Commit Graph

8 Commits

Author SHA1 Message Date
Peter Korsgaard
2b47c7f095 system/device_table.txt: /etc/random-seed is no more
So don't try to set the permissions of it.

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2015-07-09 08:37:10 +02:00
Peter Korsgaard
cb80683cb2 system/device_table.txt: drop unused ifupdown post-up.d / pre-down.d directories
These are not used by the busybox or Debian ifupdown implementation. Instead
if-up.d is run after the per-interface up tasks (E.G. post-up) and
if-down.d is run before the per-interface down tasks (E.G. pre-down).

So drop them as they only cause confusion.

grep execute_all output/build/busybox-1.23.2/networking/ifupdown.c
static int execute_all(struct interface_defn_t *ifd, const char *opt)
        if (!execute_all(iface, "pre-up")) return 0;
        if (!execute_all(iface, "up")) return 0;
        if (!execute_all(iface, "down")) return 0;
        if (!execute_all(iface, "post-down")) return 0;

grep execute_script output/build/ifupdown-0.7.49/execute.c
int execute_scripts(interface_defn * ifd, execfn * exec, char *opt)
    if (!execute_scripts(iface, doit, "pre-up"))
    if (!execute_scripts(iface, doit, "up"))
    if (!execute_scripts(iface, doit, "down"))
    if (!execute_scripts(iface, doit, "post-down"))

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2015-06-25 15:28:06 +02:00
Gustavo Zacarias
87fd1bd5ce system/permissions: /etc/random-seed must be mode 600
Otherwise it's a big security risk.

Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2014-11-25 22:37:43 +01:00
Stephan Hoffmann
b4f6274585 Remove user "default"
User "default" with no password has been around for long time, but not
used within buildroot. Since we now have BR2_ROOTFS_USERS_TABLES it is
no longer needed.

Signed-off-by: Stephan Hoffmann <sho@relinux.de>
Acked-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2014-06-07 00:06:31 +02:00
Yann E. MORIN
2f2bf6a800 system/permissions: make /root group+others non-writable
Upon logging, dropbear whines if /root is group- or others-writable, and
key-based authentication is attempted, reverting to password-based
authentication:
    dropbear[149]: /root must be owned by user or root, and not writable by others
    dropbear[149]: Password auth succeeded for 'root' from 192.168.127.35:41566

On my system, /root was 770. Changing to 700 fixed the issue.

Having /root 700 is a good idea, anyway.

Signed-off-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Acked-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Signed-off-by: Peter Korsgaard <jacmet@sunsite.dk>
2013-06-23 21:51:57 +02:00
Yann E. MORIN
03bc3c3bdc system/device-table: do not set /home/default stgid
Currently, /home/default is mode 2755 which means it is setgid.
Since /home/default is not group-writable, it is useless.

Signed-off-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Acked-by: Samuel Martin <s.martin49@gmail.com>
Signed-off-by: Peter Korsgaard <jacmet@sunsite.dk>
2013-05-30 15:50:21 +02:00
Simon Dawson
e2af182225 Add /var/www to device table
The /var/www directory is listed in /etc/passwd in the skeleton target
filesystem as the home directory of the www-data user (uid 33).

In the final target filesystem, /var/www should be owned by www-data. This
is important for the lighttpd package, for example.

Signed-off-by: Simon Dawson <spdawson@gmail.com>
Acked-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Signed-off-by: Peter Korsgaard <jacmet@sunsite.dk>
2012-11-30 11:48:52 -08:00
Thomas Petazzoni
6c3e3ad419 New top-level directory: system
This directory groups the following elements:
 * the default root filesystem skeleton
 * the default device tables
 * the Config.in options for system configuration (UART port for
   getty, system hostname, etc.)
 * the make rules to apply the system configuration options

Even though the skeleton and device tables could have lived in fs/, it
would have been strange to have the UART, system hostname and other
related options into fs/. A new system/ directory makes more sense.

As a consequence, this patch also removes target/Makefile.in, which
has become useless in the process.

[Peter: fixup TARGET_SKELETON settings / documentation to match]
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Acked-by: Yann E. MORIN <yann.morin.1998@free.fr>
Acked-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Signed-off-by: Peter Korsgaard <jacmet@sunsite.dk>
2012-11-04 12:51:08 +01:00