It's not always a good idea to run all its embedded applications as root user or it may be mandatory to allow other users than root to remotly connect to an embedded system.
This page will explain you how to add new users on your board.
Create user account
- As root, use the adduser command (here the new user is named guest):
# adduser guest Changing password for guest New password: Retype password: Password for guest changed by root
- If logged as guest you can change user's password with:
$ passwd Changing password for guest Old password: New password: Retype password: Password for guest changed by guest
- If logged as root you can change all other users password with:
# passwd guest Changing password for guest New password: Retype password: Password for guest changed by root
Make the change effective for all your future rootfs build
- Transfer /etc/passwd and /etc/shadow from your APF to your PC (here 192.168.0.2):
# tftp -p -l /etc/passwd -r passwd 192.168.0.2 # tftp -p -l /etc/shadow -r shadow 192.168.0.2
- Copy the transfered files (assuming your TFTP points to /tftpboot/) to your Buildroot's rootfs skeleton:
$ sudo chown $USER:$USER /tftpboot/shadow $ sudo chown $USER:$USER /tftpboot/passwd $ cp /tftpboot/passwd buildroot/target/device/armadeus/rootfs/target_skeleton/etc/ $ cp /tftpboot/shadow buildroot/target/device/armadeus/rootfs/target_skeleton/etc/
- Create user's HOME directory (here /home/guest):
$ mkdir -p buildroot/target/device/armadeus/rootfs/target_skeleton/home/guest
- Now each time you will build your rootfs from scratch, you will have the new user account active.
- If your rootfs was already built, you will also have to temporary copy the files in buildroot/output/target/.
- In recent armadeus versions (5.0 for example), you can also modify buildroot/target/device/armadeus/rootfs/post-build.sh to do all these operations automatically.
Already created users
- by default Buildroot sets up some common users. To see them:
# cat /etc/passwd
- When you create a user, he's by default allowed to login to your system and so allowed to use telnet and/or ssh. If you don't want some users to login (ex: users used by daemons), you can do the following:
- when creating an account use adduser guest -s /sbin/nologin
- if user was already created, then edit /etc/passwd and replace /bin/sh with /sbin/nologin at the end of the user entries
- create /sbin/nologin, put it the following content and don't forget to give it executables rights :
#!/bin/sh echo "User $USER is not allowed to login" exit 0