/boot/wpa_config being copied with wrong permission

Question

I plug the micro SD into my MacBook. I then save a correct /Volumes/boot/wpa_supplicant.conf with file permissions with 777 (default when creating files into the FAT partition). Then, when I move back the micro SD into the Pi and I boot, the file gets copied to /etc/wpa_supplicant/wpa_supplicant.conf but with a 600 file permission, when originally it was 644. That way, when the Pi boots, I cannot SSH from outside. So I am stuck. I cannot specify network and connect to it without a keyboard and a monitor....

I am using raspbian stretch on a Pi Zero W.

Any workaround or ideas?

AFAIK permissions on wpa_suppicant are irrelevant for SSH. 600 seems to be normal for the file anyway. SSH on Rapbian is not active by default. Did you activate it? — Dirk, Oct 19 '18 at 13:16

score 1 · Answer 1 · answered Oct 19 '18 at 21:19

1

The answer to the question you asked is simple - FAT partitions DO NOT support permissions. Anything you set is ignored.

answered Oct 19 '18 at 21:19

Milliways

59,890
31
101
209

score 1 · Answer 2 · answered Oct 19 '18 at 21:46

While Milliways' answer is correct in stating that /boot is a FAT partition and its file access permissions work quite different from unixoid filesystems that is not why /etc/wpa_supplicant/wpa_supplicant.conf has 600 permission. That is in fact by design and by the way a perfectly valid permission setting for Raspbian Strech - and working WiFi (I am typing this while being remotely logged into a Pi Zero via WiFi and a 600 wpa_supplicant.conf).

But how come we know that its perms are 600 after Raspbian moving the file from /boot/ to /etc/wpa_supplicant/? That is because it's explicitely in the code. /etc/systemd/multi-user-target.wants/ has raspberrypi-net-mods.service that is doing the trick. It is moving the file and sets the permissions to 600. Given that it contains your WiFi credentials in plain text it might be wise to not have world (i.e. other) read permissions on it.

This is the actual code:

[Service]
Type=oneshot
RemainAfterExit=yes
ExecStart=/bin/mv /boot/wpa_supplicant.conf /etc/wpa_supplicant/wpa_supplicant.conf
ExecStartPost=/bin/chmod 600 /etc/wpa_supplicant/wpa_supplicant.conf

... and some related further reading: Creating /boot/ssh and /boot/wpa_supplicant.conf (for a headless setup) works, but how?.

score 0 · Answer 3 · answered Oct 19 '18 at 13:26

0

Yes, sorry, I thought it was the file permission but indeed even 600 does work with the original file. I am waiting another 40 to post the real problem I found...

answered Oct 19 '18 at 13:26

Mariano Martinez Peck

193
6

Here it is the new question: https://raspberrypi.stackexchange.com/questions/90119/whats-wrong-with-this-wpa-suppplicant-conf-file – Mariano Martinez Peck Oct 19 '18 at 13:27

/boot/wpa_config being copied with wrong permission

3 Answers3

Linked