kennedyshead / aioasuswrt

MIT License
24 stars 24 forks source link

Running without root privileges - how to set up #75

Closed N00BMmika closed 3 years ago

N00BMmika commented 3 years ago

Hi, This suggestion may be a bit off-topic but just wanted to share with out and ask what you think.

Background: On my earlier Asus WRT I had Asuswrt-Merlin. That included busybox which supported adding new Linux users to WRT. This way I was able to make user which did not have root privileges. I used that user for aioasuswrt. This way no need to store root password in the system where I run aioasuswrt.

Idea: Since the router got broken and I purchased new one. I would like to keep the stock FW in there. I'm wondering if it would be possible to add user using commands in stock FW just by editing files, /etc/password etc. to create another user with limited privileges which could be used for aioasuswrt.

Request: If you think the idea is feasible and you know how to do it, could you provide instructions how to add new user with limited privileges.

Thanks

N00BMmika commented 3 years ago

I noticed that new user can be created via web ui's ftp settings: http://router.asus.com/Advanced_AiDisk_ftp.asp The user appears to /etc/passwd as [user name]:x:501:501::/dev/null:/dev/null but this user is not listed in /etc/shadow that is probably because ftp(s) passwords are stored different location. Because of that the SSH connection cannot be made by using this user. Also home directory and shell should be defined properly to /etc/password

N00BMmika commented 3 years ago

I was able to create new user and get ssh access for it. steps: 1 create new user with http://router.asus.com/Advanced_AiDisk_ftp.asp. I suppose this is not needed and it is enough just edit /etc/passwd

2 make backup of /etc/passwd 3 add/edit row to etc/passwd hass:x:501:501:hass:/tmp:/bin/sh

4 set password for new user. As root, run /usr/sbin/chpasswd.sh hass [password]

Still I think this may not be too secure way either since quite many files has rw and apps has x rights for all users.