How can I change ownership of /usr/lib directory and all libraries inside for a specific user?
I tried to write a custom bb recipe without success.
SUMMARY = "Change /usr/lib ownership."
LICENSE = "MIT"
FILES_${PN} = "${libdir}\*"
do_install () {
chown user1:group1 ${D}${libdir}
}
I also try use ${libdir} instead /usr/lib, but without success. How can I access correctly /usr/lib?
It's impossible to change it during yocto compilation because the filesystem is built at the end of the process. There are two ways to achieve it. The first is to add chmod in the system image installation script.
The second one is to prepare a system service and bash script, which can check the owner and set the current one if necessary.
owner-updater.service
[Unit]
Description=Directory Owner Updater
After=local-fs.target
[Service]
Type=oneshot
ExecStart=/opt/update-owner
StandardOutput=journal
[Install]
WantedBy=multi-user.target
update-owner
#!/bin/bash
USER=user_name
DIR_PATH="/usr/lib"
DIR_OWNER="$(stat --format '%U' $DIR_PATH)"
DIR_GROUP="$(stat --format '%G' $DIR_PATH)"
if [ "$(id -u $DIR_OWNER)" -eq "$(id -u $USER)" ] &&
[ "$(id -g $DIR_GROUP)" -eq "$(id -g $USER)" ]; then
echo Correct owner
else
echo Incorrect owner
fi
chown -R [user_name/user_id]:[group_name/group_id] /usr/lib
Related
if [ -f "${S}/abc/abcd.service" ]; then
install -m 0644 ${S}/abc/abcd.service -D ${D}${systemd_unitdir}/system/abcd.service
ln -sf ${systemd_unitdir}/system/abcd.service ${D}${systemd_unitdir}/system/multi-user.target.wants/abcd.service
ln -sf ${systemd_unitdir}/system/abcd.service ${D}${systemd_unitdir}/system/ffbm.target.wants/abcd.service
fi
I have installed a sample daemon "abcd.service" like above but on target, I see this listed as root. If I check "ps -ax | grep abcd" then it shows root which I don't want.
Any idea how can I change that to non-root?
Edit the systemd unit file to use the User= or DynamicUser= directive: https://www.freedesktop.org/software/systemd/man/systemd.exec.html?_sm_au_=iVVHkLwvwFJL8SMPL321jK0f1JH33#User=. The DynamicUser directive might be easier because you won't have to figure out how to create a new user in Yocto (maybe it's actually easy but I don't know how to do it off the top of my head).
I'm trying to use the Remote - Containers extension for Visual Studio Code, but when I "Open Folder in Container", I get this error:
Run: docker exec 0d0c1eac6f38b81566757786f853d6f6a4f3a836c15ca7ed3a3aaf29b9faab14 /bin/sh -c set -o noclobber ; mkdir -p '/home/appuser/.vscode-server/data/Machine' && { > '/home/appuser/.vscode-server/data/Machine/.writeMachineSettingsMarker' ; } 2> /dev/null
mkdir: cannot create directory ‘/home/appuser’: Permission denied
My Dockerfile uses:
FROM python:3.7-slim
...
RUN useradd -ms /bin/bash appuser
USER appuser
I've also tried:
RUN adduser -D appuser
RUN groupadd -g 999 appuser && \
useradd -r -u 999 -g appuser appuser
USER appuser
Both of these work if I build them directly. How do I get this to work?
What works for me is to create a non-root user in my Dockerfile and then configure the VS Code dev container to use that user.
Step 1. Create the non-root user in your Docker image
ARG USER_ID=1000
ARG GROUP_ID=1000
RUN groupadd --system --gid ${GROUP_ID} MY_GROUP && \
useradd --system --uid ${USER_ID} --gid MY_GROUP --home /home/MY_USER --shell /sbin/nologin MY_USER
Step 2. Configure .devcontainer/devcontainer.json file in the root of your project (should be created when you start remote dev)
"remoteUser": "MY_USER" <-- this is the setting you want to update
If you use docker compose, it's possible to configure VS Code to run the entire container as the non-root user by configuring .devcontainer/docker-compose.yml, but I've been happy with the process described above so I haven't experimented further.
You might get some additional insight by reading through the VS Code docs on this topic.
go into your WSL2 and check what is your local uid (non-root) using command id.
in my case it is UID=1000(ubuntu).
Change your dockerfile, to something like this:
# For more information, please refer to https://aka.ms/vscode-docker-python
FROM python:3.8-slim-buster
# Keeps Python from generating .pyc files in the container
ENV PYTHONDONTWRITEBYTECODE=1
# Turns off buffering for easier container logging
ENV PYTHONUNBUFFERED=1
# Install pip requirements
COPY requirements.txt .
RUN python -m pip install -r requirements.txt
WORKDIR /home/ubuntu
COPY . /home/ubuntu
# Creates a non-root user and adds permission to access the /app folder
# For more info, please refer to https://aka.ms/vscode-docker-python-configure-containers
RUN useradd -u 1000 ubuntu && chown -R ubuntu /home/ubuntu
USER ubuntu
# During debugging, this entry point will be overridden. For more information, please refer to https://aka.ms/vscode-docker-python-debug
CMD ["python", "app.py"]
I have a recipe to add a user called foo:
inherit useradd
USERADD_PACKAGES = "${PN}"
USERADD_PARAM_${PN} = "-P foo -u 1000 -d /home/foo -r -s /bin/bash foo;"
LICENSE = "CLOSED"
do_install () {
install -d ${D}/data/docker
install -d ${D}/home/foo
chown -R foo ${D}/home/foo
chown -R foo ${D}/data/docker
}
FILES_${PN} = " \
/home/foo \
/data \
"
For an obscure reason, data/docker is owned by foo but not /home/foo. Any idea why?
Actually, you don't need to install /home/foo(nor chown) since that task should be already accomplished by useradd, thus you can remove those commands. However, you might want to modify your recipe as follows:
do_install () {
install -d -m 755 ${D}${datadir}/foo
install -d -m 755 ${D}/data/docker
chown -R foo ${D}${datadir}/foo
chown -R foo ${D}/data/docker
}
FILES_${PN} = "${datadir}/foo/* /data/docker/*"
So the reason was that another recipe was creating a subfolder in the home directory first and was owned by root by default.
When the recipe to add the user was baked, the home folder was already created with root permissions.
My solution was to add the creation of this folder in the recipe adding the user instead.
Thanks #danior for the corrections
I have a Yocto bitbake recipe in my layer - base-files_%.bbappend. It creates mount points:
do_install_append() {
mknod -m 622 ${D}/dev/console c 5 1
install -m 0755 -d ${D}/boot/EFI
install -m 0755 -d ${D}/data
}
The /data/ directory is later mounted to the internal SD card.
I would like to create a directory ${D}/data/test. What is the best way to do it? I've added a line install -m 0755 -d ${D}/data/test to this function but it didn't do it.
Thanks so much.
You have to ship those installed files by adding to your recipe:
FILES_${PN} += "/data/test"
Another solution is to add in your image recipe:
create_dirs() {
mkdir -p ${IMAGE_ROOTFS}/data/test
}
ROOTFS_POSTPROCESS_COMMAND += "create_dirs ; "
In your do_install function
do_install(){
mkdir -d ${D}/data/test
}
-d option creates the dir in your rootfs, and if you want to copy files, use below command in do_install function.
install -m 0777 ${s}/your files ${D}/data/test
The QA packaging process verification should be informed :
FILES_${PN} += "/data/test"
Sorry, I'm not a native English speaker.
I'm trying to install my web application using a Yocto-Project recipe file.
PR = "r0"
PV = "1.0"
LIC_FILES_CHKSUM = "file://COPYING;md5=d41d8cd98f00b204e9800998ecf8427e"
SRC_URI = "\
file://sources \
file://COPYING \
"
S = "${WORKDIR}"
do_install() {
install -d ${D}${localstatedir}/www
cp -r ${S}/sources/* ${D}${localstatedir}/www/
chown -R www-data:www-data ${D}${localstatedir}/www/
chmod -R 775 ${D}${localstatedir}/www/cgi-bin
}
But /var/www is still owned by root:root and not www-data:www-data like desired.
Question
So how do I chown the /var/www directory recusively to www-data:www-data?
EDIT
I have seen page 9 of the following presentation: https://wiki.yoctoproject.org/wiki/images/e/e6/Custom_Users_Groups_in_Yocto1.1.pdf .
I created this recipe file to mimic this page.
First, chown and chmod should work in YP/OE recipes the way you use them.
The problem may be that you've missed a / in your path arguments for the commands. According to the documentation [1] ${D} has no trailing /.
Therefore the following should work:
do_install() {
install -d ${D}/${localstatedir}/www
cp -r ${S}/sources/* ${D}/${localstatedir}/www/
chown -R www-data:www-data ${D}/${localstatedir}/www/
chmod -R 775 ${D}/${localstatedir}/www/cgi-bin
}
(If not please post your bitbake logs)
[1] https://www.yoctoproject.org/docs/latest/mega-manual/mega-manual.html#var-D
sudo chown -R wwwdata:wwwdata /var/www/ to make the ownership of the desired folder and its inner folders or files recursively