[OpenWrt-Devel] Extra file permissions

David H. Madden dhm at mersenne.com
Mon Oct 26 21:21:49 EDT 2015

I have been adding ssh authorized_keys files to my OpenWRT devices, and 
would like to have them built into the sysupgrade image, rather than 
adding to /overlay afterward.  However, the process that copies files 
from .../files to the final image resets permissions to u+rw,g+r,o+r, 
which wrecks the 700 permission for ~root/.ssh.  I modified 
include/image.mk to not do the permission "fixing."  This works OK for 
me, but I don't know whether it would break things for anybody else.  (I 
think I tested to see whether anything was actually having its 
permissions changed, but I don't remember the exact results.  I 
definitely didn't see anything that looked problematic.)

Here is the patch:

diff --git a/include/image.mk b/include/image.mk
index a92b13e..c22e287 100644
--- a/include/image.mk
+++ b/include/image.mk
@@ -243,10 +243,7 @@ define Image/mkfs/ext4

  define Image/mkfs/prepare/default
-       # Use symbolic permissions to avoid clobbering SUID/SGID/sticky bits
-       - $(FIND) $(TARGET_DIR) -type f -not -perm /0100 -not -name 
'ssh_host*' -not -name 'shadow' -print0 | $(XARGS) -0 chmod u+rw,g+r,o+r
-       - $(FIND) $(TARGET_DIR) -type f -perm /0100 -print0 | $(XARGS) 
-0 chmod u+rwx,g+rx,o+rx
-       - $(FIND) $(TARGET_DIR) -type d -print0 | $(XARGS) -0 chmod 
+       # We used to do something like "chmod -R go+rX" but it wasn't 
         $(INSTALL_DIR) $(TARGET_DIR)/tmp $(TARGET_DIR)/overlay
         chmod 1777 $(TARGET_DIR)/tmp

-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4023 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://lists.infradead.org/pipermail/openwrt-devel/attachments/20151026/4568ed6a/attachment.p7s>
-------------- next part --------------
openwrt-devel mailing list
openwrt-devel at lists.openwrt.org

More information about the openwrt-devel mailing list