From: Daniel Dickinson <[email protected]> Passwordless root login is undesirable by default on any platform, therefore make requiring a login to gain root (or any other user) even on hardware console the default. This is an opt-out option that can by disabled at image generation time by passing the variable PASSWORDLESS_CONSOLE=1 in make command line or by otherwise making sure the file /lib/preinit/zz_passwordless_console exists.
Signed-off-by: Daniel Dickinson <[email protected]> --- include/image.mk | 2 ++ package/base-files/files/etc/inittab | 2 +- package/base-files/files/sbin/login_wrapper | 8 ++++++++ package/utils/busybox/Config-defaults.in | 4 ++-- target/imagebuilder/files/Makefile | 4 ++-- target/linux/adm5120/base-files/etc/inittab | 6 +++--- target/linux/ar71xx/base-files/etc/inittab | 2 +- target/linux/arm64/base-files/etc/inittab | 6 +++--- target/linux/brcm2708/base-files/etc/inittab | 4 ++-- target/linux/ipq806x/base-files/etc/inittab | 2 +- target/linux/malta/base-files/etc/inittab | 10 +++++----- target/linux/mediatek/base-files/etc/inittab | 2 +- target/linux/mxs/base-files/etc/inittab | 2 +- target/linux/omap/base-files/etc/inittab | 6 +++--- target/linux/omap24xx/base-files/etc/inittab | 6 +++--- target/linux/ppc44x/base-files/etc/inittab | 4 ++-- target/linux/ramips/base-files/etc/inittab | 2 +- target/linux/realview/base-files/etc/inittab | 6 +++--- target/linux/sunxi/base-files/etc/inittab | 6 +++--- target/linux/x86/base-files/etc/inittab | 4 ++-- target/linux/x86/xen_domu/base-files/etc/inittab | 6 +++--- 21 files changed, 52 insertions(+), 42 deletions(-) create mode 100755 package/base-files/files/sbin/login_wrapper diff --git a/include/image.mk b/include/image.mk index 1522dd7..5413481 100644 --- a/include/image.mk +++ b/include/image.mk @@ -276,6 +276,8 @@ define Image/mkfs/prepare/default - $(FIND) $(TARGET_DIR) -type d -print0 | $(XARGS) -0 chmod u+rwx,g+rx,o+rx $(INSTALL_DIR) $(TARGET_DIR)/tmp $(TARGET_DIR)/overlay chmod 1777 $(TARGET_DIR)/tmp + mkdir -p $(TARGET_DIR)/lib/preinit + $(if $(PASSWORDLESS_CONSOLE),touch $(TARGET_DIR)/lib/preinit/zz_passwordless_console) endef define Image/mkfs/prepare diff --git a/package/base-files/files/etc/inittab b/package/base-files/files/etc/inittab index 7817185..46372f6 100644 --- a/package/base-files/files/etc/inittab +++ b/package/base-files/files/etc/inittab @@ -1,3 +1,3 @@ ::sysinit:/etc/init.d/rcS S boot ::shutdown:/etc/init.d/rcS K shutdown -::askconsole:/bin/ash --login +::askconsole:/sbin/login_wrapper diff --git a/package/base-files/files/sbin/login_wrapper b/package/base-files/files/sbin/login_wrapper new file mode 100755 index 0000000..874d378 --- /dev/null +++ b/package/base-files/files/sbin/login_wrapper @@ -0,0 +1,8 @@ +#!/bin/sh + +if [ -r /lib/preinit/zz_passwordless_console ]; then + exec /bin/ash --login +fi + +exec /bin/login + diff --git a/package/utils/busybox/Config-defaults.in b/package/utils/busybox/Config-defaults.in index 75c5976..3ae08b1 100644 --- a/package/utils/busybox/Config-defaults.in +++ b/package/utils/busybox/Config-defaults.in @@ -1212,10 +1212,10 @@ config BUSYBOX_DEFAULT_GETTY default n config BUSYBOX_DEFAULT_LOGIN bool - default n + default y config BUSYBOX_DEFAULT_LOGIN_SESSION_AS_CHILD bool - default n + default y config BUSYBOX_DEFAULT_LOGIN_SCRIPTS bool default n diff --git a/target/imagebuilder/files/Makefile b/target/imagebuilder/files/Makefile index f612ea9..64e55e2 100644 --- a/target/imagebuilder/files/Makefile +++ b/target/imagebuilder/files/Makefile @@ -43,7 +43,7 @@ Building images: make image PACKAGES="<pkg1> [<pkg2> [<pkg3> ...]]" # include extra packages make image FILES="<path>" # include extra files from <path> make image BIN_DIR="<path>" # alternative output directory for the images - + make image PASSWORDLESS_CONSOLE=1 # Disable requiring login prompt to get console shell endef $(eval $(call shexport,Helptext)) @@ -174,7 +174,7 @@ package_postinst: FORCE build_image: FORCE @echo @echo Building images... - $(NO_TRACE_MAKE) -C target/linux/$(BOARD)/image install TARGET_BUILD=1 IB=1 \ + $(NO_TRACE_MAKE) -C target/linux/$(BOARD)/image install TARGET_BUILD=1 IB=1 PASSWORDLESS_CONSOLE="$(PASSWORDLESS_CONSOLE)" \ $(if $(USER_PROFILE),PROFILE="$(USER_PROFILE)") clean: diff --git a/target/linux/adm5120/base-files/etc/inittab b/target/linux/adm5120/base-files/etc/inittab index 9f7c0ae..760bca0 100644 --- a/target/linux/adm5120/base-files/etc/inittab +++ b/target/linux/adm5120/base-files/etc/inittab @@ -1,5 +1,5 @@ ::sysinit:/etc/init.d/rcS S boot ::shutdown:/etc/init.d/rcS K shutdown -tts/0::askfirst:/bin/ash --login -ttyAM0::askfirst:/bin/ash --login -tty1::askfirst:/bin/ash --login +tts/0::askfirst:/sbin/login_wrapper +ttyAM0::askfirst:/sbin/login_wrapper +tty1::askfirst:/sbin/login_wrapper diff --git a/target/linux/ar71xx/base-files/etc/inittab b/target/linux/ar71xx/base-files/etc/inittab index 7817185..46372f6 100644 --- a/target/linux/ar71xx/base-files/etc/inittab +++ b/target/linux/ar71xx/base-files/etc/inittab @@ -1,3 +1,3 @@ ::sysinit:/etc/init.d/rcS S boot ::shutdown:/etc/init.d/rcS K shutdown -::askconsole:/bin/ash --login +::askconsole:/sbin/login_wrapper diff --git a/target/linux/arm64/base-files/etc/inittab b/target/linux/arm64/base-files/etc/inittab index d9d571e..d3c1fbb 100644 --- a/target/linux/arm64/base-files/etc/inittab +++ b/target/linux/arm64/base-files/etc/inittab @@ -1,5 +1,5 @@ ::sysinit:/etc/init.d/rcS S boot ::shutdown:/etc/init.d/rcS K shutdown -tts/0::askfirst:/bin/ash --login -ttyAMA0::askfirst:/bin/ash --login -tty1::askfirst:/bin/ash --login +tts/0::askfirst:/sbin/login_wrapper +ttyAMA0::askfirst:/sbin/login_wrapper +tty1::askfirst:/sbin/login_wrapper diff --git a/target/linux/brcm2708/base-files/etc/inittab b/target/linux/brcm2708/base-files/etc/inittab index c05c555..0272ce5 100644 --- a/target/linux/brcm2708/base-files/etc/inittab +++ b/target/linux/brcm2708/base-files/etc/inittab @@ -1,4 +1,4 @@ ::sysinit:/etc/init.d/rcS S boot ::shutdown:/etc/init.d/rcS K shutdown -ttyAMA0::askfirst:/bin/ash --login -tty1::askfirst:/bin/ash --login +ttyAMA0::askfirst:/sbin/login_wrapper +tty1::askfirst:/sbin/login_wrapper diff --git a/target/linux/ipq806x/base-files/etc/inittab b/target/linux/ipq806x/base-files/etc/inittab index 19a6e11..3431870 100644 --- a/target/linux/ipq806x/base-files/etc/inittab +++ b/target/linux/ipq806x/base-files/etc/inittab @@ -1,4 +1,4 @@ # Copyright (c) 2013 The Linux Foundation. All rights reserved. ::sysinit:/etc/init.d/rcS S boot ::shutdown:/etc/init.d/rcS K shutdown -ttyMSM0::askfirst:/bin/ash --login +ttyMSM0::askfirst:/sbin/login_wrapper diff --git a/target/linux/malta/base-files/etc/inittab b/target/linux/malta/base-files/etc/inittab index 88567b2..1668e47 100644 --- a/target/linux/malta/base-files/etc/inittab +++ b/target/linux/malta/base-files/etc/inittab @@ -1,7 +1,7 @@ ::sysinit:/etc/init.d/rcS S boot ::shutdown:/etc/init.d/rcS K shutdown -tts/0::askfirst:/bin/ash --login -ttyS0::askfirst:/bin/ash --login -ttyS1::askfirst:/bin/ash --login -ttyS2::askfirst:/bin/ash --login -tty1::askfirst:/bin/ash --login +tts/0::askfirst:/sbin/login_wrapper +ttyS0::askfirst:/sbin/login_wrapper +ttyS1::askfirst:/sbin/login_wrapper +ttyS2::askfirst:/sbin/login_wrapper +tty1::askfirst:/sbin/login_wrapper diff --git a/target/linux/mediatek/base-files/etc/inittab b/target/linux/mediatek/base-files/etc/inittab index 870b3cc..49a2195 100644 --- a/target/linux/mediatek/base-files/etc/inittab +++ b/target/linux/mediatek/base-files/etc/inittab @@ -1,3 +1,3 @@ ::sysinit:/etc/init.d/rcS S boot ::shutdown:/etc/init.d/rcS K shutdown -ttyS0::askfirst:/bin/ash --login +ttyS0::askfirst:/sbin/login_wrapper diff --git a/target/linux/mxs/base-files/etc/inittab b/target/linux/mxs/base-files/etc/inittab index 09359b7..860a81d 100644 --- a/target/linux/mxs/base-files/etc/inittab +++ b/target/linux/mxs/base-files/etc/inittab @@ -1,3 +1,3 @@ ::sysinit:/etc/init.d/rcS S boot ::shutdown:/etc/init.d/rcS K shutdown -ttyAMA0::askfirst:/bin/ash --login +ttyAMA0::askfirst:/sbin/login_wrapper diff --git a/target/linux/omap/base-files/etc/inittab b/target/linux/omap/base-files/etc/inittab index 502c6f8..4df11df 100644 --- a/target/linux/omap/base-files/etc/inittab +++ b/target/linux/omap/base-files/etc/inittab @@ -1,5 +1,5 @@ ::sysinit:/etc/init.d/rcS S boot ::shutdown:/etc/init.d/rcS K shutdown -ttyO0::askfirst:/bin/ash --login -ttyO2::askfirst:/bin/ash --login -tty1::askfirst:/bin/ash --login +ttyO0::askfirst:/sbin/login_wrapper +ttyO2::askfirst:/sbin/login_wrapper +tty1::askfirst:/sbin/login_wrapper diff --git a/target/linux/omap24xx/base-files/etc/inittab b/target/linux/omap24xx/base-files/etc/inittab index 1360dc9..928f76f 100644 --- a/target/linux/omap24xx/base-files/etc/inittab +++ b/target/linux/omap24xx/base-files/etc/inittab @@ -1,5 +1,5 @@ ::sysinit:/etc/init.d/rcS S boot ::shutdown:/etc/init.d/rcS K shutdown -tts/0::askfirst:/bin/ash --login -ttyO2::askfirst:/bin/ash --login -tty1::askfirst:/bin/ash --login +tts/0::askfirst:/sbin/login_wrapper +ttyO2::askfirst:/sbin/login_wrapper +tty1::askfirst:/sbin/login_wrapper diff --git a/target/linux/ppc44x/base-files/etc/inittab b/target/linux/ppc44x/base-files/etc/inittab index 67c36a6..6064459 100644 --- a/target/linux/ppc44x/base-files/etc/inittab +++ b/target/linux/ppc44x/base-files/etc/inittab @@ -1,4 +1,4 @@ ::sysinit:/etc/init.d/rcS S boot ::shutdown:/etc/init.d/rcS K shutdown -ttyS0::askfirst:/bin/ash --login -ttyS1::askfirst:/bin/ash --login +ttyS0::askfirst:/sbin/login_wrapper +ttyS1::askfirst:/sbin/login_wrapper diff --git a/target/linux/ramips/base-files/etc/inittab b/target/linux/ramips/base-files/etc/inittab index 7817185..46372f6 100644 --- a/target/linux/ramips/base-files/etc/inittab +++ b/target/linux/ramips/base-files/etc/inittab @@ -1,3 +1,3 @@ ::sysinit:/etc/init.d/rcS S boot ::shutdown:/etc/init.d/rcS K shutdown -::askconsole:/bin/ash --login +::askconsole:/sbin/login_wrapper diff --git a/target/linux/realview/base-files/etc/inittab b/target/linux/realview/base-files/etc/inittab index d9d571e..d3c1fbb 100644 --- a/target/linux/realview/base-files/etc/inittab +++ b/target/linux/realview/base-files/etc/inittab @@ -1,5 +1,5 @@ ::sysinit:/etc/init.d/rcS S boot ::shutdown:/etc/init.d/rcS K shutdown -tts/0::askfirst:/bin/ash --login -ttyAMA0::askfirst:/bin/ash --login -tty1::askfirst:/bin/ash --login +tts/0::askfirst:/sbin/login_wrapper +ttyAMA0::askfirst:/sbin/login_wrapper +tty1::askfirst:/sbin/login_wrapper diff --git a/target/linux/sunxi/base-files/etc/inittab b/target/linux/sunxi/base-files/etc/inittab index e9de30b..5e328d3 100644 --- a/target/linux/sunxi/base-files/etc/inittab +++ b/target/linux/sunxi/base-files/etc/inittab @@ -1,5 +1,5 @@ ::sysinit:/etc/init.d/rcS S boot ::shutdown:/etc/init.d/rcS K shutdown -tts/0::askfirst:/bin/ash --login -ttyS0::askfirst:/bin/ash --login -tty1::askfirst:/bin/ash --login +tts/0::askfirst:/sbin/login_wrapper +ttyS0::askfirst:/sbin/login_wrapper +tty1::askfirst:/sbin/login_wrapper diff --git a/target/linux/x86/base-files/etc/inittab b/target/linux/x86/base-files/etc/inittab index ca90fd8..1dc0227 100644 --- a/target/linux/x86/base-files/etc/inittab +++ b/target/linux/x86/base-files/etc/inittab @@ -1,4 +1,4 @@ ::sysinit:/etc/init.d/rcS S boot ::shutdown:/etc/init.d/rcS K shutdown -ttyS0::askfirst:/bin/ash --login -tty1::askfirst:/bin/ash --login +ttyS0::askfirst:/sbin/login_wrapper +tty1::askfirst:/sbin/login_wrapper diff --git a/target/linux/x86/xen_domu/base-files/etc/inittab b/target/linux/x86/xen_domu/base-files/etc/inittab index 469b8a9..93881fa 100644 --- a/target/linux/x86/xen_domu/base-files/etc/inittab +++ b/target/linux/x86/xen_domu/base-files/etc/inittab @@ -1,5 +1,5 @@ ::sysinit:/etc/init.d/rcS S boot ::shutdown:/etc/init.d/rcS K stop -tts/0::askfirst:/bin/ash --login -hvc0::askfirst:/bin/ash --login -tty1::askfirst:/bin/ash --login +tts/0::askfirst:/sbin/login_wrapper +hvc0::askfirst:/sbin/login_wrapper +tty1::askfirst:/sbin/login_wrapper -- 2.4.3 _______________________________________________ openwrt-devel mailing list [email protected] https://lists.openwrt.org/cgi-bin/mailman/listinfo/openwrt-devel
