I'm working on an embedded system with the 2.6 kernel -- cpio
initrd was a new feature I'm looking at (and very welcome).
The major advantage I see is you don't have MAKE a filesystem
on the build host (doing cross development). So you don't have
to be root.
But its "useful" to change permissions/ownership of the initrd
files at times...
Since a cpio is just a userspace created string of bits, I suppose
you can apply a set of ownership/permissions to files IN the archive
by playing with the bits...
Does such a tool exist? Comments? Seems very useful in order to
avoid being root...
marty
Marty Leisner <[email protected]> wrote:
> I'm working on an embedded system with the 2.6 kernel -- cpio
> initrd was a new feature I'm looking at (and very welcome).
>
> The major advantage I see is you don't have MAKE a filesystem
> on the build host (doing cross development). So you don't have
> to be root.
> But its "useful" to change permissions/ownership of the initrd
> files at times...
> Since a cpio is just a userspace created string of bits, I suppose
> you can apply a set of ownership/permissions to files IN the archive
> by playing with the bits...
The easy way out is to unpack the initrd, fix permissions, and repack. That
requires root, though (it creates devices).
> Does such a tool exist? Comments? Seems very useful in order to
> avoid being root...
I'd use sudo(1) + specially cooked commands to unpack/pack an initrd. It is
a bit more work, but gives you extra flexibility (i.e., not just futzing
around with permissions, can also add/replace/edit/rename/delete files, ...
using bog standard tools).
--
Dr. Horst H. von Brand User #22616 counter.li.org
Departamento de Informatica Fono: +56 32 2654431
Universidad Tecnica Federico Santa Maria +56 32 2654239
Casilla 110-V, Valparaiso, Chile Fax: +56 32 2797513
You can also use fakeroot(1).
Start fakeroot.
Change all of your permissions as you see fit.
make your cpio
exit fakeroot.
Horst H. von Brand wrote:
> Marty Leisner <[email protected]> wrote:
>
>> I'm working on an embedded system with the 2.6 kernel -- cpio
>> initrd was a new feature I'm looking at (and very welcome).
>>
>> The major advantage I see is you don't have MAKE a filesystem
>> on the build host (doing cross development). So you don't have
>> to be root.
>>
>
>
>> But its "useful" to change permissions/ownership of the initrd
>> files at times...
>>
>
>
>> Since a cpio is just a userspace created string of bits, I suppose
>> you can apply a set of ownership/permissions to files IN the archive
>> by playing with the bits...
>>
>
> The easy way out is to unpack the initrd, fix permissions, and repack. That
> requires root, though (it creates devices).
>
>
>> Does such a tool exist? Comments? Seems very useful in order to
>> avoid being root...
>>
>
> I'd use sudo(1) + specially cooked commands to unpack/pack an initrd. It is
> a bit more work, but gives you extra flexibility (i.e., not just futzing
> around with permissions, can also add/replace/edit/rename/delete files, ...
> using bog standard tools).
>
Jeffrey Hundstad <[email protected]> wrote:
> You can also use fakeroot(1).
I think that is a debianism... not here on Fedora.
--
Dr. Horst H. von Brand User #22616 counter.li.org
Departamento de Informatica Fono: +56 32 2654431
Universidad Tecnica Federico Santa Maria +56 32 2654239
Casilla 110-V, Valparaiso, Chile Fax: +56 32 2797513
"Marty Leisner" <[email protected]> writes:
> Since a cpio is just a userspace created string of bits, I suppose
> you can apply a set of ownership/permissions to files IN the archive
> by playing with the bits...
-R, --owner=[USER][:.][GROUP] Set the ownership of all files created to the
specified USER and/or GROUP
Andreas.
--
Andreas Schwab, SuSE Labs, [email protected]
SuSE Linux Products GmbH, Maxfeldstra?e 5, 90409 N?rnberg, Germany
PGP key fingerprint = 58CA 54C7 6D53 942B 1756 01D3 44D5 214B 8276 4ED5
"And now for something completely different."
It appears to not be standard with fedora for sure... but while it
origiginally was/is a Debian package it looks like there is source if
you'd like to build it on other systems. It was originally designed to
tackle the exact problem you are confronting.
See:
http://freshmeat.net/projects/fakeroot/
About:
Fakeroot runs a command in an environment were it appears to have root
privileges for file manipulation, by setting LD_PRELOAD to a library
with alternative versions of getuid(), stat(), etc. This is useful for
allowing users to create archives (tar, ar, .deb .rpm etc.) with files
in them with root permissions/ownership. Without fakeroot one would have
to have root privileges to create the constituent files of the archives
with the correct permissions and ownership, and then pack them up, or
one would have to construct the archives directly, without using the
archiver.
Horst H. von Brand wrote:
> Jeffrey Hundstad <[email protected]> wrote:
>
>> You can also use fakeroot(1).
>>
>
> I think that is a debianism... not here on Fedora.
>
>> You can also use fakeroot(1).
>
>I think that is a debianism... not here on Fedora.
LKML is (hopefully) distro neutral.
That useless line aside, the linux kernel build process supports
creating a cpio archive with privileged things (devices) as a normal
user.
-`J'
--
> It appears to not be standard with fedora for sure... but while it origiginally
> was/is a Debian package it looks like there is source if you'd like to build it
> on other systems. It was originally designed to tackle the exact problem you
> are confronting.
>
> See:
> http://freshmeat.net/projects/fakeroot/
>
> About:
> Fakeroot runs a command in an environment were it appears to have root
> privileges for file manipulation, by setting LD_PRELOAD to a library with
> alternative versions of getuid(), stat(), etc. This is useful for allowing
> users to create archives (tar, ar, .deb .rpm etc.) with files in them with root
> permissions/ownership. Without fakeroot one would have to have root privileges
> to create the constituent files of the archives with the correct permissions
> and ownership, and then pack them up, or one would have to construct the
> archives directly, without using the archiver.
Ugh that sounds even more than a hack. At least for one-user
archives, I guess nobody at Debian knows that tar has a --user and
--group option.
-`J'
--
Jan Engelhardt wrote:
>> It appears to not be standard with fedora for sure... but while it origiginally
>> was/is a Debian package it looks like there is source if you'd like to build it
>> on other systems. It was originally designed to tackle the exact problem you
>> are confronting.
>>
>> See:
>> http://freshmeat.net/projects/fakeroot/
>>
>> About:
>> Fakeroot runs a command in an environment were it appears to have root
>> privileges for file manipulation, by setting LD_PRELOAD to a library with
>> alternative versions of getuid(), stat(), etc. This is useful for allowing
>> users to create archives (tar, ar, .deb .rpm etc.) with files in them with root
>> permissions/ownership. Without fakeroot one would have to have root privileges
>> to create the constituent files of the archives with the correct permissions
>> and ownership, and then pack them up, or one would have to construct the
>> archives directly, without using the archiver.
>>
>
> Ugh that sounds even more than a hack. At least for one-user
> archives, I guess nobody at Debian knows that tar has a --user and
> --group option.
>
>
> -`J'
>
...It also let's you mknod and friends, and let's you set permissions to
files to more than just ONE user. The whole point of the commands is to
let you make distribution files without root access. Of course you can
fake all of this with a special archiver command.... I'm just throwing
out options.
$ fakeroot
# mkdir root
# mkdir root/dev/
# mknod root/dev/null c 1 3
# mknod root/dev/sda1 b 8 1
# chown root.disk root/dev/sda1
# cd root
# tar cvf ../root.tar ./
# exit
$ tar tvf root.tar
drwxr-xr-x root/root 0 2006-12-05 14:54 ./
drwxr-xr-x root/root 0 2006-12-05 14:54 ./dev/
crw-r--r-- root/root 1,3 2006-12-05 14:54 ./dev/null
brw-r--r-- root/disk 8,1 2006-12-05 14:54 ./dev/sda1
--
Jeffrey Hundstad
On Dec 5 2006 14:58, Jeffrey Hundstad wrote:
>
> ...It also let's you mknod and friends, and let's you set permissions to files
> to more than just ONE user. The whole point of the commands is to let you make
> distribution files without root access. Of course you can fake all of this
> with a special archiver command.... I'm just throwing out options.
Ah. Thanks for explaining! Looks like it eats big amounts of memory when there
are a lot of files in the faekroot.
>
> $ fakeroot
> # mkdir root
> # mkdir root/dev/
> # mknod root/dev/null c 1 3
> # mknod root/dev/sda1 b 8 1
> # chown root.disk root/dev/sda1
> # cd root
> # tar cvf ../root.tar ./
> # exit
> $ tar tvf root.tar
> drwxr-xr-x root/root 0 2006-12-05 14:54 ./
> drwxr-xr-x root/root 0 2006-12-05 14:54 ./dev/
> crw-r--r-- root/root 1,3 2006-12-05 14:54 ./dev/null
> brw-r--r-- root/disk 8,1 2006-12-05 14:54 ./dev/sda1
>
> --
> Jeffrey Hundstad
>
>
>
-`J'
--
hmmm...I looked at that -- that's extract and passthrough, but not create...
I'll look at the other solutions...but the bottom line if you want to do root things, you need to
become root -- its always a better idea to munge bits than change permissions...so ANYONE can make
distributions with no special priveleges...
marty
> -----Original Message-----
> From: Andreas Schwab [mailto:[email protected]]
> Sent: Tuesday, December 05, 2006 3:31 PM
> To: Marty Leisner
> Cc: [email protected]; [email protected]; Leisner, Martin
> Subject: Re: ownership/permissions of cpio initrd
>
> "Marty Leisner" <[email protected]> writes:
>
> > Since a cpio is just a userspace created string of bits, I suppose
> > you can apply a set of ownership/permissions to files IN the archive
> > by playing with the bits...
>
> -R, --owner=[USER][:.][GROUP] Set the ownership of all
> files created to the
> specified USER and/or GROUP
>
> Andreas.
>
> --
> Andreas Schwab, SuSE Labs, [email protected]
> SuSE Linux Products GmbH, Maxfeldstra?e 5, 90409 N?rnberg, Germany
> PGP key fingerprint = 58CA 54C7 6D53 942B 1756 01D3 44D5
> 214B 8276 4ED5
> "And now for something completely different."
>
"Leisner, Martin" <[email protected]> writes:
> hmmm...I looked at that -- that's extract and passthrough, but not create...
No, it's copy-out and copy-pass. It does not make sense for copy-in.
Andreas.
--
Andreas Schwab, SuSE Labs, [email protected]
SuSE Linux Products GmbH, Maxfeldstra?e 5, 90409 N?rnberg, Germany
PGP key fingerprint = 58CA 54C7 6D53 942B 1756 01D3 44D5 214B 8276 4ED5
"And now for something completely different."
Jeffrey Hundstad <[email protected]> writes on Tue, 05 Dec 20
06 14:17:22 CST
> You can also use fakeroot(1).
>
> Start fakeroot.
> Change all of your permissions as you see fit.
> make your cpio
> exit fakeroot.
>
>
>
Thanks....I got it running on fedora4 pretty easily...
Looks like its what I want/need --
marty
In article <[email protected]>,
"Marty Leisner" <[email protected]> writes:
> But its "useful" to change permissions/ownership of the initrd
> files at times...
>
> Since a cpio is just a userspace created string of bits, I suppose
> you can apply a set of ownership/permissions to files IN the archive
> by playing with the bits...
>
> Does such a tool exist? Comments? Seems very useful in order to
> avoid being root...
The kernel sources provide a program that should do what you want in
linux/usr/gen_init_cpio.c
Documentation is available in the source or from the command line.
Rainer