From: Daniel Dickinson <[email protected]> No comment on previous send of this version. Tested and working, hence resend.
Passwordless root login is undesirable by default on any platform, therefore make requiring a login to gain root (or any other user) even on hardware console the default. This is an opt-out option that can by disabled at image generation time by passing the variable PASSWORDLESS_CONSOLE=1 in make command line or by otherwise making sure the file /lib/preinit/zz_passwordless_console exists. Signed-off-by: Daniel Dickinson <[email protected]> --- include/image.mk | 2 ++ package/base-files/files/etc/inittab | 2 +- package/base-files/files/sbin/login_wrapper | 8 ++++++++ package/utils/busybox/Config-defaults.in | 4 ++-- target/imagebuilder/files/Makefile | 3 ++- target/linux/adm5120/base-files/etc/inittab | 6 +++--- target/linux/ar71xx/base-files/etc/inittab | 2 +- target/linux/arm64/base-files/etc/inittab | 6 +++--- target/linux/brcm2708/base-files/etc/inittab | 4 ++-- target/linux/ipq806x/base-files/etc/inittab | 2 +- target/linux/malta/base-files/etc/inittab | 10 +++++----- target/linux/mediatek/base-files/etc/inittab | 2 +- target/linux/mxs/base-files/etc/inittab | 2 +- target/linux/omap/base-files/etc/inittab | 6 +++--- target/linux/omap24xx/base-files/etc/inittab | 6 +++--- target/linux/ppc44x/base-files/etc/inittab | 4 ++-- target/linux/ramips/base-files/etc/inittab | 2 +- target/linux/realview/base-files/etc/inittab | 6 +++--- target/linux/sunxi/base-files/etc/inittab | 6 +++--- target/linux/x86/base-files/etc/inittab | 4 ++-- target/linux/x86/xen_domu/base-files/etc/inittab | 6 +++--- 21 files changed, 52 insertions(+), 41 deletions(-) create mode 100755 package/base-files/files/sbin/login_wrapper diff --git a/include/image.mk b/include/image.mk index 6868617..ac8cc98 100644 --- a/include/image.mk +++ b/include/image.mk @@ -274,6 +274,8 @@ define Image/mkfs/prepare/default - $(FIND) $(TARGET_DIR) -type d -print0 | $(XARGS) -0 chmod u+rwx,g+rx,o+rx $(INSTALL_DIR) $(TARGET_DIR)/tmp $(TARGET_DIR)/overlay chmod 1777 $(TARGET_DIR)/tmp + mkdir -p $(TARGET_DIR)/lib/preinit + $(if $(PASSWORDLESS_CONSOLE),touch $(TARGET_DIR)/lib/preinit/zz_passwordless_console) endef define Image/mkfs/prepare diff --git a/package/base-files/files/etc/inittab b/package/base-files/files/etc/inittab index 7817185..46372f6 100644 --- a/package/base-files/files/etc/inittab +++ b/package/base-files/files/etc/inittab @@ -1,3 +1,3 @@ ::sysinit:/etc/init.d/rcS S boot ::shutdown:/etc/init.d/rcS K shutdown -::askconsole:/bin/ash --login +::askconsole:/sbin/login_wrapper diff --git a/package/base-files/files/sbin/login_wrapper b/package/base-files/files/sbin/login_wrapper new file mode 100755 index 0000000..874d378 --- /dev/null +++ b/package/base-files/files/sbin/login_wrapper @@ -0,0 +1,8 @@ +#!/bin/sh + +if [ -r /lib/preinit/zz_passwordless_console ]; then + exec /bin/ash --login +fi + +exec /bin/login + diff --git a/package/utils/busybox/Config-defaults.in b/package/utils/busybox/Config-defaults.in index ee42fa1..5240616 100644 --- a/package/utils/busybox/Config-defaults.in +++ b/package/utils/busybox/Config-defaults.in @@ -1212,10 +1212,10 @@ config BUSYBOX_DEFAULT_GETTY default n config BUSYBOX_DEFAULT_LOGIN bool - default n + default y config BUSYBOX_DEFAULT_LOGIN_SESSION_AS_CHILD bool - default n + default y config BUSYBOX_DEFAULT_LOGIN_SCRIPTS bool default n diff --git a/target/imagebuilder/files/Makefile b/target/imagebuilder/files/Makefile index 1056a42..d3b9084 100644 --- a/target/imagebuilder/files/Makefile +++ b/target/imagebuilder/files/Makefile @@ -44,6 +44,7 @@ Building images: make image FILES="<path>" # include extra files from <path> make image BIN_DIR="<path>" # alternative output directory for the images make image EXTRA_IMAGE_NAME="<string>" # Add this to the output image filename (sanitized) + make image PASSWORDLESS_CONSOLE=1 # Disable requiring login prompt to get console shell endef $(eval $(call shexport,Helptext)) @@ -174,7 +175,7 @@ package_postinst: FORCE build_image: FORCE @echo @echo Building images... - $(NO_TRACE_MAKE) -C target/linux/$(BOARD)/image install TARGET_BUILD=1 IB=1 EXTRA_IMAGE_NAME="$(EXTRA_IMAGE_NAME)" \ + $(NO_TRACE_MAKE) -C target/linux/$(BOARD)/image install TARGET_BUILD=1 IB=1 EXTRA_IMAGE_NAME="$(EXTRA_IMAGE_NAME)" PASSWORDLESS_CONSOLE="$(PASSWORDLESS_CONSOLE)" \ $(if $(USER_PROFILE),PROFILE="$(USER_PROFILE)") clean: diff --git a/target/linux/adm5120/base-files/etc/inittab b/target/linux/adm5120/base-files/etc/inittab index 9f7c0ae..760bca0 100644 --- a/target/linux/adm5120/base-files/etc/inittab +++ b/target/linux/adm5120/base-files/etc/inittab @@ -1,5 +1,5 @@ ::sysinit:/etc/init.d/rcS S boot ::shutdown:/etc/init.d/rcS K shutdown -tts/0::askfirst:/bin/ash --login -ttyAM0::askfirst:/bin/ash --login -tty1::askfirst:/bin/ash --login +tts/0::askfirst:/sbin/login_wrapper +ttyAM0::askfirst:/sbin/login_wrapper +tty1::askfirst:/sbin/login_wrapper diff --git a/target/linux/ar71xx/base-files/etc/inittab b/target/linux/ar71xx/base-files/etc/inittab index 7817185..46372f6 100644 --- a/target/linux/ar71xx/base-files/etc/inittab +++ b/target/linux/ar71xx/base-files/etc/inittab @@ -1,3 +1,3 @@ ::sysinit:/etc/init.d/rcS S boot ::shutdown:/etc/init.d/rcS K shutdown -::askconsole:/bin/ash --login +::askconsole:/sbin/login_wrapper diff --git a/target/linux/arm64/base-files/etc/inittab b/target/linux/arm64/base-files/etc/inittab index d9d571e..d3c1fbb 100644 --- a/target/linux/arm64/base-files/etc/inittab +++ b/target/linux/arm64/base-files/etc/inittab @@ -1,5 +1,5 @@ ::sysinit:/etc/init.d/rcS S boot ::shutdown:/etc/init.d/rcS K shutdown -tts/0::askfirst:/bin/ash --login -ttyAMA0::askfirst:/bin/ash --login -tty1::askfirst:/bin/ash --login +tts/0::askfirst:/sbin/login_wrapper +ttyAMA0::askfirst:/sbin/login_wrapper +tty1::askfirst:/sbin/login_wrapper diff --git a/target/linux/brcm2708/base-files/etc/inittab b/target/linux/brcm2708/base-files/etc/inittab index c05c555..0272ce5 100644 --- a/target/linux/brcm2708/base-files/etc/inittab +++ b/target/linux/brcm2708/base-files/etc/inittab @@ -1,4 +1,4 @@ ::sysinit:/etc/init.d/rcS S boot ::shutdown:/etc/init.d/rcS K shutdown -ttyAMA0::askfirst:/bin/ash --login -tty1::askfirst:/bin/ash --login +ttyAMA0::askfirst:/sbin/login_wrapper +tty1::askfirst:/sbin/login_wrapper diff --git a/target/linux/ipq806x/base-files/etc/inittab b/target/linux/ipq806x/base-files/etc/inittab index 19a6e11..3431870 100644 --- a/target/linux/ipq806x/base-files/etc/inittab +++ b/target/linux/ipq806x/base-files/etc/inittab @@ -1,4 +1,4 @@ # Copyright (c) 2013 The Linux Foundation. All rights reserved. ::sysinit:/etc/init.d/rcS S boot ::shutdown:/etc/init.d/rcS K shutdown -ttyMSM0::askfirst:/bin/ash --login +ttyMSM0::askfirst:/sbin/login_wrapper diff --git a/target/linux/malta/base-files/etc/inittab b/target/linux/malta/base-files/etc/inittab index 88567b2..1668e47 100644 --- a/target/linux/malta/base-files/etc/inittab +++ b/target/linux/malta/base-files/etc/inittab @@ -1,7 +1,7 @@ ::sysinit:/etc/init.d/rcS S boot ::shutdown:/etc/init.d/rcS K shutdown -tts/0::askfirst:/bin/ash --login -ttyS0::askfirst:/bin/ash --login -ttyS1::askfirst:/bin/ash --login -ttyS2::askfirst:/bin/ash --login -tty1::askfirst:/bin/ash --login +tts/0::askfirst:/sbin/login_wrapper +ttyS0::askfirst:/sbin/login_wrapper +ttyS1::askfirst:/sbin/login_wrapper +ttyS2::askfirst:/sbin/login_wrapper +tty1::askfirst:/sbin/login_wrapper diff --git a/target/linux/mediatek/base-files/etc/inittab b/target/linux/mediatek/base-files/etc/inittab index 870b3cc..49a2195 100644 --- a/target/linux/mediatek/base-files/etc/inittab +++ b/target/linux/mediatek/base-files/etc/inittab @@ -1,3 +1,3 @@ ::sysinit:/etc/init.d/rcS S boot ::shutdown:/etc/init.d/rcS K shutdown -ttyS0::askfirst:/bin/ash --login +ttyS0::askfirst:/sbin/login_wrapper diff --git a/target/linux/mxs/base-files/etc/inittab b/target/linux/mxs/base-files/etc/inittab index 09359b7..860a81d 100644 --- a/target/linux/mxs/base-files/etc/inittab +++ b/target/linux/mxs/base-files/etc/inittab @@ -1,3 +1,3 @@ ::sysinit:/etc/init.d/rcS S boot ::shutdown:/etc/init.d/rcS K shutdown -ttyAMA0::askfirst:/bin/ash --login +ttyAMA0::askfirst:/sbin/login_wrapper diff --git a/target/linux/omap/base-files/etc/inittab b/target/linux/omap/base-files/etc/inittab index 502c6f8..4df11df 100644 --- a/target/linux/omap/base-files/etc/inittab +++ b/target/linux/omap/base-files/etc/inittab @@ -1,5 +1,5 @@ ::sysinit:/etc/init.d/rcS S boot ::shutdown:/etc/init.d/rcS K shutdown -ttyO0::askfirst:/bin/ash --login -ttyO2::askfirst:/bin/ash --login -tty1::askfirst:/bin/ash --login +ttyO0::askfirst:/sbin/login_wrapper +ttyO2::askfirst:/sbin/login_wrapper +tty1::askfirst:/sbin/login_wrapper diff --git a/target/linux/omap24xx/base-files/etc/inittab b/target/linux/omap24xx/base-files/etc/inittab index 1360dc9..928f76f 100644 --- a/target/linux/omap24xx/base-files/etc/inittab +++ b/target/linux/omap24xx/base-files/etc/inittab @@ -1,5 +1,5 @@ ::sysinit:/etc/init.d/rcS S boot ::shutdown:/etc/init.d/rcS K shutdown -tts/0::askfirst:/bin/ash --login -ttyO2::askfirst:/bin/ash --login -tty1::askfirst:/bin/ash --login +tts/0::askfirst:/sbin/login_wrapper +ttyO2::askfirst:/sbin/login_wrapper +tty1::askfirst:/sbin/login_wrapper diff --git a/target/linux/ppc44x/base-files/etc/inittab b/target/linux/ppc44x/base-files/etc/inittab index 67c36a6..6064459 100644 --- a/target/linux/ppc44x/base-files/etc/inittab +++ b/target/linux/ppc44x/base-files/etc/inittab @@ -1,4 +1,4 @@ ::sysinit:/etc/init.d/rcS S boot ::shutdown:/etc/init.d/rcS K shutdown -ttyS0::askfirst:/bin/ash --login -ttyS1::askfirst:/bin/ash --login +ttyS0::askfirst:/sbin/login_wrapper +ttyS1::askfirst:/sbin/login_wrapper diff --git a/target/linux/ramips/base-files/etc/inittab b/target/linux/ramips/base-files/etc/inittab index 7817185..46372f6 100644 --- a/target/linux/ramips/base-files/etc/inittab +++ b/target/linux/ramips/base-files/etc/inittab @@ -1,3 +1,3 @@ ::sysinit:/etc/init.d/rcS S boot ::shutdown:/etc/init.d/rcS K shutdown -::askconsole:/bin/ash --login +::askconsole:/sbin/login_wrapper diff --git a/target/linux/realview/base-files/etc/inittab b/target/linux/realview/base-files/etc/inittab index d9d571e..d3c1fbb 100644 --- a/target/linux/realview/base-files/etc/inittab +++ b/target/linux/realview/base-files/etc/inittab @@ -1,5 +1,5 @@ ::sysinit:/etc/init.d/rcS S boot ::shutdown:/etc/init.d/rcS K shutdown -tts/0::askfirst:/bin/ash --login -ttyAMA0::askfirst:/bin/ash --login -tty1::askfirst:/bin/ash --login +tts/0::askfirst:/sbin/login_wrapper +ttyAMA0::askfirst:/sbin/login_wrapper +tty1::askfirst:/sbin/login_wrapper diff --git a/target/linux/sunxi/base-files/etc/inittab b/target/linux/sunxi/base-files/etc/inittab index e9de30b..5e328d3 100644 --- a/target/linux/sunxi/base-files/etc/inittab +++ b/target/linux/sunxi/base-files/etc/inittab @@ -1,5 +1,5 @@ ::sysinit:/etc/init.d/rcS S boot ::shutdown:/etc/init.d/rcS K shutdown -tts/0::askfirst:/bin/ash --login -ttyS0::askfirst:/bin/ash --login -tty1::askfirst:/bin/ash --login +tts/0::askfirst:/sbin/login_wrapper +ttyS0::askfirst:/sbin/login_wrapper +tty1::askfirst:/sbin/login_wrapper diff --git a/target/linux/x86/base-files/etc/inittab b/target/linux/x86/base-files/etc/inittab index ca90fd8..1dc0227 100644 --- a/target/linux/x86/base-files/etc/inittab +++ b/target/linux/x86/base-files/etc/inittab @@ -1,4 +1,4 @@ ::sysinit:/etc/init.d/rcS S boot ::shutdown:/etc/init.d/rcS K shutdown -ttyS0::askfirst:/bin/ash --login -tty1::askfirst:/bin/ash --login +ttyS0::askfirst:/sbin/login_wrapper +tty1::askfirst:/sbin/login_wrapper diff --git a/target/linux/x86/xen_domu/base-files/etc/inittab b/target/linux/x86/xen_domu/base-files/etc/inittab index 469b8a9..93881fa 100644 --- a/target/linux/x86/xen_domu/base-files/etc/inittab +++ b/target/linux/x86/xen_domu/base-files/etc/inittab @@ -1,5 +1,5 @@ ::sysinit:/etc/init.d/rcS S boot ::shutdown:/etc/init.d/rcS K stop -tts/0::askfirst:/bin/ash --login -hvc0::askfirst:/bin/ash --login -tty1::askfirst:/bin/ash --login +tts/0::askfirst:/sbin/login_wrapper +hvc0::askfirst:/sbin/login_wrapper +tty1::askfirst:/sbin/login_wrapper -- 2.4.3 _______________________________________________ openwrt-devel mailing list [email protected] https://lists.openwrt.org/cgi-bin/mailman/listinfo/openwrt-devel
