Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Ensure files are copied with fcopy into chroot with expected permissions #217

Merged
merged 1 commit into from
Dec 18, 2024

Conversation

mika
Copy link
Member

@mika mika commented Dec 18, 2024

When running grml-live from within the git repository that was cloned by a user other than root, the files installed by FAI's fcopy have wrong/unexpected permissions.

For example:

| # stat /home/mika/build/grml-live-2024-12/grml_chroot/etc/rsyslog.conf
|   File: /home/mika/build/grml-live-2024-12/grml_chroot/etc/rsyslog.conf
|   Size: 1106            Blocks: 8          IO Block: 4096   regular file
| Device: 253,2   Inode: 4472261     Links: 1
| Access: (0644/-rw-r--r--)  Uid: ( 1000/    mika)   Gid: ( 1000/    mika)
| Access: 2024-12-18 15:39:59.477471695 +0100
| Modify: 2023-08-07 13:32:24.000000000 +0200
| Change: 2024-12-10 17:02:16.177262515 +0100
|  Birth: 2024-12-10 17:02:16.177262515 +0100

fcopy provides the following options:

| % fcopy -h
| fcopy, copy files using classes.
| [...]
|    -m user,group,mode   Set user, group and mode for copied files.
|    -M                   Same as -m root,root,0644
| [...]

Execute all fcopy command lines with -M, except for the ones that need execute permission (being /usr/share/initramfs-tools/scripts/init-top/grml and /etc/initramfs-tools/hooks/000-udev-shutup) for which we use the -m option accordingly then.

@mika mika requested a review from zeha December 18, 2024 16:20
etc/grml/fai/config/scripts/GRMLBASE/20-sudo Outdated Show resolved Hide resolved
When running grml-live from within the git repository that was cloned by
a user other than root, the files installed by FAI's fcopy have
wrong/unexpected permissions.

For example:

| # stat /home/mika/build/grml-live-2024-12/grml_chroot/etc/rsyslog.conf
|   File: /home/mika/build/grml-live-2024-12/grml_chroot/etc/rsyslog.conf
|   Size: 1106            Blocks: 8          IO Block: 4096   regular file
| Device: 253,2   Inode: 4472261     Links: 1
| Access: (0644/-rw-r--r--)  Uid: ( 1000/    mika)   Gid: ( 1000/    mika)
| Access: 2024-12-18 15:39:59.477471695 +0100
| Modify: 2023-08-07 13:32:24.000000000 +0200
| Change: 2024-12-10 17:02:16.177262515 +0100
|  Birth: 2024-12-10 17:02:16.177262515 +0100

fcopy provides the following options:

| % fcopy -h
| fcopy, copy files using classes.
| [...]
|    -m user,group,mode   Set user, group and mode for copied files.
|    -M                   Same as -m root,root,0644
| [...]

Execute all fcopy command lines with `-M`, except for the ones that need
execute permission (being /usr/share/initramfs-tools/scripts/init-top/grml
and /etc/initramfs-tools/hooks/000-udev-shutup) or 0440 (/etc/sudoers),
for which we use the `-m` option accordingly then.

Thanks to Chris for spotting and feedback.
@mika mika requested a review from zeha December 18, 2024 16:40
@mika mika merged commit 31dca3e into master Dec 18, 2024
12 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants