Difference between revisions of "Adding users"

Latest revision as of 09:48, 11 October 2013

It's not always a good idea to run all its embedded applications as root user or it may be mandatory to allow other users than root to remotly connect to an embedded system.

This page will explain you how to add new users on your board.

Create user account

As root, use the adduser command (here the new user is named guest):

 # adduser guest
 Changing password for guest
 New password:
 Retype password:
 Password for guest changed by root

Changing password

If logged as guest you can change user's password with:

 $ passwd
 Changing password for guest
 Old password:
 New password:
 Retype password:
 Password for guest changed by guest

If logged as root you can change all other users password with:

 # passwd guest
 Changing password for guest
 New password:
 Retype password:
 Password for guest changed by root

Make the change effective for all your future rootfs build

Transfer /etc/passwd and /etc/shadow from your APF to your PC (here 192.168.0.2):

 # tftp -p -l /etc/passwd -r passwd 192.168.0.2
 # tftp -p -l /etc/shadow -r shadow 192.168.0.2

Copy the transfered files (assuming your TFTP points to /tftpboot/) to your Buildroot's rootfs skeleton:

 $ sudo chown $USER:$USER /tftpboot/shadow
 $ sudo chown $USER:$USER /tftpboot/passwd
 $ cp /tftpboot/passwd buildroot/target/device/armadeus/rootfs/target_skeleton/etc/
 $ cp /tftpboot/shadow buildroot/target/device/armadeus/rootfs/target_skeleton/etc/

Create user's HOME directory (here /home/guest):

 $ mkdir -p buildroot/target/device/armadeus/rootfs/target_skeleton/home/guest

Now each time you will build your rootfs from scratch, you will have the new user account active.
If your rootfs was already built, you will also have to temporary copy the files in buildroot/output/target/.
In recent armadeus versions (5.0 for example), you can also modify buildroot/target/device/armadeus/rootfs/post-build.sh to do all these operations automatically.

Already created users

by default Buildroot sets up some common users. To see them:

 # cat /etc/passwd

Prevent login

When you create a user, he's by default allowed to login to your system and so allowed to use telnet and/or ssh. If you don't want some users to login (ex: users used by daemons), you can do the following:
- when creating an account use adduser guest -s /sbin/nologin
- if user was already created, then edit /etc/passwd and replace /bin/sh with /sbin/nologin at the end of the user entries
- create /sbin/nologin, put it the following content and don't forget to give it executables rights :

#!/bin/sh

echo "User $USER is not allowed to login"
exit 0

Links

How to set the default root password

@@ Line 4: / Line 4: @@
 ==Create user account==
-* Use the ''adduser'' command (here the new user is named ''guest''):
+* As root, use the ''adduser'' command (here the new user is named ''guest''):
 <pre class="apf">
   # adduser guest
@@ Line 20: / Line 20: @@
   Old password:
   New password:
+ Retype password:
+ Password for guest changed by guest
 </pre>
 * If logged as ''root'' you can change all other users password with:
@@ Line 31: / Line 33: @@
 ==Make the change effective for all your future rootfs build==
-* Transfer ''/etc/passwd'' and ''/etc/shadow'' for your APF to your PC (here 192.168.0.2):
+* Transfer ''/etc/passwd'' and ''/etc/shadow'' from your APF to your PC (here 192.168.0.2):
 <pre class="apf">
-  # tftp -p -l /etc/passwd 192.168.0.2
+  # tftp -p -l /etc/passwd -r passwd 192.168.0.2
-  # tftp -p -l /etc/shadow 192.168.0.2
+  # tftp -p -l /etc/shadow -r shadow 192.168.0.2
 </pre>
 * Copy the transfered files (assuming your [[Communicate#TFTP_server|TFTP]] points to ''/tftpboot/'') to your Buildroot's rootfs skeleton:
 <pre class="host">
-  $ source armadeus_env.sh
+  $ sudo chown $USER:$USER /tftpboot/shadow
+ $ sudo chown $USER:$USER /tftpboot/passwd
   $ cp /tftpboot/passwd buildroot/target/device/armadeus/rootfs/target_skeleton/etc/
   $ cp /tftpboot/shadow buildroot/target/device/armadeus/rootfs/target_skeleton/etc/
@@ Line 46: / Line 49: @@
   $ mkdir -p buildroot/target/device/armadeus/rootfs/target_skeleton/home/guest
 </pre>
-* Now each time you will build your rootfs you will have the new user account active
+* Now each time you will build your rootfs '''from scratch''', you will have the new user account active.
+* If your rootfs was already built, you will also have to temporary copy the files in ''buildroot/output/target/''.
+* In recent armadeus versions (5.0 for example), you can also modify ''buildroot/target/device/armadeus/rootfs/post-build.sh'' to do all these operations automatically.
+==Already created users==
+* by default Buildroot sets up some common users. To see them:
+<pre class="apf">
+ # cat /etc/passwd
+</pre>
+==Prevent login==
+* When you create a user, he's by default allowed to login to your system and so allowed to use telnet and/or ssh. If you don't want some users to login (ex: users used by daemons), you can do the following:
+** when creating an account use ''adduser guest -s /sbin/nologin''
+** if user was already created, then edit ''/etc/passwd'' and replace ''/bin/sh'' with ''/sbin/nologin'' at the end of the user entries
+** create ''/sbin/nologin'', put it the following content and don't forget to give it executables rights :
+<pre class="apf">
+#!/bin/sh
+echo "User $USER is not allowed to login"
+exit 0
+</pre>
+== Links ==
+* [[How to set the default root password]]

Difference between revisions of "Adding users"

Latest revision as of 09:48, 11 October 2013

Contents

Create user account

Changing password

Make the change effective for all your future rootfs build

Already created users

Prevent login

Links

Navigation menu

Views

Personal tools

Navigation

Support/community

Development

Search

Tools