Difference between revisions of "Adding users"

From ArmadeusWiki
Jump to: navigation, search
(creation)
 
(Prevent login)
 
(8 intermediate revisions by one other user not shown)
Line 4: Line 4:
  
 
==Create user account==
 
==Create user account==
* Use the ''adduser'' command (here the new user is named ''guest''):
+
* As root, use the ''adduser'' command (here the new user is named ''guest''):
 
<pre class="apf">
 
<pre class="apf">
 
  # adduser guest
 
  # adduser guest
 +
Changing password for guest
 +
New password:
 +
Retype password:
 +
Password for guest changed by root
 +
</pre>
 +
 +
==Changing password==
 +
* If logged as ''guest'' you can change user's password with:
 +
<pre class="apf">
 +
$ passwd
 +
Changing password for guest
 +
Old password:
 +
New password:
 +
Retype password:
 +
Password for guest changed by guest
 +
</pre>
 +
* If logged as ''root'' you can change all other users password with:
 +
<pre class="apf">
 +
# passwd guest
 
  Changing password for guest
 
  Changing password for guest
 
  New password:
 
  New password:
Line 14: Line 33:
  
 
==Make the change effective for all your future rootfs build==
 
==Make the change effective for all your future rootfs build==
* Transfer ''/etc/passwd'' and ''/etc/shadow'' for your APF to your PC (here 192.168.0.2):
+
* Transfer ''/etc/passwd'' and ''/etc/shadow'' from your APF to your PC (here 192.168.0.2):
 
<pre class="apf">
 
<pre class="apf">
  # tftp -p -l /etc/passwd 192.168.0.2
+
  # tftp -p -l /etc/passwd -r passwd 192.168.0.2
  # tftp -p -l /etc/shadow 192.168.0.2
+
  # tftp -p -l /etc/shadow -r shadow 192.168.0.2
 
</pre>
 
</pre>
 
* Copy the transfered files (assuming your [[Communicate#TFTP_server|TFTP]] points to ''/tftpboot/'') to your Buildroot's rootfs skeleton:
 
* Copy the transfered files (assuming your [[Communicate#TFTP_server|TFTP]] points to ''/tftpboot/'') to your Buildroot's rootfs skeleton:
 
<pre class="host">
 
<pre class="host">
  $ source armadeus_env.sh
+
  $ sudo chown $USER:$USER /tftpboot/shadow
 +
$ sudo chown $USER:$USER /tftpboot/passwd
 
  $ cp /tftpboot/passwd buildroot/target/device/armadeus/rootfs/target_skeleton/etc/
 
  $ cp /tftpboot/passwd buildroot/target/device/armadeus/rootfs/target_skeleton/etc/
 
  $ cp /tftpboot/shadow buildroot/target/device/armadeus/rootfs/target_skeleton/etc/
 
  $ cp /tftpboot/shadow buildroot/target/device/armadeus/rootfs/target_skeleton/etc/
 
</pre>
 
</pre>
* Now each time you will build your rootfs you will have the new user account active
+
* Create user's HOME directory (here ''/home/guest''):
 +
<pre class="host">
 +
$ mkdir -p buildroot/target/device/armadeus/rootfs/target_skeleton/home/guest
 +
</pre>
 +
* Now each time you will build your rootfs '''from scratch''', you will have the new user account active.
 +
* If your rootfs was already built, you will also have to temporary copy the files in ''buildroot/output/target/''.
 +
* In recent armadeus versions (5.0 for example), you can also modify ''buildroot/target/device/armadeus/rootfs/post-build.sh'' to do all these operations automatically.
 +
 
 +
==Already created users==
 +
* by default Buildroot sets up some common users. To see them:
 +
<pre class="apf">
 +
# cat /etc/passwd
 +
</pre>
 +
 
 +
==Prevent login==
 +
* When you create a user, he's by default allowed to login to your system and so allowed to use telnet and/or ssh. If you don't want some users to login (ex: users used by daemons), you can do the following:
 +
** when creating an account use ''adduser guest -s /sbin/nologin''
 +
** if user was already created, then edit ''/etc/passwd'' and replace ''/bin/sh'' with ''/sbin/nologin'' at the end of the user entries
 +
** create ''/sbin/nologin'', put it the following content and don't forget to give it executables rights :
 +
<pre class="apf">
 +
#!/bin/sh
 +
 
 +
echo "User $USER is not allowed to login"
 +
exit 0
 +
</pre>
 +
 
 +
== Links ==
 +
 
 +
* [[How to set the default root password]]

Latest revision as of 08:48, 11 October 2013

It's not always a good idea to run all its embedded applications as root user or it may be mandatory to allow other users than root to remotly connect to an embedded system.

This page will explain you how to add new users on your board.

Create user account

  • As root, use the adduser command (here the new user is named guest):
 # adduser guest
 Changing password for guest
 New password:
 Retype password:
 Password for guest changed by root

Changing password

  • If logged as guest you can change user's password with:
 $ passwd
 Changing password for guest
 Old password:
 New password:
 Retype password:
 Password for guest changed by guest
  • If logged as root you can change all other users password with:
 # passwd guest
 Changing password for guest
 New password:
 Retype password:
 Password for guest changed by root

Make the change effective for all your future rootfs build

  • Transfer /etc/passwd and /etc/shadow from your APF to your PC (here 192.168.0.2):
 # tftp -p -l /etc/passwd -r passwd 192.168.0.2
 # tftp -p -l /etc/shadow -r shadow 192.168.0.2
  • Copy the transfered files (assuming your TFTP points to /tftpboot/) to your Buildroot's rootfs skeleton:
 $ sudo chown $USER:$USER /tftpboot/shadow
 $ sudo chown $USER:$USER /tftpboot/passwd
 $ cp /tftpboot/passwd buildroot/target/device/armadeus/rootfs/target_skeleton/etc/
 $ cp /tftpboot/shadow buildroot/target/device/armadeus/rootfs/target_skeleton/etc/
  • Create user's HOME directory (here /home/guest):
 $ mkdir -p buildroot/target/device/armadeus/rootfs/target_skeleton/home/guest
  • Now each time you will build your rootfs from scratch, you will have the new user account active.
  • If your rootfs was already built, you will also have to temporary copy the files in buildroot/output/target/.
  • In recent armadeus versions (5.0 for example), you can also modify buildroot/target/device/armadeus/rootfs/post-build.sh to do all these operations automatically.

Already created users

  • by default Buildroot sets up some common users. To see them:
 # cat /etc/passwd

Prevent login

  • When you create a user, he's by default allowed to login to your system and so allowed to use telnet and/or ssh. If you don't want some users to login (ex: users used by daemons), you can do the following:
    • when creating an account use adduser guest -s /sbin/nologin
    • if user was already created, then edit /etc/passwd and replace /bin/sh with /sbin/nologin at the end of the user entries
    • create /sbin/nologin, put it the following content and don't forget to give it executables rights :
#!/bin/sh

echo "User $USER is not allowed to login"
exit 0

Links