Hi Pierre,
the bahaviour you are observing is actually by design. would it be an
option to ship a default unknown password on your device. that way login
simply wont work until you have set you custom per-device password. you
could then do so as the last step of your customs scripts.
would that be an option ?
John
On 20/09/2016 09:40, Lebleu Pierre wrote:
> Hi John,
>
> Thank you for your answer.
>
> I tried your solution but it seems not to work or it does not do what I want.
> Indeed, the password is one thing but there is also the fact that the system
> is not ready (the scripts are still running).
> As we can see, the hostname is not even set. I would like to allow the user
> login only when everything is ready, because
> the filesystem is about to be modified.
>
> Cheers,
>
>
> Pierre
>
> -----Original Message-----
> From: John Crispin [mailto:j...@phrozen.org]
> Sent: vrijdag 16 september 2016 11:18
> To: Lebleu Pierre <pierre.leb...@technicolor.com>;
> lede-dev@lists.infradead.org
> Subject: Re: [LEDE-DEV] Procd and askconsole
>
>
>
> On 16/09/2016 10:48, Lebleu Pierre wrote:
>> Hi all,
>>
>> I am new to this mailing list and I would like to present me as Pierre.
>>
>> I recently play a bit with procd and I found an "issue". Indeed, if I
>> do a factory reset, I am able to login as root without login. I have
>> some scripts in /etc/uci-defaults and one of them set the password for
>> the root account. So, this behaviour looks like to me a bug.
>>
>> For my understanding, when procd reaches STATE_INIT, it runs the
>> inittab and one of them is "askconsole". The problem is the system is
>> not completely ready to receive the user : the hostname is not even
>> set.
>>
>> In the old sysvinit, the inittab contains an entry called "bootwait"
>> wich is executed after the termination of init (eg : "/etc/rc.d").
>> I purpose to move the "askconsole" entry to STATE_RUNNING or to create
>> a new entry called "askconsolewait" in order to keep backward
>> compatibility.
>>
>> diff --git a/inittab.c b/inittab.c
>> index ae2c431..2d590e4 100644
>> --- a/inittab.c
>> +++ b/inittab.c
>> @@ -228,6 +228,10 @@ static struct init_handler handlers[] = {
>> .name = "respawn",
>> .cb = rcrespawn,
>> .multi = 1,
>> + }, {
>> + .name = "askconsolewait",
>> + .cb = askconsole,
>> + .multi = 1,
>> }
>> };
>>
>> @@ -251,11 +255,9 @@ void procd_inittab_run(const char *handler)
>>
>> list_for_each_entry(a, &actions, list)
>> if (!strcmp(a->handler->name, handler)) {
>> - if (a->handler->multi) {
>> - a->handler->cb(a);
>> - continue;
>> - }
>> a->handler->cb(a);
>> + if (a->handler->multi)
>> + continue;
>> break;
>> }
>> }
>> diff --git a/state.c b/state.c
>> index 4ad9e2d..fe37419 100644
>> --- a/state.c
>> +++ b/state.c
>> @@ -128,6 +128,7 @@ static void state_enter(void)
>>
>> case STATE_RUNNING:
>> LOG("- init complete -\n");
>> + procd_inittab_run("askconsolewait");
>> break;
>>
>> case STATE_SHUTDOWN:
>>
>> What is your view ? Thank you.
>>
>> Cheers,
>>
>> Pierre
>>
>> _______________________________________________
>> Lede-dev mailing list
>> Lede-dev@lists.infradead.org
>> http://lists.infradead.org/mailman/listinfo/lede-dev
>>
>
> Hi Pierre,
>
> just to be clear, you mean that there is a short timeslot between
> inittab/askconsole and uci-defaults during which a passwordless login is
> possible and you would liek to prevent this ?
>
> if i understood the problem corretly please simply set
>
> ttylogin=1 here ->
>
> https://git.lede-project.org/?p=source.git;a=blob;f=package/base-files/files/bin/config_generate;h=80ed61b9e2dabf6f2f99102345be3da60097af3e;hb=HEAD#l231
>
> that should make the image boot with password login required even if no
> password is set.
>
> the normal use case is that one flashes, enables the flag and then upon
> second bootup the unit will require a login. in your use case you already
> want the password protection on the very first boot i think
>
> John
>
_______________________________________________
Lede-dev mailing list
Lede-dev@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/lede-dev
