Re: [LEDE-DEV] Procd and askconsole
ok, lets do that then. i'll have a look at your patch from last week during the day John On 20/09/2016 09:49, Lebleu Pierre wrote: > Hi John, > > Indeed, I already tried that solution with the default shadow : > --- a/package/base-files/files/etc/shadow > > > +++ b/package/base-files/files/etc/shadow > > > @@ -1,4 +1,4 @@ > > > -root::0:0:9:7::: > > > +root:*:0:0:9:7::: > > > daemon:*:0:0:9:7::: > > > ftp:*:0:0:9:7::: > > > network:*:0:0:9:7::: > > Indeed, it works. > Until my custom script is called, nobody is able to login. > But, I think it will be better to have an inittab entry when everything is > set like the old sysvinit. > > Pierre > > -Original Message- > From: John Crispin [mailto:j...@phrozen.org] > Sent: dinsdag 20 september 2016 9:43 > To: Lebleu Pierre <pierre.leb...@technicolor.com>; > lede-dev@lists.infradead.org > Subject: Re: [LEDE-DEV] Procd and askconsole > > Hi Pierre, > > the bahaviour you are observing is actually by design. would it be an option > to ship a default unknown password on your device. that way login simply wont > work until you have set you custom per-device password. you could then do so > as the last step of your customs scripts. > > would that be an option ? > > John > > On 20/09/2016 09:40, Lebleu Pierre wrote: >> Hi John, >> >> Thank you for your answer. >> >> I tried your solution but it seems not to work or it does not do what I want. >> Indeed, the password is one thing but there is also the fact that the system >> is not ready (the scripts are still running). >> As we can see, the hostname is not even set. I would like to allow the >> user login only when everything is ready, because the filesystem is about to >> be modified. >> >> Cheers, >> >> >> Pierre >> >> -Original Message- >> From: John Crispin [mailto:j...@phrozen.org] >> Sent: vrijdag 16 september 2016 11:18 >> To: Lebleu Pierre <pierre.leb...@technicolor.com>; >> lede-dev@lists.infradead.org >> Subject: Re: [LEDE-DEV] Procd and askconsole >> >> >> >> On 16/09/2016 10:48, Lebleu Pierre wrote: >>> Hi all, >>> >>> I am new to this mailing list and I would like to present me as Pierre. >>> >>> I recently play a bit with procd and I found an "issue". Indeed, if I >>> do a factory reset, I am able to login as root without login. I have >>> some scripts in /etc/uci-defaults and one of them set the password >>> for the root account. So, this behaviour looks like to me a bug. >>> >>> For my understanding, when procd reaches STATE_INIT, it runs the >>> inittab and one of them is "askconsole". The problem is the system is >>> not completely ready to receive the user : the hostname is not even >>> set. >>> >>> In the old sysvinit, the inittab contains an entry called "bootwait" >>> wich is executed after the termination of init (eg : "/etc/rc.d"). >>> I purpose to move the "askconsole" entry to STATE_RUNNING or to >>> create a new entry called "askconsolewait" in order to keep backward >>> compatibility. >>> >>> diff --git a/inittab.c b/inittab.c >>>
Re: [LEDE-DEV] Procd and askconsole
Hi John, Indeed, I already tried that solution with the default shadow : --- a/package/base-files/files/etc/shadow +++ b/package/base-files/files/etc/shadow @@ -1,4 +1,4 @@ -root::0:0:9:7::: +root:*:0:0:9:7::: daemon:*:0:0:9:7::: ftp:*:0:0:9:7::: network:*:0:0:9:7::: Indeed, it works. Until my custom script is called, nobody is able to login. But, I think it will be better to have an inittab entry when everything is set like the old sysvinit. Pierre -Original Message- From: John Crispin [mailto:j...@phrozen.org] Sent: dinsdag 20 september 2016 9:43 To: Lebleu Pierre <pierre.leb...@technicolor.com>; lede-dev@lists.infradead.org Subject: Re: [LEDE-DEV] Procd and askconsole Hi Pierre, the bahaviour you are observing is actually by design. would it be an option to ship a default unknown password on your device. that way login simply wont work until you have set you custom per-device password. you could then do so as the last step of your customs scripts. would that be an option ? John On 20/09/2016 09:40, Lebleu Pierre wrote: > Hi John, > > Thank you for your answer. > > I tried your solution but it seems not to work or it does not do what I want. > Indeed, the password is one thing but there is also the fact that the system > is not ready (the scripts are still running). > As we can see, the hostname is not even set. I would like to allow the > user login only when everything is ready, because the filesystem is about to > be modified. > > Cheers, > > > Pierre > > -Original Message- > From: John Crispin [mailto:j...@phrozen.org] > Sent: vrijdag 16 september 2016 11:18 > To: Lebleu Pierre <pierre.leb...@technicolor.com>; > lede-dev@lists.infradead.org > Subject: Re: [LEDE-DEV] Procd and askconsole > > > > On 16/09/2016 10:48, Lebleu Pierre wrote: >> Hi all, >> >> I am new to this mailing list and I would like to present me as Pierre. >> >> I recently play a bit with procd and I found an "issue". Indeed, if I >> do a factory reset, I am able to login as root without login. I have >> some scripts in /etc/uci-defaults and one of them set the password >> for the root account. So, this behaviour looks like to me a bug. >> >> For my understanding, when procd reaches STATE_INIT, it runs the >> inittab and one of them is "askconsole". The problem is the system is >> not completely ready to receive the user : the hostname is not even >> set. >> >> In the old sysvinit, the inittab contains an entry called "bootwait" >> wich is executed after the termination of init (eg : "/etc/rc.d"). >> I purpose to move the "askconsole" entry to STATE_RUNNING or to >> create a new entry called "askconsolewait" in order to keep backward >> compatibility. >> >> diff --git a/inittab.c b/inittab.c >> index ae2c431..2d590e4 100644 >> --- a/inittab.c >> +++ b/inittab.c >> @@ -228,6 +228,10 @@ static struct init_handler handlers[] = { >> .name = "respawn", >> .cb = rcrespawn, >> .multi = 1, >> + }, { >> + .name = "askconsolewait", >> + .cb = askconsole, >> + .multi = 1, >> } >> }; >> >> @@ -251,11 +255,9 @@ void procd_inittab_run(const char *handl
Re: [LEDE-DEV] Procd and askconsole
Hi John, Thank you for your answer. I tried your solution but it seems not to work or it does not do what I want. Indeed, the password is one thing but there is also the fact that the system is not ready (the scripts are still running). As we can see, the hostname is not even set. I would like to allow the user login only when everything is ready, because the filesystem is about to be modified. Cheers, Pierre -Original Message- From: John Crispin [mailto:j...@phrozen.org] Sent: vrijdag 16 september 2016 11:18 To: Lebleu Pierre <pierre.leb...@technicolor.com>; lede-dev@lists.infradead.org Subject: Re: [LEDE-DEV] Procd and askconsole On 16/09/2016 10:48, Lebleu Pierre wrote: > Hi all, > > I am new to this mailing list and I would like to present me as Pierre. > > I recently play a bit with procd and I found an "issue". Indeed, if I > do a factory reset, I am able to login as root without login. I have > some scripts in /etc/uci-defaults and one of them set the password for > the root account. So, this behaviour looks like to me a bug. > > For my understanding, when procd reaches STATE_INIT, it runs the > inittab and one of them is "askconsole". The problem is the system is > not completely ready to receive the user : the hostname is not even > set. > > In the old sysvinit, the inittab contains an entry called "bootwait" > wich is executed after the termination of init (eg : "/etc/rc.d"). > I purpose to move the "askconsole" entry to STATE_RUNNING or to create > a new entry called "askconsolewait" in order to keep backward > compatibility. > > diff --git a/inittab.c b/inittab.c > index ae2c431..2d590e4 100644 > --- a/inittab.c > +++ b/inittab.c > @@ -228,6 +228,10 @@ static struct init_handler handlers[] = { > .name = "respawn", > .cb = rcrespawn, > .multi = 1, > + }, { > + .name = "askconsolewait", > + .cb = askconsole, > + .multi = 1, > } > }; > > @@ -251,11 +255,9 @@ void procd_inittab_run(const char *handler) > > list_for_each_entry(a, , list) > if (!strcmp(a->handler->name, handler)) { > - if (a->handler->multi) { > - a->handler->cb(a); > - continue; > - } > a->handler->cb(a); > + if (a->handler->multi) > + continue; > break; > } > } > diff --git a/state.c b/state.c > index 4ad9e2d..fe37419 100644 > --- a/state.c > +++ b/state.c > @@ -128,6 +128,7 @@ static void state_enter(void) > > case STATE_RUNNING: > LOG("- init complete -\n"); > + procd_inittab_run("askconsolewait"); > break; > > case STATE_SHUTDOWN: > > What is your view ? Thank you. > > Cheers, > > Pierre > > ___ > Lede-dev mailing list > Lede-dev@lists.infradead.org > http://lists.infradead.org/mailman/listinfo/lede-dev > Hi Pierre, just to be clear, you mean that there is a short timeslot between inittab/askconsole and uci-defaults during which a passwordless login is possible and you would liek to prevent this ? if i understood the problem corretly please simply set ttylogin=1 here -> https://git.lede-project.org/?p=source.git;a=blob;f=package/base-files/files/bin/config_generate;h=80ed61b9e2dabf6f2f99102345be3da60097af3e;hb=HEAD#l231 that should make the image boot with password login required even if no password is set. the normal use case is that one flashes, enables the flag and then upon second bootup the unit will require a login. in your use case you already want the password protection on the very first boot i think John ___ Lede-dev mailing list Lede-dev@lists.infradead.org http://lists.infradead.org/mailman/listinfo/lede-dev
Re: [LEDE-DEV] Procd and askconsole
On 16/09/2016 17:59, Alberto Bursi wrote: > > > On 09/16/2016 10:48 AM, Lebleu Pierre wrote: >> Hi all, >> >> I am new to this mailing list and I would like to present me as Pierre. >> >> I recently play a bit with procd and I found an "issue". Indeed, if I do >> a factory reset, I am able to login as root without login. I have some >> scripts in /etc/uci-defaults and one of them set the password for the >> root account. So, this behaviour looks like to me a bug. >> >> For my understanding, when procd reaches STATE_INIT, it runs >> the inittab and one of them is "askconsole". The problem is the system >> is not completely ready to receive the user : the hostname is not even >> set. >> >> In the old sysvinit, the inittab contains an entry called "bootwait" >> wich is executed after the termination of init (eg : "/etc/rc.d"). >> I purpose to move the "askconsole" entry to STATE_RUNNING or to create >> a new entry called "askconsolewait" in order to keep backward >> compatibility. >> >> diff --git a/inittab.c b/inittab.c >> index ae2c431..2d590e4 100644 >> --- a/inittab.c >> +++ b/inittab.c >> @@ -228,6 +228,10 @@ static struct init_handler handlers[] = { >> .name = "respawn", >> .cb = rcrespawn, >> .multi = 1, >> + }, { >> + .name = "askconsolewait", >> + .cb = askconsole, >> + .multi = 1, >> } >> }; >> >> @@ -251,11 +255,9 @@ void procd_inittab_run(const char *handler) >> >> list_for_each_entry(a, , list) >> if (!strcmp(a->handler->name, handler)) { >> - if (a->handler->multi) { >> - a->handler->cb(a); >> - continue; >> - } >> a->handler->cb(a); >> + if (a->handler->multi) >> + continue; >> break; >> } >> } >> diff --git a/state.c b/state.c >> index 4ad9e2d..fe37419 100644 >> --- a/state.c >> +++ b/state.c >> @@ -128,6 +128,7 @@ static void state_enter(void) >> >> case STATE_RUNNING: >> LOG("- init complete -\n"); >> + procd_inittab_run("askconsolewait"); >> break; >> >> case STATE_SHUTDOWN: >> >> What is your view ? Thank you. >> >> Cheers, >> >> Pierre >> > Is this fixing this issue ? > https://bugs.lede-project.org/index.php?do=details_id=123 > no, totally unrelated, i have a fix for #123 in my local tree already though. need to give it a bit more testing though. > ___ > Lede-dev mailing list > Lede-dev@lists.infradead.org > http://lists.infradead.org/mailman/listinfo/lede-dev > ___ Lede-dev mailing list Lede-dev@lists.infradead.org http://lists.infradead.org/mailman/listinfo/lede-dev