Dropins wrong file permissions

[quentin9696]

Bug

Operating System Version

39.20240210.3.0 (CoreOS)

Ignition Version

2.17.0

Environment

AWS

Expected Behavior

Systemd dropins files must be created with permissions 644

Actual Behavior

Systemd dropins files are created with 700

This produce those warnings

is marked executable. Please remove executable permission bits. Proceeding anyway.
is marked world-inaccessible. This has no effect as configuration data is accessible via APIs without restrictions. Proceeding anyway.

Reproduction Steps

1. Start a new FCOS with a systemd dropin
2. Check the unit logs

Other Information

N/A

[HuijingHei]

Thanks for the reports!

Try to test on 39.20240309.20.0, but can not reproduce this, the new created systemd files has permissions 644, could you help to confirm? Thanks!

core@ip-10-0-140-237:~$ systemctl status hello.service
● hello.service
     Loaded: loaded (/etc/systemd/system/hello.service; enabled; preset: enabled)
    Drop-In: /usr/lib/systemd/system/service.d
             └─10-timeout-abort.conf
     Active: active (exited) since Tue 2024-03-12 03:08:31 UTC; 17s ago
    Process: 1586 ExecStart=/usr/bin/echo hello (code=exited, status=0/SUCCESS)
   Main PID: 1586 (code=exited, status=0/SUCCESS)
        CPU: 1ms

Mar 12 03:08:31 ip-10-0-140-237 systemd[1]: Starting hello.service...
Mar 12 03:08:31 ip-10-0-140-237 echo[1586]: hello
Mar 12 03:08:31 ip-10-0-140-237 systemd[1]: Finished hello.service.

core@ip-10-0-140-237:~$ ls -alh /etc/systemd/system/hello.service
-rw-r--r--. 1 root root 154 Mar 12 03:08 /etc/systemd/system/hello.service

The butane config file is:

$ cat hello.bu 
variant: fcos
version: 1.5.0
systemd:
  units:
    - name: hello.service
      enabled: true
      contents: |
        [Unit]
        Before=systemd-user-sessions.service
        [Service]
        Type=oneshot
        ExecStart=/usr/bin/echo hello
        RemainAfterExit=yes
        [Install]
        WantedBy=multi-user.target
passwd:
  users:
    - name: core
      ssh_authorized_keys:
        - ssh-rsa XXX

[travier]

@HuijingHei You are not using dropins in your Butane config: https://coreos.github.io/butane/config-fcos-v1_5/

variant: fcos
version: 1.5.0
systemd:
  units:
    - name: hello.service
      enabled: true
      contents: |
        [Unit]
        Before=systemd-user-sessions.service
        [Service]
        Type=oneshot
        ExecStart=/usr/bin/echo hello
        RemainAfterExit=yes
        [Install]
        WantedBy=multi-user.target
      dropins:
         name: foo.conf
         contents: |
          [Unit]
          Description=Foo
passwd:
  users:
    - name: core
      ssh_authorized_keys:
        - ssh-rsa XXX

[HuijingHei]

Thanks @travier , can not reproduce using above config.

[core@cosa-devsh ~]$ rpm -q ignition
ignition-2.17.0-1.fc39.x86_64
[core@cosa-devsh ~]$ ls -alh /etc/systemd/system/hello.service
-rw-r--r--. 1 root root 154 Mar 12 13:53 /etc/systemd/system/hello.service
[core@cosa-devsh ~]$ ls -alh /etc/systemd/system/hello.service.d/foo.conf 
-rw-r--r--. 1 root root 23 Mar 12 13:53 /etc/systemd/system/hello.service.d/foo.conf

[quentin9696]

Hi Guys,

I finally try on my hand. The issue was on my butane code with some logic we added post-startup.

All is good. Sorry for that.