Bug 16015

Summary: nginx incorrectly created user group
Product: buildroot Reporter: David <daiwei>
Component: OtherAssignee: unassigned
Status: RESOLVED MOVED    
Severity: normal CC: buildroot, yann.morin.1998
Priority: P5    
Version: 2023.02.9   
Target Milestone: ---   
Hardware: PC   
OS: Linux   
Host: Target:
Build:

Description David 2024-03-30 14:18:24 UTC 
Because of special needs, I set the directories using nginx to the home path of www-data.

 nginx.mk:
----------------------------
# www-data user and group are used for nginx. Because these user and group
# are already set by buildroot, it is not necessary to redefine them.
# See system/skeleton/etc/passwd
#   username: www-data    uid: 33
#   groupname: www-data   gid: 33
#
# So, we just need to create the directories used by nginx with the right
# ownership.
define NGINX_PERMISSIONS
        /opt/var/lib/nginx d 755 33 33 - - - - -
endef

-----------------------------

At the same time, I modified the /etc/passwd file in the skeleton.

-------------------------------
[root@MiWiFi-R4A-srv skeleton]# more etc/passwd
root:x:0:0:root:/root:/bin/sh
daemon:x:1:1:daemon:/usr/sbin:/bin/false
bin:x:2:2:bin:/bin:/bin/false
sys:x:3:3:sys:/dev:/bin/false
sync:x:4:100:sync:/bin:/bin/sync
mail:x:8:8:mail:/var/spool/mail:/bin/false
www-data:x:33:33:www-data:/opt/var/lib/nginx:/bin/false
operator:x:37:37:Operator:/var:/bin/false
nobody:x:65534:65534:nobody:/home:/bin/false
----------------------------
After selecting nginx and compiling, the permissions of the generated nginx file are changed to tape[group name].

The following is the file output by the output:

[root@MiWiFi-R4A-srv lib]# pwd
/home/build/buildroot-2023.02.9/output/images/opt/var/lib

[root@MiWiFi-R4A-srv lib]# ll -rlth
总用量 0
drwxr-xr-x. 2 102    103 6  3月 30 21:14 mysql
drwxr-xr-x. 2 105    106 6  3月 30 21:16 redis
drwxr-xr-x. 2  33   tape 6  3月 30 21:16 nginx

After my inspection, I found that the group name of GID 33 of the compilation host is tape.

/etc/group on MyHost:

root:x:0:
bin:x:1:
daemon:x:2:
sys:x:3:
adm:x:4:
tty:x:5:
disk:x:6:
lp:x:7:
mem:x:8:
kmem:x:9:
wheel:x:10:
cdrom:x:11:
mail:x:12:
man:x:15:
dialout:x:18:
floppy:x:19:
games:x:20:
tape:x:33:
video:x:39:
ftp:x:50:
lock:x:54:
audio:x:63:
users:x:100:
nobody:x:65534:
utmp:x:22:
utempter:x:35:
input:x:999:
kvm:x:36:qemu
render:x:998:
systemd-journal:x:190:
systemd-coredump:x:997:
dbus:x:81:
polkitd:x:996:
printadmin:x:995:
ssh_keys:x:994:
avahi:x:70:
rtkit:x:172:
sssd:x:993:
pipewire:x:992:
sgx:x:991:
libstoragemgmt:x:990:
systemd-oom:x:989:
brlapi:x:988:
tss:x:59:clevis
geoclue:x:987:
cockpit-ws:x:986:
cockpit-wsinstance:x:985:
flatpak:x:984:
colord:x:983:
clevis:x:982:
setroubleshoot:x:981:
gdm:x:42:
gnome-initial-setup:x:980:
sshd:x:74:
slocate:x:21:
chrony:x:979:
dnsmasq:x:978:
tcpdump:x:72:
build:x:1000:
wireshark:x:977:
usbmon:x:976:
stapusr:x:156:
stapsys:x:157:
stapdev:x:158:
pesign:x:975:
qemu:x:107:

After testing, if I delete the tape group(gid 33) in the group on my compilation host,the permissions of the compiled nginx files are correct(show 
 gid 33).Or if I change the user group with gid 33 to another name, the nginx directory will be set to the new group(gid 33).
like below:
[root@MiWiFi-R4A-srv opt]# ll -lrt  var/lib/
总用量 0
drwxr-xr-x. 2 102    103 6  3月 30 21:14 mysql
drwxr-xr-x. 2 105    106 6  3月 30 21:16 redis
drwxr-xr-x. 2  33 nonono 6  3月 30 21:16 nginx

I think that when building nginx, it did not correctly handle the permission issue of the created file, and nginx did not find the correct gid in the skeleton. It seems to be looking for the gid it belongs to in /etc/group on my host.
Comment 1 Yann E. MORIN 2024-06-15 15:22:36 UTC 
Thank you for your report.

The issue tracker for the Buildroot project has been moved to
the Gitlab.com issue tracker:
    https://gitlab.com/buildroot.org/buildroot/-/issues

We are taking this opportunity to close old issues in this old
tracker. If you believe your issue is still relevant, please
open one in the new issue tracker.

Thank you!