [email protected] Unsubscribe: https://lists.yoctoproject.org/g/yocto/unsub [[email protected]] -=-=-=-=-=-=-=-=-=-=-=-
