Set-id bits on an ISO

205 views Asked by At

I'm creating an ISO of a Debian system with:

mkisofs -V "Debian ISO" -cache-inodes -J -l -o file.iso debian-system/

The problem is: when I mount the ISO (mount -o loop) ping and sudo don't work because their suid bits have not been set.

I know that special bis are cleared by the -r flag. This flag generates the "rationalized Rock Ridge directory information" which enables to retain the original file permissions, but also clears any set-id bits.

But if I don't use -r, file permissions will be the same for all files, as specified at runtime when the ISO is mounted.

Question: how to add set-id files like ping and sudo to a linux "live" ISO?

1

There are 1 answers

2
ivanivan On BEST ANSWER

You need to use an alternate file system, that supports those permissions.

The way a LiveCD/DVD works is there is a squashfs file that is mounted with changes made in RAM.

You could "fake" the same by creating a file full of zeros using dd, make a file system on it wtih mkfs.ext4, mount it, and copy the files onto it. Then on your custom disk, mount it as loop (mount -o loop /path/to/file /mnt/point) and symlink/etc the binaries over.