Specifying Owner and Permissions in File Provisioner

marcboudreau · September 14, 2020, 2:08pm

Hi,
I use Packer to add additional hardening measures to the publicly available Debian/Ubuntu/CentOS images on AWS and GCP. Part of those measures involves uploading files to the Packer VM instance. Since the builder uses the default SSH username: packer, whenever I need one of these uploaded files to be owned by root and/or stored in a directory only writable by root, I need to use two provisioners:

a file provisioner to upload the file to /tmp (or some similar writable area)
a shell provisioner to move the file from /tmp to the correct location using sudo and to call chown and/or chmod using sudo as well

It would seem natural to me that the file provisioner also offer optional owner and permissions parameters. I’ve searched the Issues (open and closed) in GitHub and didn’t find any that seem to ask for this feature, which makes me believe that there’s a better workaround, of which I’m unaware.

SwampDragons · September 15, 2020, 6:42pm

There’s no way to do this within the file provisioner. You can open a feature request on the Packer github, and in the meantime you can work around this by setting the permissions via a script in the shell provisioner.

MounaVignesh · December 10, 2021, 2:32pm

You Can give 755 permission to /tmp/packer folder and its will scp.

chmod 755 /tmp/packer/ -R. its works for me (centos 7 CIS AMI)

before:
“provisioners”:[
{
“type”: “shell”,
“inline”: [
“mkdir -p /etc/packer/files”,
“chown -R {{user source_ami_ssh_user}}:{{user source_ami_ssh_user}} /etc/packer/files”

After:
“provisioners”:[
{
“type”: “shell”,
“inline”: [
“mkdir -p /etc/packer/files”,
“chmod 755 /etc/packer -R”,
“chown -R {{user source_ami_ssh_user}}:{{user source_ami_ssh_user}} /etc/packer/files”