User defaults to root on image capture
-
Hi, I am running into an issue when capturing an image.
After an image capture, user:group permissions are set to root:root. I change them to the correct permissions and then they are set correctly until I upload the image again.
How do I default to set the correct permissions?
-
@27john33 Why is it a problem the files are owned by root?
-
@sebastian-roth The fog server is using another user to deploy(In my case, fogproject). The image cannot be deployed unless the permissions are set to fogproject:root. Which I have to manually change from root:root every time I upload an image.
-
@27john33 If you look at the work I did on adding NFSv4 to FOG you will see how I handle it here by squashing all and then setting a gid and uid for all files created across this connection: (hint don’t blindly copy these exports commands because you will break nfsv3 with them.
/opt/fog/data/ *(fsid=0,no_subtree_check,insecure) /opt/fog/data/capture *(rw,sync,nohide,no_subtree_check,all_squash,insecure,insecure_locks,no_wdelay,anonuid=1001,anongid=1001) /opt/fog/data/images *(ro,sync,nohide,no_subtree_check,all_squash,insecure,anonuid=1001,anongid=1001)so in your /etc/exports file you will need to add these options to the /images/dev line.
(ro,sync,nohide,no_subtree_check,all_squash,insecure,anonuid=1001,anongid=1001)set the uid and gid to match the fogproject user on your system.
BUT I can say that I have never had to mess with setting file permissions on my fog servers. It just works out of the box. I set them for NFSv4 to increase the security stance of FOG.
The root of the issue is that when FOS Linux (which runs on the target computer) clones an image it runs as root (to have full control of the target computer during imaging), that is why they are being created on the FOG server as the root user.
-
@george1421 said in User defaults to root on image capture:
The root of the issue is that when FOS Linux (which runs on the target computer) clones an image it runs as root (to have full control of the target computer during imaging), that is why they are being created on the FOG server as the root user.
That’s correct, though not the whole truth. FTP is used within the FOG server internally to move the fully captured image files from /images/dev/… to it’s final destination /images/IMAGENAME/. It’s been a long time since I looked at that part last time but I think it was actually meant to do a chown operation alongside those FTP move and rename operation. But I can’t remember why this wasn’t actually working from the top of my head. It’s probably still the case because it works in pretty much all cases since then.
I guess it can be changed to chown fogproject user If you can explain why it causes issues on deploy in your case. What’s special about your setup? Modifications?
