I use Packer to add additional hardening measures to the publicly available Debian/Ubuntu/CentOS images on AWS and GCP. Part of those measures involves uploading files to the Packer VM instance. Since the builder uses the default SSH username: packer, whenever I need one of these uploaded files to be owned by root and/or stored in a directory only writable by root, I need to use two provisioners:
- a file provisioner to upload the file to
/tmp(or some similar writable area)
- a shell provisioner to move the file from
/tmpto the correct location using sudo and to call chown and/or chmod using sudo as well
It would seem natural to me that the file provisioner also offer optional owner and permissions parameters. I’ve searched the Issues (open and closed) in GitHub and didn’t find any that seem to ask for this feature, which makes me believe that there’s a better workaround, of which I’m unaware.