[LEDE-DEV] Procd and askconsole
Lebleu Pierre
Pierre.Lebleu at technicolor.com
Tue Sep 20 00:49:04 PDT 2016
Hi John,
Indeed, I already tried that solution with the default shadow :
--- a/package/base-files/files/etc/shadow
+++ b/package/base-files/files/etc/shadow
@@ -1,4 +1,4 @@
-root::0:0:99999:7:::
+root:*:0:0:99999:7:::
daemon:*:0:0:99999:7:::
ftp:*:0:0:99999:7:::
network:*:0:0:99999:7:::
Indeed, it works.
Until my custom script is called, nobody is able to login.
But, I think it will be better to have an inittab entry when everything is set like the old sysvinit.
Pierre
-----Original Message-----
From: John Crispin [mailto:john at phrozen.org]
Sent: dinsdag 20 september 2016 9:43
To: Lebleu Pierre <Pierre.Lebleu at technicolor.com>; lede-dev at lists.infradead.org
Subject: Re: [LEDE-DEV] Procd and askconsole
Hi Pierre,
the bahaviour you are observing is actually by design. would it be an option to ship a default unknown password on your device. that way login simply wont work until you have set you custom per-device password. you could then do so as the last step of your customs scripts.
would that be an option ?
John
On 20/09/2016 09:40, Lebleu Pierre wrote:
> Hi John,
>
> Thank you for your answer.
>
> I tried your solution but it seems not to work or it does not do what I want.
> Indeed, the password is one thing but there is also the fact that the system is not ready (the scripts are still running).
> As we can see, the hostname is not even set. I would like to allow the
> user login only when everything is ready, because the filesystem is about to be modified.
>
> Cheers,
>
>
> Pierre
>
> -----Original Message-----
> From: John Crispin [mailto:john at phrozen.org]
> Sent: vrijdag 16 september 2016 11:18
> To: Lebleu Pierre <Pierre.Lebleu at technicolor.com>;
> lede-dev at lists.infradead.org
> Subject: Re: [LEDE-DEV] Procd and askconsole
>
>
>
> On 16/09/2016 10:48, Lebleu Pierre wrote:
>> Hi all,
>>
>> I am new to this mailing list and I would like to present me as Pierre.
>>
>> I recently play a bit with procd and I found an "issue". Indeed, if I
>> do a factory reset, I am able to login as root without login. I have
>> some scripts in /etc/uci-defaults and one of them set the password
>> for the root account. So, this behaviour looks like to me a bug.
>>
>> For my understanding, when procd reaches STATE_INIT, it runs the
>> inittab and one of them is "askconsole". The problem is the system is
>> not completely ready to receive the user : the hostname is not even
>> set.
>>
>> In the old sysvinit, the inittab contains an entry called "bootwait"
>> wich is executed after the termination of init (eg : "/etc/rc.d").
>> I purpose to move the "askconsole" entry to STATE_RUNNING or to
>> create a new entry called "askconsolewait" in order to keep backward
>> compatibility.
>>
>> diff --git a/inittab.c b/inittab.c
>> index ae2c431..2d590e4 100644
>> --- a/inittab.c
>> +++ b/inittab.c
>> @@ -228,6 +228,10 @@ static struct init_handler handlers[] = {
>> .name = "respawn",
>> .cb = rcrespawn,
>> .multi = 1,
>> + }, {
>> + .name = "askconsolewait",
>> + .cb = askconsole,
>> + .multi = 1,
>> }
>> };
>>
>> @@ -251,11 +255,9 @@ void procd_inittab_run(const char *handler)
>>
>> list_for_each_entry(a, &actions, list)
>> if (!strcmp(a->handler->name, handler)) {
>> - if (a->handler->multi) {
>> - a->handler->cb(a);
>> - continue;
>> - }
>> a->handler->cb(a);
>> + if (a->handler->multi)
>> + continue;
>> break;
>> }
>> }
>> diff --git a/state.c b/state.c
>> index 4ad9e2d..fe37419 100644
>> --- a/state.c
>> +++ b/state.c
>> @@ -128,6 +128,7 @@ static void state_enter(void)
>>
>> case STATE_RUNNING:
>> LOG("- init complete -\n");
>> + procd_inittab_run("askconsolewait");
>> break;
>>
>> case STATE_SHUTDOWN:
>>
>> What is your view ? Thank you.
>>
>> Cheers,
>>
>> Pierre
>>
>> _______________________________________________
>> Lede-dev mailing list
>> Lede-dev at lists.infradead.org
>> http://lists.infradead.org/mailman/listinfo/lede-dev
>>
>
> Hi Pierre,
>
> just to be clear, you mean that there is a short timeslot between inittab/askconsole and uci-defaults during which a passwordless login is possible and you would liek to prevent this ?
>
> if i understood the problem corretly please simply set
>
> ttylogin=1 here ->
>
> https://git.lede-project.org/?p=source.git;a=blob;f=package/base-files
> /files/bin/config_generate;h=80ed61b9e2dabf6f2f99102345be3da60097af3e;
> hb=HEAD#l231
>
> that should make the image boot with password login required even if no password is set.
>
> the normal use case is that one flashes, enables the flag and then
> upon second bootup the unit will require a login. in your use case you
> already want the password protection on the very first boot i think
>
> John
>
More information about the Lede-dev
mailing list