Rooter Plugin Suggestion / Enhancement

[ruben00]

Ok,

So I knowt that if you install rooter, it whipes out the root password on boot every time.

I'd like to make an enhancement request (If Im allowed ).

How about when you install rooter

On Install:
-----------
It Resets Root password
It copies the shadow files to memory were it wont be erased on reboot


On Reboot:
------------
Delete the Shadow File that is created by the reboot
Make a symbolic link to the copied shadow file

So now when you do set a password for root, or any other password related task, on every reboot, it will point to the permanent file

[Patriot_MA]

Thank you Ruben! Can anyone else confirm that this works for them??

[ruben00]

I approached this a little different, after thinking about it some more....so, I kind of built my own modified version of the rooter script. I love rooter, but I like for my NAS to be more "secured".

So I did the following...

Added Admin to the telnet.users file
Added Admin to the sudoers file

Now the catch is that the crontab script /usr/sbin/chkhttpd (which is in the read-only file system) has a line that replaces/recreates the /etc/telnet.user file

Code:

open(OUT,">/etc/telnet.user");
print OUT "root\n";
print OUT "engmode\n";
close(OUT);

To solve that, i used chattr +i on the /etc/telnet.user file, which means the file is immuatable, and even root cant change it. Yes its going to cause part of the chkhttpd script to fail, but nothing that will break the system

The telnet.user file and sudoer file survive reboots, but the "immutable" flag does not remain. So the script sets it every time. And now I can login to the NAS, securely, with the admin account.
root stays locked, and if i need to run something as root, there is always sudo.

Now without further delay, my "secure admin / root" script.

Code:

#!/usr/bin/perl

#$app_path = $ENV{'APP_PATH'};
#print "APP_PATH = $app_path\n";
#$action = $ARGV[0];

print "Rooter Rooting...\n";
#system("/VOLUME1/PLUGINAPP/Rooter/bin/busybox passwd -d root");
#print "Rooted...?";
system("/bin/echo 'admin ALL=(ALL) NOPASSWD: ALL' >> /etc/sudoers");
system("/bin/echo 'admin' >> /etc/telnet.user");
system("/VOLUME1/PLUGINAPP/Rooter/bin/busybox chattr +i /etc/sudoers");
system("/VOLUME1/PLUGINAPP/Rooter/bin/busybox chattr +i /etc/telnet.user");

I'm happy with this. It works for me. Maybe i'll work on creating another script that will follow along the lines of my enhancement request.

[BadIntentions]

I basically slapped rooter together before I was able to explore the Javelin properly, or really even had time to dick with it much. I'll update the rooter plugin (I have a better version of Busybox anyway than whats included) and upload it here this weekend...

I also was working (and had some success) with enabling the javelin to play music back via a connected USB audio device with the default OS, and enabling webcam-like functionality. I may revisit the javelin and attempt to package those.

My alternate firmware worked, but it remained extremely challenging to build and install, still requiring a serial cable to enable. I a few weeks ago think i found a way to edit the u-boot parameters from the OS without borking everything. I may revisit that as well.

[ruben00]

Hey BadIntentions,

I figured you were off to new projects and busy with real life, so I thought i'd give it a go myself.

I actually messed with rooter some more, and added additional functionality like moving your new busybox into bin and then running --install.
the only bug i have found so far with this setup is that somehow the "shutdown" command is not working. So the NAS wont reboot if i tell it to.

[ruben00]

So after further testing, Installing the New Busybox "busybox1-18-5-INSTALLFIX" breaks the shutdown binary...
Im removing the line that installs "busybox1-18-5-INSTALLFIX" and probably will just ln the commands i need to /bin

[assembisa]

I cant seem to run this script. I made a script secure_root.pl and tried to run the script ./secure_root.pl after chmod 777. I get a file not found error. Could you please help? thx.