Set new user permissions in Yocto recipe - yocto

I have a recipe to add a user called foo:
inherit useradd
USERADD_PACKAGES = "${PN}"
USERADD_PARAM_${PN} = "-P foo -u 1000 -d /home/foo -r -s /bin/bash foo;"
LICENSE = "CLOSED"
do_install () {
install -d ${D}/data/docker
install -d ${D}/home/foo
chown -R foo ${D}/home/foo
chown -R foo ${D}/data/docker
}
FILES_${PN} = " \
/home/foo \
/data \
"
For an obscure reason, data/docker is owned by foo but not /home/foo. Any idea why?

Actually, you don't need to install /home/foo(nor chown) since that task should be already accomplished by useradd, thus you can remove those commands. However, you might want to modify your recipe as follows:
do_install () {
install -d -m 755 ${D}${datadir}/foo
install -d -m 755 ${D}/data/docker
chown -R foo ${D}${datadir}/foo
chown -R foo ${D}/data/docker
}
FILES_${PN} = "${datadir}/foo/* /data/docker/*"

So the reason was that another recipe was creating a subfolder in the home directory first and was owned by root by default.
When the recipe to add the user was baked, the home folder was already created with root permissions.
My solution was to add the creation of this folder in the recipe adding the user instead.
Thanks #danior for the corrections

Related

Yocto Dunfell setting root password in recipe unsuccessful

I am trying to set the root user password in a custom recipe for yocto Dunfell.
Recipe looks like this: I have also tried EXTRA_USERS_PARAMS_append as shown in some other stackOverflow posts and it also did not work.
SUMMARY = "Test"
LICENSE = "CLOSED"
# Remove debugging tweaks
IMAGE_FEATURES_remove += " \
debug-tweaks \
"
# Add root password, and add the 'test' user
inherit extrausers
EXTRA_USERS_PARAMS = " \
usermod -P testpasswd root; \
useradd -p '' test \
"
FILES_${PN} = " /test/temp \
"
do_install () {
install -d ${D}/test/tmp
}
If I build this with my recipe, I can login as root with no password and when I check /etc/shadow the test user is not created.
I have verified that my desired directory /test/temp is created.
You should also remove allow-empty-password and empty-root-password features from IMAGE_FEATURES if they maybe available. enter link description here
and You didn't use semicolons at end of useradd -p '' test . This can cause error.
And you should be sure that debug-tweaks is not added at other strong files like local.conf

Yocto: Change ownership of /usr/lib

How can I change ownership of /usr/lib directory and all libraries inside for a specific user?
I tried to write a custom bb recipe without success.
SUMMARY = "Change /usr/lib ownership."
LICENSE = "MIT"
FILES_${PN} = "${libdir}\*"
do_install () {
chown user1:group1 ${D}${libdir}
}
I also try use ${libdir} instead /usr/lib, but without success. How can I access correctly /usr/lib?
It's impossible to change it during yocto compilation because the filesystem is built at the end of the process. There are two ways to achieve it. The first is to add chmod in the system image installation script.
The second one is to prepare a system service and bash script, which can check the owner and set the current one if necessary.
owner-updater.service
[Unit]
Description=Directory Owner Updater
After=local-fs.target
[Service]
Type=oneshot
ExecStart=/opt/update-owner
StandardOutput=journal
[Install]
WantedBy=multi-user.target
update-owner
#!/bin/bash
USER=user_name
DIR_PATH="/usr/lib"
DIR_OWNER="$(stat --format '%U' $DIR_PATH)"
DIR_GROUP="$(stat --format '%G' $DIR_PATH)"
if [ "$(id -u $DIR_OWNER)" -eq "$(id -u $USER)" ] &&
[ "$(id -g $DIR_GROUP)" -eq "$(id -g $USER)" ]; then
echo Correct owner
else
echo Incorrect owner
fi
chown -R [user_name/user_id]:[group_name/group_id] /usr/lib

Yocto: Create a directory after mount

I have a Yocto bitbake recipe in my layer - base-files_%.bbappend. It creates mount points:
do_install_append() {
mknod -m 622 ${D}/dev/console c 5 1
install -m 0755 -d ${D}/boot/EFI
install -m 0755 -d ${D}/data
}
The /data/ directory is later mounted to the internal SD card.
I would like to create a directory ${D}/data/test. What is the best way to do it? I've added a line install -m 0755 -d ${D}/data/test to this function but it didn't do it.
Thanks so much.
You have to ship those installed files by adding to your recipe:
FILES_${PN} += "/data/test"
Another solution is to add in your image recipe:
create_dirs() {
mkdir -p ${IMAGE_ROOTFS}/data/test
}
ROOTFS_POSTPROCESS_COMMAND += "create_dirs ; "
In your do_install function
do_install(){
mkdir -d ${D}/data/test
}
-d option creates the dir in your rootfs, and if you want to copy files, use below command in do_install function.
install -m 0777 ${s}/your files ${D}/data/test
The QA packaging process verification should be informed :
FILES_${PN} += "/data/test"

YoctoProject: change ownership of all files in a recipe

For the YoctoProject (v2.0, Jethro) the ownership of files inside the image defaults to user and group root unless I do explicitly change them by chown and chgrp in the do_install step for the given recipe.
I have a few recipes for which all files should be owned by another group and user than root. Is there a (cleaner/smarter) way to achieve this without calling chown and chgrp in do_install?
BSP vendors do usually provide example recipes to solve basic tasks.
Usually folder is called "recipes-skeleton"
User/Group add recipe sample path for freescale BSP:
~/yocto/fsl-community-bsp/sources/poky/meta-skeleton/recipes-skeleton/useradd/useradd-example.bb
Same can be found on github:
https://github.com/dirtybit/gumstix-yocto/blob/master/meta-skeleton/recipes-skeleton/useradd/useradd-example.bb
For changing root user info look up EXTRA_USERS_PARAMS flag. Need to inherit "extrausers" class first. Documentation on class is at:
http://www.yoctoproject.org/docs/current/mega-manual/mega-manual.html#ref-classes-extrausers
You can easily add user adding the following to your recipe.
inherit extrausers
EXTRA_USERS_PARAMS = " useradd user1; \
useradd user2; \
useradd user3; \
usermod -p 'user1_psw' user1; \
usermod -p 'user2_psw' user2; \
usermod -p 'user3_psw' user3;\
usermod -a -G sudo user1; \
usermod -a -G sudo user2; \
usermod -a -G sudo user3; "

chown -R not working in Yocto-Project recipe

Sorry, I'm not a native English speaker.
I'm trying to install my web application using a Yocto-Project recipe file.
PR = "r0"
PV = "1.0"
LIC_FILES_CHKSUM = "file://COPYING;md5=d41d8cd98f00b204e9800998ecf8427e"
SRC_URI = "\
file://sources \
file://COPYING \
"
S = "${WORKDIR}"
do_install() {
install -d ${D}${localstatedir}/www
cp -r ${S}/sources/* ${D}${localstatedir}/www/
chown -R www-data:www-data ${D}${localstatedir}/www/
chmod -R 775 ${D}${localstatedir}/www/cgi-bin
}
But /var/www is still owned by root:root and not www-data:www-data like desired.
Question
So how do I chown the /var/www directory recusively to www-data:www-data?
EDIT
I have seen page 9 of the following presentation: https://wiki.yoctoproject.org/wiki/images/e/e6/Custom_Users_Groups_in_Yocto1.1.pdf .
I created this recipe file to mimic this page.
First, chown and chmod should work in YP/OE recipes the way you use them.
The problem may be that you've missed a / in your path arguments for the commands. According to the documentation [1] ${D} has no trailing /.
Therefore the following should work:
do_install() {
install -d ${D}/${localstatedir}/www
cp -r ${S}/sources/* ${D}/${localstatedir}/www/
chown -R www-data:www-data ${D}/${localstatedir}/www/
chmod -R 775 ${D}/${localstatedir}/www/cgi-bin
}
(If not please post your bitbake logs)
[1] https://www.yoctoproject.org/docs/latest/mega-manual/mega-manual.html#var-D
sudo chown -R wwwdata:wwwdata /var/www/ to make the ownership of the desired folder and its inner folders or files recursively