Difference between revisions of "Adding users"
From ArmadeusWiki
(→Changing password) |
(→Prevent login) |
||
(5 intermediate revisions by one other user not shown) | |||
Line 4: | Line 4: | ||
==Create user account== | ==Create user account== | ||
− | * | + | * As root, use the ''adduser'' command (here the new user is named ''guest''): |
<pre class="apf"> | <pre class="apf"> | ||
# adduser guest | # adduser guest | ||
Line 33: | Line 33: | ||
==Make the change effective for all your future rootfs build== | ==Make the change effective for all your future rootfs build== | ||
− | * Transfer ''/etc/passwd'' and ''/etc/shadow'' | + | * Transfer ''/etc/passwd'' and ''/etc/shadow'' from your APF to your PC (here 192.168.0.2): |
<pre class="apf"> | <pre class="apf"> | ||
− | # tftp -p -l /etc/passwd 192.168.0.2 | + | # tftp -p -l /etc/passwd -r passwd 192.168.0.2 |
− | # tftp -p -l /etc/shadow 192.168.0.2 | + | # tftp -p -l /etc/shadow -r shadow 192.168.0.2 |
</pre> | </pre> | ||
* Copy the transfered files (assuming your [[Communicate#TFTP_server|TFTP]] points to ''/tftpboot/'') to your Buildroot's rootfs skeleton: | * Copy the transfered files (assuming your [[Communicate#TFTP_server|TFTP]] points to ''/tftpboot/'') to your Buildroot's rootfs skeleton: | ||
<pre class="host"> | <pre class="host"> | ||
− | $ | + | $ sudo chown $USER:$USER /tftpboot/shadow |
+ | $ sudo chown $USER:$USER /tftpboot/passwd | ||
$ cp /tftpboot/passwd buildroot/target/device/armadeus/rootfs/target_skeleton/etc/ | $ cp /tftpboot/passwd buildroot/target/device/armadeus/rootfs/target_skeleton/etc/ | ||
$ cp /tftpboot/shadow buildroot/target/device/armadeus/rootfs/target_skeleton/etc/ | $ cp /tftpboot/shadow buildroot/target/device/armadeus/rootfs/target_skeleton/etc/ | ||
Line 48: | Line 49: | ||
$ mkdir -p buildroot/target/device/armadeus/rootfs/target_skeleton/home/guest | $ mkdir -p buildroot/target/device/armadeus/rootfs/target_skeleton/home/guest | ||
</pre> | </pre> | ||
− | * Now each time you will build your rootfs you will have the new user account active | + | * Now each time you will build your rootfs '''from scratch''', you will have the new user account active. |
+ | * If your rootfs was already built, you will also have to temporary copy the files in ''buildroot/output/target/''. | ||
+ | * In recent armadeus versions (5.0 for example), you can also modify ''buildroot/target/device/armadeus/rootfs/post-build.sh'' to do all these operations automatically. | ||
+ | |||
+ | ==Already created users== | ||
+ | * by default Buildroot sets up some common users. To see them: | ||
+ | <pre class="apf"> | ||
+ | # cat /etc/passwd | ||
+ | </pre> | ||
+ | |||
+ | ==Prevent login== | ||
+ | * When you create a user, he's by default allowed to login to your system and so allowed to use telnet and/or ssh. If you don't want some users to login (ex: users used by daemons), you can do the following: | ||
+ | ** when creating an account use ''adduser guest -s /sbin/nologin'' | ||
+ | ** if user was already created, then edit ''/etc/passwd'' and replace ''/bin/sh'' with ''/sbin/nologin'' at the end of the user entries | ||
+ | ** create ''/sbin/nologin'', put it the following content and don't forget to give it executables rights : | ||
+ | <pre class="apf"> | ||
+ | #!/bin/sh | ||
+ | |||
+ | echo "User $USER is not allowed to login" | ||
+ | exit 0 | ||
+ | </pre> | ||
+ | |||
+ | == Links == | ||
+ | |||
+ | * [[How to set the default root password]] |
Latest revision as of 08:48, 11 October 2013
It's not always a good idea to run all its embedded applications as root user or it may be mandatory to allow other users than root to remotly connect to an embedded system.
This page will explain you how to add new users on your board.
Contents
Create user account
- As root, use the adduser command (here the new user is named guest):
# adduser guest Changing password for guest New password: Retype password: Password for guest changed by root
Changing password
- If logged as guest you can change user's password with:
$ passwd Changing password for guest Old password: New password: Retype password: Password for guest changed by guest
- If logged as root you can change all other users password with:
# passwd guest Changing password for guest New password: Retype password: Password for guest changed by root
Make the change effective for all your future rootfs build
- Transfer /etc/passwd and /etc/shadow from your APF to your PC (here 192.168.0.2):
# tftp -p -l /etc/passwd -r passwd 192.168.0.2 # tftp -p -l /etc/shadow -r shadow 192.168.0.2
- Copy the transfered files (assuming your TFTP points to /tftpboot/) to your Buildroot's rootfs skeleton:
$ sudo chown $USER:$USER /tftpboot/shadow $ sudo chown $USER:$USER /tftpboot/passwd $ cp /tftpboot/passwd buildroot/target/device/armadeus/rootfs/target_skeleton/etc/ $ cp /tftpboot/shadow buildroot/target/device/armadeus/rootfs/target_skeleton/etc/
- Create user's HOME directory (here /home/guest):
$ mkdir -p buildroot/target/device/armadeus/rootfs/target_skeleton/home/guest
- Now each time you will build your rootfs from scratch, you will have the new user account active.
- If your rootfs was already built, you will also have to temporary copy the files in buildroot/output/target/.
- In recent armadeus versions (5.0 for example), you can also modify buildroot/target/device/armadeus/rootfs/post-build.sh to do all these operations automatically.
Already created users
- by default Buildroot sets up some common users. To see them:
# cat /etc/passwd
Prevent login
- When you create a user, he's by default allowed to login to your system and so allowed to use telnet and/or ssh. If you don't want some users to login (ex: users used by daemons), you can do the following:
- when creating an account use adduser guest -s /sbin/nologin
- if user was already created, then edit /etc/passwd and replace /bin/sh with /sbin/nologin at the end of the user entries
- create /sbin/nologin, put it the following content and don't forget to give it executables rights :
#!/bin/sh echo "User $USER is not allowed to login" exit 0