Closed pfalcon closed 12 years ago
pfalcon
commented
12 years ago So, we may want to see if there's any consistency in uid/gid values used be default on Android devices. Or maybe, just skip that, and put whatever uid/gid "adb shell" has on a specific device into /etc/passwd & groups
zeroepoch
commented
12 years ago I think my usage of optware is different than yours. I usually start a terminal emulator app (also quicksshd can start in optware) on my tablet rather than using adb shell. That was the reason I was switching to the optware user but understand why this isn't good for everyone. I don't have a preference toward a certain uid/gid as long as it's below the 10xxx range used by android apps. Keeping with uid/gid of the adb shell user probably makes the most sense as it's not an android app user and not root but puesdo exists as opposed to making up one like I did. Getting the adb shell user automatically is a great idea and the more I think about it the best idea. I'll check what my device uses when adb shell is started and see if it's the same as yours.
zeroepoch
commented
12 years ago I just started adb shell on my transformer prime and it starts as the root user without me doing anything. I also have a custom ROM installed so that may alter it. My prompt is actually "root@android:/" not "$". When I do this same experiment on my phone (running cyanogenmod 7.1 again a custom ROM) it also starts as root but the prompt is just "#". Maybe your script should actually check if id == 0 and if not add that other id as "user" or "adb"? I'm surprised you were able to install openssh without being root.
zeroepoch
commented
12 years ago Not related to this issue but got me thinking as everything is installed as root... "adb shell -c" is used a lot and maybe this should instead be a variable or function to make it a bit cleaner?
pfalcon
commented
12 years ago I think my usage of optware is different than yours. I usually start a terminal emulator app (also quicksshd can start in optware) on my tablet rather than using adb shell.
Well, optware-install-via-adb.sh is intended to be run on the host via adb, so the next natural step is to do "adb shell". I certainly understand on-device usage with terminal, but that comes as the "next thing" ;-)
pfalcon
commented
12 years ago I just started adb shell on my transformer prime and it starts as the root user without me doing anything. I also have a custom ROM installed so that may alter it.
Yes, that's it - you have "custom" ROM with ro.secure=0. Essentially, such builds allow (or even [hacked to] do automatically) "adb root". But that's not a real Android, no concerned vendor would release production device as such ;-). That's the same problem I had with http://sf.net/p/chdistro-droid - I wrote it based on particular hacked device I had on my hands, but there's no warranty that it works on any other device. So, as I told, now, based on that experience, I'm very cautious to not make too many assumptions and changes - with the aim to be able to run on real any Android device, not some particular irreproducible hack of it.
pfalcon
commented
12 years ago I'm surprised you were able to install openssh without being root.
Well, apparently optware folks were smart ;-). Indeed, you can run ssh as any user, you can run sshd on port >1024 as any user, so why require root for install?
pfalcon
commented
12 years ago Maybe your script should actually check if id == 0 and if not add that other id as "user" or "adb"?
Well, maybe that. Or maybe just add user with static uid 2000 then (well, first I'd like to figure where that number comes from - if it's in AOSP, it's more or less safe).
So, basic algo during install may be: check uid/gid of user adb runs as. If it's root, add static /etc/passwd entry with 2000/2000, otherwise add entry with real uid/gid as seen.
Well, now that we'd have user which actually corresponds to adb's default, I wonder if it indeed would make sense to switch users to cover run-from-ondevice-terminal case. At least, now that we considered it from different sides, I'm more comfortable about it ;-). Other option is to add 2nd startup script for such case, but it indeed feels that one script could cover both.
pfalcon
commented
12 years ago Not related to this issue but got me thinking as everything is installed as root... "adb shell -c" is used a lot and maybe this should instead be a variable or function to make it a bit cleaner?
What would you propose? To just replace "adb shell" with "t_sh"? If you think that'd be cleaner, than maybe. But "su -c" should be explicit, because if you don't see "-c", you don't know why command to execute is quoted, then you can forget to quote it, then error, potentially not immediately visible.
zeroepoch
commented
12 years ago I was thinking the whole string "adb shell su -c". In the function you could always quote the arguments
function t_sh () { adb shell su -c "$@" }
If you use "$@" (with quotes around it) it will expand properly (with positions) as passed to the macro.
zeroepoch
commented
12 years ago If we can figure out what adb shell uses in AOSP and if it's always 2000/2000 then I would say just add that statically. There is no need to even check if the adb shell user is root or not since it would always be either root or 2000/2000. For the start script maybe you could check if the user is not root or 2000 (in case of a terminal emulator) then change to user 2000. There needs to be a better way to switch users then the double-su trick though. I think android su can change to any user without being root first but not sure. What do you think? We really need more users here so we can get expanded coverage. Preferably users without custom ROMs but still have root. I haven't tried it on my phone but it's running cyanogenmod which again a custom ROM.
zeroepoch
commented
12 years ago We can close this issue now.
After latest Eric's chanegs to add /etc/passwd & /etc/group, I on my Nook Tablet still have: