A restart of openHAB causes file permissions to change in ~openhab/.ssh

watou · January 12, 2016, 5:29pm

Since it’s certain that users should be able to have paths like ~openhab/.ssh untouched, your explanation makes me even more convinced that setpermissions.sh should be changed to leave alone any non-openHAB paths. Would you open an issue, Rich? I think you’ve explained it well already.

rlkoshak · January 12, 2016, 5:31pm

Submitted as Issue #3776

theo · January 12, 2016, 10:33pm

I’ve commented on the issue.

bob_dickenson · January 13, 2016, 10:33am

2 cents from a side issue. The setpermissions script was one of the potential culprits when I found the problems with 1.8 clean Jessie apt-get install recommended startup sequence (systemctl … vs /etc/init.d/…) really messing things up. Not a causal statement but certainly correlated enough to comment.

Steamrunner · January 17, 2016, 6:18pm

This issue indeed also existed in 1.7.1. I fixed it by changing
find "${sprohdir}" -type f -exec chmod 644 {} ';' find "${sprohdir}" -type d -exec chmod 755 {} ';'
in setpermissions.sh to
find "${sprohdir}" -path *.ssh* -o -type f -print -exec chmod 644 {} ';' find "${sprohdir}" -path *.ssh* -o -type d -print -exec chmod 755 {} ';'
These modifications were overwritten when updating to 1.8.

rlkoshak · January 20, 2016, 11:20pm

Just a quick update to show how I’m working through the problem.

What I did was just add a couple of chmod calls using executeCommandLine to reset the permissions of the files in question to what they need to be before calling the script I actually want to execute. It works quite well and doesn’t require sudo since openhab owns the files.\

    var String results = executeCommandLine("chmod a+x /etc/openhab/configurations/scripts/*", 5000)
    logInfo("Network", "Resetting permissions on script:\n" + results)
    results = executeCommandLine("chmod go-r ~openhab/.ssh/*", 5000)
    logInfo("Network", "Resetting permissions on .ssh:\n" + results)
    results = executeCommandLine("/etc/openhab/configurations/scripts/resetGarageMqttReporter.sh", 5000)
    logInfo("Network", "Resetting garage mwttReporter. Results:\n" + results)

NCO · January 21, 2016, 3:41pm

Thanks for your workaround @rlkoshak.

I tried your first 2 lines

var String results = executeCommandLine("chmod u+x /usr/share/openhab/configurations/scripts/*.sh", 5000)
logInfo("Network", "Resetting permissions on script:\n" + results)

but obviously it doens’t work that way.
openhab.log:
chmod: cannot access `/usr/share/openhab/configurations/scripts/*.sh’: No such file or directory

rlkoshak · January 21, 2016, 3:44pm

You have to give it the paths to your actual scripts and files. If you didn’t install using apt-get your configurations folder is like somewhere else (/opt/openhab/configurations perhaps?)

NCO · January 21, 2016, 3:56pm

Hi @rlkoshak,

of course

I tried the exact same command in the console (with my openhab user account) and it works fine.
Just the call in execute command did not work.

I even tried another tipp from another thread:
var String results = executeCommandLine(“chmod@@u+x@@/usr/share/openhab/configurations/scripts/*.sh”, 5000)
Didn’t help either…

rlkoshak · January 21, 2016, 4:29pm

Well, the error is complaining that your path doesn’t exist. I’m not sure where to go from this error except to double check that the path is correct and being interpreted correctly. Try adding an executeCommandLine that does an ls on that folder and make sure that directory works.

/usr/share/openhab/configurations is an odd place for the configurations folder.

NCO · January 21, 2016, 7:42pm

Actually the path exists and (as far as I remember) it was generated during installation of openhab.
The path /usr/share/openhab/ is the main directory and the configurations folder there is a sym link to /etc/openhab/configurations/

Both
ls /etc/openhab/configurations/scripts/.sh
and
ls /usr/share/openhab/configurations/scripts/.sh
in the console work fine.

That’s really weird.

rlkoshak · January 21, 2016, 7:46pm

Well look at that. There is a symlink to /etc/openhab/configurations under /usr/share/openhab/configurations.

Don’t try it from the console, you need to run the ls using the same environment so add to your rule:

var results = executeCommandLine("ls -l /etc/openhab/configurations/scripts/*.sh", 5000)
logInfo("Permissions", results)

NCO · January 21, 2016, 8:12pm

Hi @Steamrunner

I tried your suggestion for my script folder:
/etc/openhab/configurations/scripts
which looks like this:
find "${sprohdir}" -path /usr/share/openhab/configurations/scripts/* -o -type f -exec chmod 644 {} ';'
and it seems to work.
At least the permissions are still ok.

However, when I start OH directly I get:

[....] Starting openHAB server: openhabfind: paths must precede expression: /usr/share/openhab/configurations/scripts/bt.sh
Usage: find [-H] [-L] [-P] [-Olevel] [-D help|tree|search|stat|rates|opt|exec] [path...] [expression]

I tried to modify the “path” part, but did not succeed.
Any suggestion?

NCO · January 21, 2016, 8:36pm

Thanks for your patience, @rlkoshak,

Of course I tried both paths in the rule. Ths sym link as well as the “real” folder /etc/openhab/configurations/script.
Same result (with ls as well as chmod)

rlkoshak · January 21, 2016, 9:01pm

Here’s a thought. Perhaps the openhab user’s environment doesn’t have anything in its path. Try passing the full path to ls, or chmod, or any other command you are using from within the executeCommandLine. For example:

var results = executeCommandLine("/bin/ls -l /etc/openhab/configurations/scripts/*.sh", 5000)
logInfo("Permissions", results)

NCO · January 22, 2016, 7:42am

GOT IT !!!
A played around a little more and found out that
/bin/chmod u+x /etc/openhab/configurations/scripts/*
does NOT work, but
/bin/chmod u+x -R /etc/openhab/configurations/scripts/
does work!!! - Even without the full path to chmod

So it seems that it’s related to "*"
I don’t have any idea, why it’s working in your case as you suggested above!?
Does this ring a bell?

rlkoshak · January 23, 2016, 3:53pm

I’ve no idea. It might be the case that the * is being interpreted as something instead of being passed to the command line.

DimNsk · February 15, 2016, 5:08am

tell me which file to add this code?

var String results = executeCommandLine("chmod a+x /etc/openhab/configurations/scripts/*", 5000) logInfo("Network", "Resetting permissions on script:\n" + results) results = executeCommandLine("chmod go-r ~openhab/.ssh/*", 5000) logInfo("Network", "Resetting permissions on .ssh:\n" + results) results = executeCommandLine("/etc/openhab/configurations/scripts/resetGarageMqttReporter.sh", 5000) logInfo("Network", "Resetting garage mwttReporter. Results:\n" + results)

federic0 · February 15, 2016, 2:25pm

Those are rules (in your rules files) that can be called before you need to execute your ssh action or I guess you could execute them when OpenHAB starts (i.e. When System started).

rlkoshak · February 15, 2016, 3:58pm

This code needs to go into a .rules file in the rules directory of your configuration folder in a rule with a system started trigger as @federic0 suggests. If you need information about rules please see the rules wiki page.