Difference between revisions of "Adding users"

From ArmadeusWiki
Jump to: navigation, search
m (Create user account)
(Make the change effective for all your future rootfs build)
Line 50: Line 50:
 
</pre>
 
</pre>
 
* Now each time you will build your rootfs you will have the new user account active
 
* Now each time you will build your rootfs you will have the new user account active
 +
 +
==Already created users==
 +
* by default Buildroot sets up some common users. To see them:
 +
<pre class="apf">
 +
# cat /etc/passwd
 +
</pre>
 +
 +
==Prevent login==
 +
* When you create a user, he's by default allowed to login to your system and so allowed to use telnet and/or ssh. If you don't want some users to login (ex: users used by daemons), you can do the following:
 +
** when creating an account use ''adduser guest -s /sbin/nologin''
 +
** if user was already created, then edit ''/etc/passwd'' and replace ''/bin/sh'' with ''/sbin/nologin'' at the end of the user entries
 +
** create ''/sbin/nologin'', put it the following content and don't forget to give it executables rights :
 +
<pre class="apf">
 +
#!/bin/sh
 +
 +
echo "User $USER is not allowed to login"
 +
exit 0
 +
</pre>

Revision as of 16:12, 25 November 2009

It's not always a good idea to run all its embedded applications as root user or it may be mandatory to allow other users than root to remotly connect to an embedded system.

This page will explain you how to add new users on your board.

Create user account

  • As root, use the adduser command (here the new user is named guest):
 # adduser guest
 Changing password for guest
 New password:
 Retype password:
 Password for guest changed by root

Changing password

  • If logged as guest you can change user's password with:
 $ passwd
 Changing password for guest
 Old password:
 New password:
 Retype password:
 Password for guest changed by guest
  • If logged as root you can change all other users password with:
 # passwd guest
 Changing password for guest
 New password:
 Retype password:
 Password for guest changed by root

Make the change effective for all your future rootfs build

  • Transfer /etc/passwd and /etc/shadow from your APF to your PC (here 192.168.0.2):
 # tftp -p -l /etc/passwd -r passwd 192.168.0.2
 # tftp -p -l /etc/shadow -r shadow 192.168.0.2
  • Copy the transfered files (assuming your TFTP points to /tftpboot/) to your Buildroot's rootfs skeleton:
 $ sudo chown $USER:$USER /tftpboot/shadow
 $ sudo chown $USER:$USER /tftpboot/passwd
 $ cp /tftpboot/passwd buildroot/target/device/armadeus/rootfs/target_skeleton/etc/
 $ cp /tftpboot/shadow buildroot/target/device/armadeus/rootfs/target_skeleton/etc/
  • Create user's HOME directory (here /home/guest):
 $ mkdir -p buildroot/target/device/armadeus/rootfs/target_skeleton/home/guest
  • Now each time you will build your rootfs you will have the new user account active

Already created users

  • by default Buildroot sets up some common users. To see them:
 # cat /etc/passwd

Prevent login

  • When you create a user, he's by default allowed to login to your system and so allowed to use telnet and/or ssh. If you don't want some users to login (ex: users used by daemons), you can do the following:
    • when creating an account use adduser guest -s /sbin/nologin
    • if user was already created, then edit /etc/passwd and replace /bin/sh with /sbin/nologin at the end of the user entries
    • create /sbin/nologin, put it the following content and don't forget to give it executables rights :
#!/bin/sh

echo "User $USER is not allowed to login"
exit 0