fischertechnik UI runs as wrong user

ftCommunity / ftcommunity-TXT

Fischertechnik ROBOTICS TXT firmware, community edition

http://cfw.ftcommunity.de/

GNU General Public License v3.0

46 stars 31 forks source link

fischertechnik UI runs as wrong user #284

Closed hypnotoad closed 11 months ago

hypnotoad commented 11 months ago

There is a discrepancy between the UID/GID in the rom and the one shipped with FTC. To me, it is unclear which one is considered wrong: /etc/passwd is in ROM: ROBOPro:x:1004:1008::/opt/knobloch:/bin/sh in CFW: ROBOPro:x:1000:1000::/opt/fischertechnik:/bin/sh

Intuitively, I would change the CFW one, but it has been 1000/1000 from the very first release. FYI @ski7777 @rkunze @harbaum

hypnotoad commented 11 months ago

This leads to the FT-UI being started as user ROBOPro of the chroot which actually is the user sshd outside the chroot. This user has no write permission to the user folder and thus no programs can be saved.

harbaum commented 11 months ago

I'd expect chroot to have the ability to re-map users. After all, changing into an alien file system like we do here is the main purpose. Doesn't it?

ski7777 commented 11 months ago

I just checked on fischertechniks user.tab. As far as I can tell they generate the user IDs during build and they are not fixed leading to this problem after changing the user.tab on their side. I think we can just fix the user ID of ROBOPro to 1008 and it should be fine.

Till Harbaum @.***> schrieb am Mi., 12. Juli 2023, 21:43:

I'd expect chroot to have the ability to re-map users. After all, changing into an alien file system like we do here is the main purpose. Doesn't it?

— Reply to this email directly, view it on GitHub https://github.com/ftCommunity/ftcommunity-TXT/issues/284#issuecomment-1633109660, or unsubscribe https://github.com/notifications/unsubscribe-auth/AEDLVEL45B34CYBLQA5EDMDXP345PANCNFSM6AAAAAA2H5Q2BQ . You are receiving this because you were mentioned.Message ID: @.***>

hypnotoad commented 11 months ago

run_txtcontrol does a chroot like this: chroot /rom/ su - ROBOPro -c "$DISPLAY ./TxtControlMain /dev/ttyO2 65000"

@harbaum : GNU chroot allows to combine the su and the chroot with the --userspec argument, but BusyBox chroot has no options for that.

The following would maybe work if ROBOPro would be allowed to chroot (but it isn't). su - ROBOPro -c "$DISPLAY chroot /rom/ ./TxtControlMain /dev/ttyO2 65000"

hypnotoad commented 11 months ago

After #285, there is still the issue that the ftc user has no access to the sound files. There are 2 options

give the ftc user access by using some overlayfs ontop of the rom (there is no ubifs mount option to change permissions)
do not differentiate between ftc and robopro user - in the robopro chroot it is called robopro, otherwise it is called ftc. The have the same uid:gid 1004:1008

The first option would be more complex. The second would not allow for a simple upgrade path.