Is there a way to use all kfurge ideas without enable UBSA?

Sollie.

PS: i only want to install a bittorrent client and a usable gui.

All of the kfurge startup scripts etc run as root, so theoretically, you can install kfurge's custom firmware, then telnet into the box as root, and use ipkg to install what you need (skip the bits on kfurge's webpage about ssh, shells, bash, UBSA) This should enable you to setup your torrent software without needing to login as an individual user.

Thanks, i will try. But i need a protected root account. Is there a simple way todo that.

Sollie.

I did have a setup before kfurge brought out his firmware where I was logging in as root via ssh with bash as my shell, but I cannot remember exactly how I did it...

Setting a root password should just be a case of putting an encrypted string into your /tmp/passwd file under the custom firmware, but to get the encryption in the right format, you would usually have to create a user, then give them a password, and copy their password string across to the root entry in /tmp/passwd.

There may be a program somewhere that allows you to type in a password and it'll print out the encrypted string that you need to put into your /tmp/passwd file.

At the end of the day, telnet is only enabled on your LAN-side network, so attack is less likely anyway.

Another thing you could do is to remove the utelnetd section from rc.local - that prevents logins to the router at all.

K, i understand. My reason for using secure telnet, is rtorrent or something else.

Let forget that. Hopely someone gets a webinterface working. Then i can use that.

At last i am searching for a way to get these enabled at boot (with my setup):
export PATH=/opt/bin:${PATH}
export LD_LIBRARY_PATH=/opt/lib:${LD_LIBRARY_PATH}

Thanks for all your help (i am a noob).

Sollie.

The biggest annoyance I had with UBSA mode was it killed my ability to connect to the router's HD via the network (Samba and Windows sharing) due to the router removing the guest account from the passwd file. My brute force hack around that works great though. :)

If you run utelnetd with the br0 variable, it will only accept connections from the local network. If you disable UBSA, then all of your export variables should work if placed in the rc.local script. Once you enable user accounts those variables get ignored. By following KC's instructions for installing bash, you can setup a .profile file in the home directory that you create for your user, which acts like the rc.local file for each user. From there you can insert your export commands that way and they will take when you log in.

d3viant's suggestion is probably the best route to go. before disabling UBSA, open up the passwd file and copy the password part of your user's line (looks like a jumbled mess of letters and numbers in between the colons. Be mindful of the location of the password in the string). When you disable UBSA, the system will rewrite the passwd file and put the default root and guest accounts back in. Then edit the passwd file in /tmp and add the encrypted password to the root line. Now, here's where it gets a bit tricky. The /tmp directory is stored in a ramfs drive, AKA a RAM disk. As soon as the router is rebooted or powered down, all of the information is lost. When the router boots, it mounts the /tmp directory into RAM and writes all the files seen there, pulling some of the information from nvram and what was pre-compiled into the firmware. Unfortunately, the changes you've made to the passwd file is now lost..

UNLESS ---

After you've added the password to the root account in the passwd file, BACK UP THE passwd FILE to a safe location that won't get nuked when the router reboots, my favorite spot is in the same place my rc.local file is stored, /shares/MYVOLUME1/ .. then add a simple line to your rc.local script that looks something like this:

cp /shares/MYVOLUME1/passwd /tmp


This is exactly what I did with my router. I copied the guest line from the "vanilla" passwd file and added it to my UBSA created passwd file, then backed it up to a safe place. This way I have all the benefits of having user accounts on the router, and also be able to mount the router's hard drive on network computers. This line will copy your backed up passwd file to the /tmp directory for the system to use. Then you should be able to telnet into the router and with any luck, you'll get a password prompt when you try to log in as root. Although everyone here will tell you running things as root is a bad idea. If your router is compromised while root is logged in, they can do some very bad things. UBSA is really the best way to go.

It worked i backedup my passwd. and used this command:
cp /shares/MYVOLUME1/passwd /etc.

Thanks for all your help.

Sollie.

edit: "cp /shares/MYVOLUME1/passwd /tmp" works also.

Question: is it a good idea to remove the guest account from passwd?

Sollie.

PS: everytime my router boots it copies a passwd from another location. Thats works perfect. But when i change something in webui and hit apply, the passwd is overwritten by the default one. Thats not cool (unsecure and on the net, lol) Is there a way to copy the passwd again after committing changes in webui.

Sollie.

Question: is it a good idea to remove the guest account from passwd?

Sollie.

PS: everytime my router boots it copies a passwd from another location. Thats works perfect. But when i change something in webui and hit apply, the passwd is overwritten by the default one. Thats not cool (unsecure and on the net, lol) Is there a way to copy the passwd again after committing changes in webui.

Sollie.

You could log in and manually copy the file.

You could log in and manually copy the file.

or setup a cron job that checks if the file has changed

/regards
henrik

Thats cool, how do i do that.

Sollie.

a simple search for 'cron' gave me this:

http://www.macsat.com/macsat/content/view/28/29/
http://www.macsat.com/macsat/content/view/20/30/

it's made for wl-500 but shouldn't be that hard to modify. I'm still working on it. Cron executes correctly every 5 min, but the command has no effect...
I'll figure it out though :)

/regards
Henrik

Hey thanks, i will play with it also.

Sollie.

not that a biggie actually...

also checkout my other thread:
http://www.wl500g.info/showthread.php?t=7865

/regards
Henrik

Woot, i did it.

1: Install cron
"ipkg install cron"

2: Install text editor
"ipkg install nano"

3: Edit crontab file
"nano /opt/etc/crontab

4: Change crontab to something like this.
This will overwrite /tmp/passwd every minute with a costum passwd file.

SHELL=/opt/bin/bash
PATH=/sbin:/bin:/usr/sbin:/usr/bin:/opt/sbin/:/opt/usr/bin:/opt/usr/sbin
MAILTO="" HOME=/
# ---------- ---------- Default is Empty ---------- ---------- #
*/1 * * * * root cp /shares/MYVOLUME1/MYSHARE1/run/passwd /tmp

5: Install crontab file
"crontab /opt/etc/crontab"

6: Add cron to rc.local
"cron"

7: Reboot router
"reboot"

8: You can check a log to verify crontab.
"logread"

Greetings Sollie.

Woot, i did it.

now post that in the HOW-TO section for others to enjoy ;)

/regards
Henrik

Is this what my password file should look like?



# cat /shares/MYVOLUME1/__pdc/passwd
root::0:42000:root:/:/bin/sh
user:useV1igVU97AM:35007:42000:user:/dev/null:/bin/false
guest::35000:42000:guest:/:/bin/sh#


when I telnet in, I get ...



(none) login: user

Password:
warning: cannot change to home directory


Connection to host lost.

/dev/null is not a valid homedir ;) (/dev/null is sort of the trashcan)..

change is to /home/user or something.. and make sure that dir does exist with proper ownership and permissions

Is this what my password file should look like?



# cat /shares/MYVOLUME1/__pdc/passwd
root::0:42000:root:/:/bin/sh
user:useV1igVU97AM:35007:42000:user:/dev/null:/bin/false
guest::35000:42000:guest:/:/bin/sh#


when I telnet in, I get ...



(none) login: user

Password:
warning: cannot change to home directory


Connection to host lost.


Your user also has no shell.. change /bin/false to either /bin/sh or (if you're using the custom firmware and followed KC's instructions) use /opt/bin/bash for your shell.