ownership/permissions of cpio initrd

ownership/permissions of cpio initrd

[Marty Leisner]

I'm working on an embedded system with the 2.6 kernel -- cpio
initrd was a new feature I'm looking at (and very welcome).

The major advantage I see is you don't have MAKE a filesystem
on the build host (doing cross development).  So you don't have
to be root.

But its "useful" to change permissions/ownership of the initrd
files at times...

Since a cpio is just a userspace created string of bits, I suppose
you can apply a set of ownership/permissions to files IN the archive
by playing with the bits...

Does such a tool exist?  Comments?  Seems very useful in order to
avoid being root...

marty

Re: ownership/permissions of cpio initrd

[Horst H. von Brand]

Marty Leisner <linux@rochester.rr.com> wrote:
> I'm working on an embedded system with the 2.6 kernel -- cpio
> initrd was a new feature I'm looking at (and very welcome).
> 
> The major advantage I see is you don't have MAKE a filesystem
> on the build host (doing cross development).  So you don't have
> to be root.

> But its "useful" to change permissions/ownership of the initrd
> files at times...

> Since a cpio is just a userspace created string of bits, I suppose
> you can apply a set of ownership/permissions to files IN the archive
> by playing with the bits...

The easy way out is to unpack the initrd, fix permissions, and repack. That
requires root, though (it creates devices).

> Does such a tool exist?  Comments?  Seems very useful in order to
> avoid being root...

I'd use sudo(1) + specially cooked commands to unpack/pack an initrd. It is
a bit more work, but gives you extra flexibility (i.e., not just futzing
around with permissions, can also add/replace/edit/rename/delete files, ...
using bog standard tools).
-- 
Dr. Horst H. von Brand                   User #22616 counter.li.org
Departamento de Informatica                    Fono: +56 32 2654431
Universidad Tecnica Federico Santa Maria             +56 32 2654239
Casilla 110-V, Valparaiso, Chile               Fax:  +56 32 2797513

Re: ownership/permissions of cpio initrd

[Jeffrey Hundstad]

You can also use fakeroot(1).

Start fakeroot.
Change all of your permissions as you see fit.
make your cpio
exit fakeroot.



Horst H. von Brand wrote:
> Marty Leisner <linux@rochester.rr.com> wrote:
>   
>> I'm working on an embedded system with the 2.6 kernel -- cpio
>> initrd was a new feature I'm looking at (and very welcome).
>>
>> The major advantage I see is you don't have MAKE a filesystem
>> on the build host (doing cross development).  So you don't have
>> to be root.
>>     
>
>   
>> But its "useful" to change permissions/ownership of the initrd
>> files at times...
>>     
>
>   
>> Since a cpio is just a userspace created string of bits, I suppose
>> you can apply a set of ownership/permissions to files IN the archive
>> by playing with the bits...
>>     
>
> The easy way out is to unpack the initrd, fix permissions, and repack. That
> requires root, though (it creates devices).
>
>   
>> Does such a tool exist?  Comments?  Seems very useful in order to
>> avoid being root...
>>     
>
> I'd use sudo(1) + specially cooked commands to unpack/pack an initrd. It is
> a bit more work, but gives you extra flexibility (i.e., not just futzing
> around with permissions, can also add/replace/edit/rename/delete files, ...
> using bog standard tools).
>   

Re: ownership/permissions of cpio initrd

[Horst H. von Brand]

Jeffrey Hundstad <jeffrey.hundstad@mnsu.edu> wrote:
> You can also use fakeroot(1).

I think that is a debianism... not here on Fedora.
-- 
Dr. Horst H. von Brand                   User #22616 counter.li.org
Departamento de Informatica                    Fono: +56 32 2654431
Universidad Tecnica Federico Santa Maria             +56 32 2654239
Casilla 110-V, Valparaiso, Chile               Fax:  +56 32 2797513

Re: ownership/permissions of cpio initrd

[Andreas Schwab]

"Marty Leisner" <linux@rochester.rr.com> writes:

> Since a cpio is just a userspace created string of bits, I suppose
> you can apply a set of ownership/permissions to files IN the archive
> by playing with the bits...

  -R, --owner=[USER][:.][GROUP]   Set the ownership of all files created to the
                             specified USER and/or GROUP

Andreas.

-- 
Andreas Schwab, SuSE Labs, schwab@suse.de
SuSE Linux Products GmbH, Maxfeldstraße 5, 90409 Nürnberg, Germany
PGP key fingerprint = 58CA 54C7 6D53 942B 1756  01D3 44D5 214B 8276 4ED5
"And now for something completely different."

Re: ownership/permissions of cpio initrd

[Jan Engelhardt]

>> You can also use fakeroot(1).
>
>I think that is a debianism... not here on Fedora.

	LKML is (hopefully) distro neutral.

That useless line aside, the linux kernel build process supports 
creating a cpio archive with privileged things (devices) as a normal 
user.

	-`J'
-- 

Re: ownership/permissions of cpio initrd

[Jeffrey Hundstad]

It appears to not be standard with fedora for sure... but while it 
origiginally was/is a Debian package it looks like there is source if 
you'd like to build it on other systems.  It was originally designed to 
tackle the exact problem you are confronting.

See:
http://freshmeat.net/projects/fakeroot/

About:
Fakeroot runs a command in an environment were it appears to have root 
privileges for file manipulation, by setting LD_PRELOAD to a library 
with alternative versions of getuid(), stat(), etc. This is useful for 
allowing users to create archives (tar, ar, .deb .rpm etc.) with files 
in them with root permissions/ownership. Without fakeroot one would have 
to have root privileges to create the constituent files of the archives 
with the correct permissions and ownership, and then pack them up, or 
one would have to construct the archives directly, without using the 
archiver.

Horst H. von Brand wrote:
> Jeffrey Hundstad <jeffrey.hundstad@mnsu.edu> wrote:
>   
>> You can also use fakeroot(1).
>>     
>
> I think that is a debianism... not here on Fedora.
>   

Re: ownership/permissions of cpio initrd

[Jan Engelhardt]

> It appears to not be standard with fedora for sure... but while it origiginally
> was/is a Debian package it looks like there is source if you'd like to build it
> on other systems.  It was originally designed to tackle the exact problem you
> are confronting.
>
> See:
> http://freshmeat.net/projects/fakeroot/
>
> About:
> Fakeroot runs a command in an environment were it appears to have root
> privileges for file manipulation, by setting LD_PRELOAD to a library with
> alternative versions of getuid(), stat(), etc. This is useful for allowing
> users to create archives (tar, ar, .deb .rpm etc.) with files in them with root
> permissions/ownership. Without fakeroot one would have to have root privileges
> to create the constituent files of the archives with the correct permissions
> and ownership, and then pack them up, or one would have to construct the
> archives directly, without using the archiver.

Ugh that sounds even more than a hack. At least for one-user 
archives, I guess nobody at Debian knows that tar has a --user and 
--group option.


	-`J'
-- 

Re: ownership/permissions of cpio initrd

[Jeffrey Hundstad]

Jan Engelhardt wrote:
>> It appears to not be standard with fedora for sure... but while it origiginally
>> was/is a Debian package it looks like there is source if you'd like to build it
>> on other systems.  It was originally designed to tackle the exact problem you
>> are confronting.
>>
>> See:
>> http://freshmeat.net/projects/fakeroot/
>>
>> About:
>> Fakeroot runs a command in an environment were it appears to have root
>> privileges for file manipulation, by setting LD_PRELOAD to a library with
>> alternative versions of getuid(), stat(), etc. This is useful for allowing
>> users to create archives (tar, ar, .deb .rpm etc.) with files in them with root
>> permissions/ownership. Without fakeroot one would have to have root privileges
>> to create the constituent files of the archives with the correct permissions
>> and ownership, and then pack them up, or one would have to construct the
>> archives directly, without using the archiver.
>>     
>
> Ugh that sounds even more than a hack. At least for one-user 
> archives, I guess nobody at Debian knows that tar has a --user and 
> --group option.
>
>
> 	-`J'
>   

...It also let's you mknod and friends, and let's you set permissions to 
files to more than just ONE user.  The whole point of the commands is to 
let you make distribution files without root access.  Of course you can 
fake all of this with a special archiver command.... I'm just throwing 
out options.

$ fakeroot
# mkdir root
# mkdir root/dev/
# mknod root/dev/null c 1 3
# mknod root/dev/sda1 b 8 1
# chown root.disk root/dev/sda1
# cd root
# tar cvf ../root.tar ./
# exit
$ tar tvf root.tar
drwxr-xr-x root/root         0 2006-12-05 14:54 ./
drwxr-xr-x root/root         0 2006-12-05 14:54 ./dev/
crw-r--r-- root/root       1,3 2006-12-05 14:54 ./dev/null
brw-r--r-- root/disk       8,1 2006-12-05 14:54 ./dev/sda1

-- 
Jeffrey Hundstad

Re: ownership/permissions of cpio initrd

[Jan Engelhardt]

On Dec 5 2006 14:58, Jeffrey Hundstad wrote:
>
> ...It also let's you mknod and friends, and let's you set permissions to files
> to more than just ONE user.  The whole point of the commands is to let you make
> distribution files without root access.  Of course you can fake all of this
> with a special archiver command.... I'm just throwing out options.

Ah. Thanks for explaining! Looks like it eats big amounts of memory when there
are a lot of files in the faekroot.


>
> $ fakeroot
> #  mkdir root
> #  mkdir root/dev/
> #  mknod root/dev/null c 1 3
> #  mknod root/dev/sda1 b 8 1
> #  chown root.disk root/dev/sda1
> #  cd root
> #  tar cvf ../root.tar ./
> #  exit
> $ tar tvf root.tar
> drwxr-xr-x root/root         0 2006-12-05 14:54 ./
> drwxr-xr-x root/root         0 2006-12-05 14:54 ./dev/
> crw-r--r-- root/root       1,3 2006-12-05 14:54 ./dev/null
> brw-r--r-- root/disk       8,1 2006-12-05 14:54 ./dev/sda1
>
> -- 
> Jeffrey Hundstad
>
>
>

	-`J'
-- 

RE: ownership/permissions of cpio initrd

[Leisner, Martin]

hmmm...I looked at that -- that's extract and passthrough, but not create...

I'll look at the other solutions...but the bottom line if you want to do root things, you need to
become root -- its always a better idea to munge bits than change permissions...so ANYONE can make
distributions with no special priveleges...


marty 

> -----Original Message-----
> From: Andreas Schwab [mailto:schwab@suse.de] 
> Sent: Tuesday, December 05, 2006 3:31 PM
> To: Marty Leisner
> Cc: linux-kernel@vger.kernel.org; bug-cpio@gnu.org; Leisner, Martin
> Subject: Re: ownership/permissions of cpio initrd
> 
> "Marty Leisner" <linux@rochester.rr.com> writes:
> 
> > Since a cpio is just a userspace created string of bits, I suppose
> > you can apply a set of ownership/permissions to files IN the archive
> > by playing with the bits...
> 
>   -R, --owner=[USER][:.][GROUP]   Set the ownership of all 
> files created to the
>                              specified USER and/or GROUP
> 
> Andreas.
> 
> -- 
> Andreas Schwab, SuSE Labs, schwab@suse.de
> SuSE Linux Products GmbH, Maxfeldstraße 5, 90409 Nürnberg, Germany
> PGP key fingerprint = 58CA 54C7 6D53 942B 1756  01D3 44D5 
> 214B 8276 4ED5
> "And now for something completely different."
> 

Re: ownership/permissions of cpio initrd

[Andreas Schwab]

"Leisner, Martin" <Martin.Leisner@xerox.com> writes:

> hmmm...I looked at that -- that's extract and passthrough, but not create...

No, it's copy-out and copy-pass.  It does not make sense for copy-in.

Andreas.

-- 
Andreas Schwab, SuSE Labs, schwab@suse.de
SuSE Linux Products GmbH, Maxfeldstraße 5, 90409 Nürnberg, Germany
PGP key fingerprint = 58CA 54C7 6D53 942B 1756  01D3 44D5 214B 8276 4ED5
"And now for something completely different."

Re: ownership/permissions of cpio initrd

[Marty Leisner]

Jeffrey Hundstad <jeffrey.hundstad@mnsu.edu> writes  on Tue, 05 Dec 20
06 14:17:22 CST
     > You can also use fakeroot(1).
     > 
     > Start fakeroot.
     > Change all of your permissions as you see fit.
     > make your cpio
     > exit fakeroot.
     > 
     > 
     > 

Thanks....I got it running on fedora4 pretty easily...

Looks like its what I want/need -- 


marty

Re: ownership/permissions of cpio initrd

[Rainer Bawidamann]

In article <200612051720.kB5HKU4i001616@dell2.home>,
	"Marty Leisner" <linux@rochester.rr.com> writes:
> But its "useful" to change permissions/ownership of the initrd
> files at times...
> 
> Since a cpio is just a userspace created string of bits, I suppose
> you can apply a set of ownership/permissions to files IN the archive
> by playing with the bits...
> 
> Does such a tool exist?  Comments?  Seems very useful in order to
> avoid being root...

The kernel sources provide a program that should do what you want in

	linux/usr/gen_init_cpio.c

Documentation is available in the source or from the command line.

Rainer