[LEDE-DEV] Procd and askconsole
John Crispin
john at phrozen.org
Tue Sep 20 00:54:44 PDT 2016
ok, lets do that then. i'll have a look at your patch from last week
during the day
John
On 20/09/2016 09:49, Lebleu Pierre wrote:
> Hi John,
>
> Indeed, I already tried that solution with the default shadow :
> --- a/package/base-files/files/etc/shadow
> +++ b/package/base-files/files/etc/shadow
> @@ -1,4 +1,4 @@
> -root::0:0:99999:7:::
> +root:*:0:0:99999:7:::
> daemon:*:0:0:99999:7:::
> ftp:*:0:0:99999:7:::
> network:*:0:0:99999:7:::
>
> Indeed, it works.
> Until my custom script is called, nobody is able to login.
> But, I think it will be better to have an inittab entry when everything is set like the old sysvinit.
>
> Pierre
>
> -----Original Message-----
> From: John Crispin [mailto:john at phrozen.org]
> Sent: dinsdag 20 september 2016 9:43
> To: Lebleu Pierre <Pierre.Lebleu at technicolor.com>; lede-dev at lists.infradead.org
> Subject: Re: [LEDE-DEV] Procd and askconsole
>
> Hi Pierre,
>
> the bahaviour you are observing is actually by design. would it be an option to ship a default unknown password on your device. that way login simply wont work until you have set you custom per-device password. you could then do so as the last step of your customs scripts.
>
> would that be an option ?
>
> John
>
> On 20/09/2016 09:40, Lebleu Pierre wrote:
>> Hi John,
>>
>> Thank you for your answer.
>>
>> I tried your solution but it seems not to work or it does not do what I want.
>> Indeed, the password is one thing but there is also the fact that the system is not ready (the scripts are still running).
>> As we can see, the hostname is not even set. I would like to allow the
>> user login only when everything is ready, because the filesystem is about to be modified.
>>
>> Cheers,
>>
>>
>> Pierre
>>
>> -----Original Message-----
>> From: John Crispin [mailto:john at phrozen.org]
>> Sent: vrijdag 16 september 2016 11:18
>> To: Lebleu Pierre <Pierre.Lebleu at technicolor.com>;
>> lede-dev at lists.infradead.org
>> Subject: Re: [LEDE-DEV] Procd and askconsole
>>
>>
>>
>> On 16/09/2016 10:48, Lebleu Pierre wrote:
>>> Hi all,
>>>
>>> I am new to this mailing list and I would like to present me as Pierre.
>>>
>>> I recently play a bit with procd and I found an "issue". Indeed, if I
>>> do a factory reset, I am able to login as root without login. I have
>>> some scripts in /etc/uci-defaults and one of them set the password
>>> for the root account. So, this behaviour looks like to me a bug.
>>>
>>> For my understanding, when procd reaches STATE_INIT, it runs the
>>> inittab and one of them is "askconsole". The problem is the system is
>>> not completely ready to receive the user : the hostname is not even
>>> set.
>>>
>>> In the old sysvinit, the inittab contains an entry called "bootwait"
>>> wich is executed after the termination of init (eg : "/etc/rc.d").
>>> I purpose to move the "askconsole" entry to STATE_RUNNING or to
>>> create a new entry called "askconsolewait" in order to keep backward
>>> compatibility.
>>>
>>> diff --git a/inittab.c b/inittab.c
>>> index ae2c431..2d590e4 100644
>>> --- a/inittab.c
>>> +++ b/inittab.c
>>> @@ -228,6 +228,10 @@ static struct init_handler handlers[] = {
>>> .name = "respawn",
>>> .cb = rcrespawn,
>>> .multi = 1,
>>> + }, {
>>> + .name = "askconsolewait",
>>> + .cb = askconsole,
>>> + .multi = 1,
>>> }
>>> };
>>>
>>> @@ -251,11 +255,9 @@ void procd_inittab_run(const char *handler)
>>>
>>> list_for_each_entry(a, &actions, list)
>>> if (!strcmp(a->handler->name, handler)) {
>>> - if (a->handler->multi) {
>>> - a->handler->cb(a);
>>> - continue;
>>> - }
>>> a->handler->cb(a);
>>> + if (a->handler->multi)
>>> + continue;
>>> break;
>>> }
>>> }
>>> diff --git a/state.c b/state.c
>>> index 4ad9e2d..fe37419 100644
>>> --- a/state.c
>>> +++ b/state.c
>>> @@ -128,6 +128,7 @@ static void state_enter(void)
>>>
>>> case STATE_RUNNING:
>>> LOG("- init complete -\n");
>>> + procd_inittab_run("askconsolewait");
>>> break;
>>>
>>> case STATE_SHUTDOWN:
>>>
>>> What is your view ? Thank you.
>>>
>>> Cheers,
>>>
>>> Pierre
>>>
>>> _______________________________________________
>>> Lede-dev mailing list
>>> Lede-dev at lists.infradead.org
>>> http://lists.infradead.org/mailman/listinfo/lede-dev
>>>
>>
>> Hi Pierre,
>>
>> just to be clear, you mean that there is a short timeslot between inittab/askconsole and uci-defaults during which a passwordless login is possible and you would liek to prevent this ?
>>
>> if i understood the problem corretly please simply set
>>
>> ttylogin=1 here ->
>>
>> https://git.lede-project.org/?p=source.git;a=blob;f=package/base-files
>> /files/bin/config_generate;h=80ed61b9e2dabf6f2f99102345be3da60097af3e;
>> hb=HEAD#l231
>>
>> that should make the image boot with password login required even if no password is set.
>>
>> the normal use case is that one flashes, enables the flag and then
>> upon second bootup the unit will require a login. in your use case you
>> already want the password protection on the very first boot i think
>>
>> John
>>
>
> _______________________________________________
> Lede-dev mailing list
> Lede-dev at lists.infradead.org
> http://lists.infradead.org/mailman/listinfo/lede-dev
>
More information about the Lede-dev
mailing list