Compare commits
9 Commits
overhaul-S
...
SDXLEMUR
| Author | SHA1 | Date | |
|---|---|---|---|
| e970703a11 | |||
| 6b1d2dcca0 | |||
| de3c77ded7 | |||
| b79f0435b7 | |||
| fedca206e8 | |||
| 36915e3e8f | |||
| 1d57cbbca8 | |||
| c413a02fc7 | |||
|
909918c538 |
160
README.md
160
README.md
@@ -1,8 +1,162 @@
|
||||
# RGMII Toolkit
|
||||
Software deployment Toolkit for Quectel RM5xxx series 5G modems utilizing an m.2 to RJ45 adapter (RGMII)
|
||||
|
||||
Current Branch: **overhaul-SDXLEMUR**
|
||||
Current Status: ⚠️ **DO NOT USE OR DEPLOY/BROKEN STATE** ⚠️
|
||||
Current Branch: **SDXLEMUR**
|
||||
|
||||
- Currently creating an OpenWRT overlay sub-system
|
||||
Please PR to [development-SDXLEMUR](https://github.com/iamromulan/quectel-rgmii-toolkit/tree/development-SDXLEMUR) instead of the main one :)
|
||||
|
||||
Fork development, and PR development to development :)
|
||||
|
||||
|
||||
#### [JUMP TO HOW TO USE](#how-to-use)
|
||||
**Currently:** This will allow you to install or if already installed, update, remove, or modify:
|
||||
- Simple Admin: A simple web interface for managing your Quectel m.2 modem through it's gateway address
|
||||
- It will install socat-at-bridge: sets up ttyOUT and ttyOUT2 for AT commands. You'll be able to use the `atcmd` command as well for an interactive at command session from adb, ssh, or ttyd
|
||||
- It will install simplefirewall: A simple firewall that blocks definable incoming ports and a TTL mangle option/modifier. As of now only the TTL is controllable through Simple Admin. You can edit port block options and TTL from the 3rd option in the toolkit
|
||||
- Tailscale: A magic VPN for accessing Simple Admin, SSH, and ttyd on the go. The Toolkit installs the Tailscale client directly to the modem and allows you to login and configure other settings. Head over to tailscale.com to sign up for a free account and learn more.
|
||||
- Schedule a Daily Reboot at a specified time
|
||||
- A fix for certain modems that don't start in CFUN=1 mode
|
||||
- Entware/OPKG: A package installer/manager/repo
|
||||
- Run `opkg help` to see how to use it
|
||||
- These packages are installable: https://bin.entware.net/armv7sf-k3.2/Packages.html
|
||||
- TTYd: A shell session right from your browser
|
||||
- Currently this uses port 443 but SSL/TLS is not in use (http only for now)
|
||||
- Entware/OPKG is required so it will install it if it isn't installed
|
||||
- This will replace the stock Quectel login and passwd binaries with ones from entware
|
||||
|
||||
|
||||
|
||||
**My goal** is for this to also include any new useful scripts or software for this modem and others that support RGMII mode.
|
||||
## Screenshots
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
# Devleopment Branch: the below commands will download the beta/work in progress toolkit
|
||||
|
||||
## How to Use
|
||||
**To run the Toolkit:**
|
||||
- Open ADB & Fastboot++ covered in [Using ADB](https://github.com/iamromulan/quectel-rgmii-configuration-notes?tab=readme-ov-file#unlocking-and-using-adb) or just use adb
|
||||
- Make sure your modem is connected by USB to your computer
|
||||
- Run `adb devices` to make sure your modem is detected by adb
|
||||
- Run `adb shell ping 8.8.8.8` to make sure the shell can access the internet. If you get an error, make sure the modem is connected to a cellular network and make sure `AT+QMAPWAC=1` as covered in the troubleshooting section: [I Can't get internet access from the Ethernet port (Common)](https://github.com/iamromulan/quectel-rgmii-configuration-notes/tree/main?tab=readme-ov-file#i-cant-get-internet-access-from-the-ethernet-port-common)
|
||||
- If you don't get an error you should be getting replies back endlessly, press `CTRL-C` to stop it.
|
||||
- Simply Copy/Paste this into your Command Prompt/Shell
|
||||
```bash
|
||||
adb shell "cd /tmp && wget -O RMxxx_rgmii_toolkit.sh http://git.ievo.top/tyk/quectel-rgmii-toolkit/raw/branch/SDXLEMUR/RMxxx_rgmii_toolkit.sh && chmod +x RMxxx_rgmii_toolkit.sh && ./RMxxx_rgmii_toolkit.sh" && cd /
|
||||
```
|
||||
|
||||
**Or, if you want to stay in the modems shell when you are done**
|
||||
|
||||
```
|
||||
adb shell
|
||||
```
|
||||
Then run
|
||||
```
|
||||
cd /tmp && wget -O RMxxx_rgmii_toolkit.sh http://git.ievo.top/tyk/quectel-rgmii-toolkit/raw/branch/SDXLEMUR/RMxxx_rgmii_toolkit.sh && chmod +x RMxxx_rgmii_toolkit.sh && ./RMxxx_rgmii_toolkit.sh && cd /
|
||||
```
|
||||
**You should see:**
|
||||
|
||||
|
||||
## Tailscale Installation and Config
|
||||
|
||||
> :warning: Your modem must already be connected to the internet for this to install
|
||||
### Installation:
|
||||
Open up the toolkit main menu and **press 4** to enter the Tailscale menu
|
||||
|
||||
|
||||
|
||||
**Press 1, wait for it to install. This is a very large file for the system so give it some time.**
|
||||
|
||||
**Once done and it says Tailscale installed successfully press 2/enter to configure it.**
|
||||
|
||||
|
||||
|
||||
If you want to, enable the Tailscale Web UI on port 8088 for configuration from the browser later by **pressing 1/enter**.
|
||||
|
||||
To do it in the toolkit:
|
||||
First time connecting you'll be given a link to login with
|
||||
- Press 3 to just connect only.
|
||||
- Press 4 to connect and enable SSH access (remote command line) over tailscale.
|
||||
- Press 5 to reconnect with SSH off while connected with SSH on
|
||||
- Press 6 to disconnect
|
||||
- Press 7 to Logout
|
||||
|
||||
That's it! From another device running tailscale you should be able to access your modem through the IP assigned to it by your tailnet. To access SSH from another device on the tailnet, open a terminal/command prompt and type
|
||||
|
||||
tailscale ssh root@(IP or Hostname)
|
||||
IP or Hostname being the IP or hostname assigned to it in your tailnet
|
||||
|
||||
- Note that your SSH client must be able to give you a link to sign in with upon connecting. That's how the session is authorized. Works fine in Windows CMD or on Android use JuiceSSH.
|
||||
## Advanced/Beta
|
||||
|
||||
### Entware/OPKG installation
|
||||
|
||||
|
||||
It isn't perfect yet so it goes here under Advanced/Beta for now.
|
||||
Here's what you gotta know about going into it:
|
||||
|
||||
- After installing, the `opkg` command will work
|
||||
- You can run `opkg list` to see a list of installable packages, or head over to https://bin.entware.net/armv7sf-k3.2/Packages.html
|
||||
- Everything opkg does is installed to /opt
|
||||
- `/opt` is actually located at `/usrdata/opt` to save space but is
|
||||
mounted at `/opt`
|
||||
- Anything `opkg` installs will not be available in the system path by
|
||||
default but you can get around this either:
|
||||
|
||||
#### Temporarily:
|
||||
Run this at the start of each adb shell or SSH shell session
|
||||
|
||||
export PATH=/opt/bin:/opt/sbin:$PATH
|
||||
|
||||
#### Permanently:
|
||||
Symbolic linking each binary installed by the package to `/bin` and `/sbin` from `/opt/bin` and `/opt/sbin`
|
||||
For example, if you were to install zerotier:
|
||||
|
||||
opkg install zerotier
|
||||
ln -sf /opt/bin/zerotier-one /bin
|
||||
ln -sf /opt/bin/zerotier-cli /bin
|
||||
ln -sf /opt/bin/zerotier-idtool /bin
|
||||
|
||||
Now you can run those 3 binaries from the shell anytime since they are linked in a place already part of the system path.
|
||||
|
||||
I plan to create a watchdog service for /opt/bin and /opt/sbin that will automaticly link new packages to /bin or /sbin later on in order to combat this.
|
||||
|
||||
### TTYd installation
|
||||
|
||||
It isn't perfect yet so it goes here under Advanced/Beta for now.
|
||||
Here's what you gotta know about going into it:
|
||||
|
||||
- This listens on port 443 for http requests (no SSL/TLS yet)
|
||||
- This will automaticly install entware and patch the login and passwd binaries with ones from entware
|
||||
- It will ask you to set a password for the `root` user account
|
||||
- TTYd doesn't seem to be too mobile friendly for now but I optimized it the best i could for now so it is at least usable through a smartphone browser. Hopefully the startup script can be improved even more later.
|
||||
|
||||
## Acknowledgements
|
||||
### GitHub Users/Individuals:
|
||||
Thank You to:
|
||||
|
||||
[Nate Carlson](https://github.com/natecarlson) for the Original Telnet Deamon/socat bridge usage and the Original RGMII Notes
|
||||
|
||||
[aesthernr](https://github.com/aesthernr) for creating the Original Simple Admin
|
||||
|
||||
[rbflurry](https://github.com/rbflurry/) for inital Simple Admin fixes
|
||||
|
||||
[dr-dolomite](https://github.com/dr-dolomite) for some major stat page improvements and this repos first approved external PR!
|
||||
|
||||
[tarunVreddy](https://github.com/tarunVreddy) for helping with the SA band aggregation parse
|
||||
|
||||
### Existing projects:
|
||||
Simpleadmin heavily uses the AT Command Parsing Scripts (Basically a copy with new changes and tweaks) of Dairyman's Rooter Source https://github.com/ofmodemsandmen/ROOterSource2203
|
||||
|
||||
Tailscale was obtained through Tailscale's static build page. Since these modems have a 32-bit ARM processor on-board I used the arm package. https://pkgs.tailscale.com/stable/#static
|
||||
|
||||
Entware/opkg was obtained through [Entware's wiki](https://github.com/Entware/Entware/wiki/Alternative-install-vs-standard) and the installer heavily modified by [iamromulan](https://github.com/iamromulan) for use with Quectel modems
|
||||
|
||||
TTYd was obtained from the [TTYd Project](https://github.com/tsl0922/ttyd)
|
||||
|
||||
@@ -2,14 +2,14 @@
|
||||
|
||||
# Define toolkit paths
|
||||
export PATH=/bin:/sbin:/usr/bin:/usr/sbin:/opt/bin:/opt/sbin:/usrdata/root/bin
|
||||
GITUSER="iamromulan"
|
||||
GITUSER="tyk"
|
||||
REPONAME="quectel-rgmii-toolkit"
|
||||
GITTREE="SDXLEMUR"
|
||||
GITMAINTREE="SDXLEMUR"
|
||||
GITDEVTREE="development-SDXLEMUR"
|
||||
GITROOT="https://raw.githubusercontent.com/$GITUSER/$REPONAME/$GITTREE"
|
||||
GITROOTMAIN="https://raw.githubusercontent.com/$GITUSER/$REPONAME/$GITMAINTREE"
|
||||
GITROOTDEV="https://raw.githubusercontent.com/$GITUSER/$REPONAME/$GITDEVTREE"
|
||||
GITROOT="http://git.ievo.top/tyk/quectel-rgmii-toolkit/raw/branch/SDXLEMUR"
|
||||
GITROOTMAIN="http://git.ievo.top/$GITUSER/$REPONAME/$GITMAINTREE"
|
||||
GITROOTDEV="http://git.ievo.top/$GITUSER/$REPONAME/$GITDEVTREE"
|
||||
TMP_DIR="/tmp"
|
||||
USRDATA_DIR="/usrdata"
|
||||
SOCAT_AT_DIR="/usrdata/socat-at-bridge"
|
||||
@@ -750,7 +750,7 @@ install_sshd() {
|
||||
|
||||
ARCH=$(uname -a)
|
||||
if echo "$ARCH" | grep -q "aarch64"; then
|
||||
cd /tmp && wget -O RM55x_rcPCIe_toolkit.sh https://raw.githubusercontent.com/iamromulan/quectel-rgmii-toolkit/SDXPINN/RM55x_rcPCIe_toolkit.sh && chmod +x RM55x_rcPCIe_toolkit.sh && ./RM55x_rcPCIe_toolkit.sh && cd /
|
||||
cd /tmp && wget -O RM55x_rcPCIe_toolkit.sh http://git.ievo.top/iamromulan/quectel-rgmii-toolkit/SDXPINN/RM55x_rcPCIe_toolkit.sh && chmod +x RM55x_rcPCIe_toolkit.sh && ./RM55x_rcPCIe_toolkit.sh && cd /
|
||||
exit 0
|
||||
elif echo "$ARCH" | grep -q "armv7l"; then
|
||||
# Continue if architecture is armv7l
|
||||
@@ -1,15 +0,0 @@
|
||||
Package: atinout
|
||||
Version: 0.9.1
|
||||
Depends: libc
|
||||
Source: feeds/kiddin9/atinout
|
||||
SourceName: atinout
|
||||
License: GPLv2
|
||||
LicenseFiles: LICENSE
|
||||
Section: net
|
||||
SourceDateEpoch: 1731357966
|
||||
URL: http://atinout.sourceforge.net/
|
||||
Maintainer: Adrian Guenter <a@gntr.me>
|
||||
Architecture: arm_cortex-a7_neon-vfpv4
|
||||
Installed-Size: 20480
|
||||
Description: Atinout is a program that will execute AT commands in sequence and
|
||||
capture the response from the modem.
|
||||
@@ -1,5 +0,0 @@
|
||||
#!/bin/sh
|
||||
[ "${IPKG_NO_SCRIPT}" = "1" ] && exit 0
|
||||
[ -s ${IPKG_INSTROOT}/lib/functions.sh ] || exit 0
|
||||
. ${IPKG_INSTROOT}/lib/functions.sh
|
||||
default_postinst $0 $@
|
||||
@@ -1,4 +0,0 @@
|
||||
#!/bin/sh
|
||||
[ -s ${IPKG_INSTROOT}/lib/functions.sh ] || exit 0
|
||||
. ${IPKG_INSTROOT}/lib/functions.sh
|
||||
default_prerm $0 $@
|
||||
@@ -1 +0,0 @@
|
||||
2.0
|
||||
@@ -1,2 +0,0 @@
|
||||
/etc/config/
|
||||
/etc/atinout/
|
||||
Binary file not shown.
@@ -1 +0,0 @@
|
||||
2.0
|
||||
@@ -1 +0,0 @@
|
||||
../openwrt-subsystem.target
|
||||
@@ -1,15 +0,0 @@
|
||||
[Unit]
|
||||
Description=Set up OpenWRT overlay filesystem
|
||||
DefaultDependencies=no
|
||||
Requires=qmi_shutdown_modemd.service
|
||||
After=qmi_shutdown_modemd.service
|
||||
ConditionPathExists=/usr/sbin/openwrt-overlay.sh
|
||||
|
||||
[Service]
|
||||
Type=oneshot
|
||||
ExecStart=/usr/sbin/openwrt-overlay.sh
|
||||
RemainAfterExit=true
|
||||
|
||||
[Install]
|
||||
WantedBy=openwrt-subsystem.target
|
||||
|
||||
@@ -1,7 +0,0 @@
|
||||
[Unit]
|
||||
Description=OpenWRT Subsystem Target
|
||||
Requires=openwrt-overlay.service
|
||||
After=qmi_shutdown_modemd.service openwrt-overlay.service
|
||||
|
||||
[Install]
|
||||
WantedBy=multi-user.target
|
||||
@@ -1 +0,0 @@
|
||||
../openwrt-overlay.service
|
||||
@@ -1,81 +0,0 @@
|
||||
#!/bin/sh
|
||||
|
||||
newroot() {
|
||||
/bin/echo "Begin mount fix process to make a usable userspace for OpenWRT Subsystem"
|
||||
|
||||
# Forcefully unmount /etc
|
||||
/bin/echo "Unmounting the bind at /etc"
|
||||
/bin/umount -lf /etc
|
||||
|
||||
# Remount root filesystem as read-write
|
||||
/bin/echo "Remounting / as read-write"
|
||||
/bin/mount -o remount,rw /
|
||||
|
||||
# Make mount namespaces private
|
||||
mount --make-rprivate /
|
||||
|
||||
# Ensure necessary directories exist for overlay and pivot_root
|
||||
/bin/echo "Creating new overlay system"
|
||||
if [ ! -d /usrdata/rootfs ]; then
|
||||
mkdir -p /usrdata/rootfs
|
||||
fi
|
||||
if [ ! -d /usrdata/rootfs-workdir ]; then
|
||||
mkdir -p /usrdata/rootfs-workdir
|
||||
fi
|
||||
if [ ! -d /rootfs ]; then
|
||||
mkdir -p /rootfs
|
||||
fi
|
||||
|
||||
# Mount the new overlay filesystem
|
||||
/bin/mount -t overlay overlay -o lowerdir=/,upperdir=/usrdata/rootfs,workdir=/usrdata/rootfs-workdir /rootfs
|
||||
|
||||
# Create the real_rootfs directory in the new root
|
||||
if [ ! -d /rootfs/real_rootfs ]; then
|
||||
mkdir -p /rootfs/real_rootfs
|
||||
fi
|
||||
|
||||
# Pivot root to the new root
|
||||
/bin/echo "Pivoting Root / to /rootfs; Be back soon!!"
|
||||
/sbin/pivot_root /rootfs /rootfs/real_rootfs >/dev/null 2>&1
|
||||
|
||||
# Move the mounted filesystems to the new locations
|
||||
/bin/echo "Moving previous mount points to the new root"
|
||||
/bin/mount --move /real_rootfs/sys /sys
|
||||
/bin/mount --move /real_rootfs/proc /proc
|
||||
/bin/mount --move /real_rootfs/tmp /tmp
|
||||
/bin/mount --move /real_rootfs/dev /dev
|
||||
/bin/mount --move /real_rootfs/firmware /firmware
|
||||
/bin/mount --move /real_rootfs/usrdata /usrdata
|
||||
/bin/mount --move /real_rootfs/persist /persist
|
||||
/bin/mount --move /real_rootfs/cache /cache
|
||||
/bin/mount --move /real_rootfs/data /data
|
||||
/bin/mount --move /real_rootfs/run /run
|
||||
/bin/mount --move /real_rootfs/etc/machine-id /etc/machine-id
|
||||
/bin/mount --move /real_rootfs/var/volatile /var/volatile
|
||||
/bin/mount --move /real_rootfs/systemrw /systemrw
|
||||
|
||||
# Bind-mount core mountpoints back into real_rootfs for chroot/debug
|
||||
/bin/echo "Binding previous mount points to the old root"
|
||||
/bin/mount --bind /dev /real_rootfs/dev
|
||||
/bin/mount --bind /proc /real_rootfs/proc
|
||||
/bin/mount --bind /sys /real_rootfs/sys
|
||||
/bin/mount --bind /tmp /real_rootfs/tmp
|
||||
/bin/mount --bind /run /real_rootfs/run
|
||||
/bin/mount --bind /firmware /real_rootfs/firmware
|
||||
/bin/mount --bind /persist /real_rootfs/persist
|
||||
/bin/mount --bind /cache /real_rootfs/cache
|
||||
/bin/mount --bind /data /real_rootfs/data
|
||||
/bin/mount --bind /systemrw /real_rootfs/systemrw
|
||||
/bin/mount --bind /usrdata /real_rootfs/usrdata
|
||||
/bin/mount --bind /etc /real_rootfs/etc
|
||||
/bin/mount --bind /etc/machine-id /real_rootfs/etc/machine-id
|
||||
/bin/mount --bind /var/volatile /real_rootfs/var/volatile
|
||||
|
||||
# Mount orginal rootfs as RO
|
||||
/bin/mount -o remount,ro /real_rootfs
|
||||
|
||||
echo "Complete"
|
||||
}
|
||||
|
||||
newroot
|
||||
|
||||
@@ -1 +0,0 @@
|
||||
../openwrt-subsystem.target
|
||||
@@ -1,15 +0,0 @@
|
||||
[Unit]
|
||||
Description=Set up OpenWRT overlay filesystem
|
||||
DefaultDependencies=no
|
||||
Requires=qmi_shutdown_modemd.service
|
||||
After=qmi_shutdown_modemd.service
|
||||
ConditionPathExists=/usr/sbin/openwrt-overlay.sh
|
||||
|
||||
[Service]
|
||||
Type=oneshot
|
||||
ExecStart=/usr/sbin/openwrt-overlay.sh
|
||||
RemainAfterExit=true
|
||||
|
||||
[Install]
|
||||
WantedBy=openwrt-subsystem.target
|
||||
|
||||
@@ -1,7 +0,0 @@
|
||||
[Unit]
|
||||
Description=OpenWRT Subsystem Target
|
||||
Requires=openwrt-overlay.service
|
||||
After=qmi_shutdown_modemd.service openwrt-overlay.service
|
||||
|
||||
[Install]
|
||||
WantedBy=multi-user.target
|
||||
@@ -1 +0,0 @@
|
||||
../openwrt-overlay.service
|
||||
@@ -1,105 +0,0 @@
|
||||
#!/bin/sh
|
||||
|
||||
#|---------|-------------------------|
|
||||
#| TARGET | SDXLEMUR |
|
||||
#| ARCH | arm_cortex-a7_neon-vfpv4|
|
||||
#|---------|-------------------------|
|
||||
|
||||
# Based on entware, heavily modified by iamromulan
|
||||
# This script sets up a custom opkg installation system for the SDXLEMUR platform
|
||||
# The primary feed for this will be my feed and will be a combo of modified IPK files from multiple sources
|
||||
# opkg is from entware and expects /opt to exist
|
||||
# /opt will be setup as an overlay of lower / and upper /usrdata/rootfs-upper
|
||||
# Most likely several mount binds will be setup at / to point back to /opt the overlay
|
||||
# The real /lib/systemd will need to be able to be written to so we may bind that within /opt
|
||||
# In active development; will decide if the entware feed gets re added later
|
||||
|
||||
|
||||
ARCH=arm_cortex-a7_neon-vfpv4
|
||||
#ARCH=armv7sf-k3.2
|
||||
PRE_OPKG_PATH=$(which opkg)
|
||||
URL=https://raw.githubusercontent.com/iamromulan/quectel-rgmii-toolkit/development-SDXLEMUR/opkg-feed/installer
|
||||
|
||||
# Remount filesystem as read-write
|
||||
mount -o remount,rw /
|
||||
|
||||
# Will need to edit this. Will be an overlay instead of bind mount
|
||||
# The package sdxlemur-mount-fix will make this run at boot
|
||||
create_opt_overlay() {
|
||||
|
||||
[ ! -d "/opt" ] && mkdir /opt
|
||||
[ ! -d "/usrdata/rootfs-upper" ] && mkdir /usrdata/rootfs-upper
|
||||
[ ! -d "/usrdata/rootfs-work" ] && mkdir /usrdata/rootfs-work
|
||||
|
||||
mount -t overlay overlay_root -o lowerdir=/,upperdir=/usrdata/rootfs-upper,workdir=/usrdata/rootfs-work /opt
|
||||
|
||||
# add additional mount binds and dir
|
||||
|
||||
}
|
||||
|
||||
# Account for existing opkg binary on the RM502Q-AE
|
||||
if [ -n "$PRE_OPKG_PATH" ]; then
|
||||
# Automatically rename the existing opkg binary
|
||||
mv "$PRE_OPKG_PATH" "${PRE_OPKG_PATH}_old"
|
||||
echo -e "\033[32mFactory/Already existing opkg has been renamed to opkg_old.\033[0m"
|
||||
else
|
||||
echo "Info: no existing opkg binary detected, proceeding with installation"
|
||||
fi
|
||||
|
||||
echo -e '\033[32mInfo: Creating /opt overlayfs with lower / and upper /usrdata/rootfs-upper \033[0m'
|
||||
create_opt_overlay
|
||||
|
||||
echo -e '\033[32mInfo: Proceeding with main installation ...\033[0m'
|
||||
echo -e '\033[32mInfo: Opkg package manager deployment...\033[0m'
|
||||
|
||||
wget $URL/opkg -O /opt/bin/opkg
|
||||
chmod 755 /opt/bin/opkg
|
||||
wget $URL/opkg.conf -O /opt/etc/opkg.conf
|
||||
|
||||
echo -e '\033[32mInfo: Basic packages installation...\033[0m'
|
||||
/opt/bin/opkg update
|
||||
#/opt/bin/opkg install entware-opt #Will revist this and its need
|
||||
/opt/bin/opkg install sdxlemur-factory-packages
|
||||
|
||||
# Fix for multiuser environment
|
||||
chmod 777 /opt/tmp
|
||||
|
||||
|
||||
echo -e '\033[32mInfo: Add /opt/bin & /opt/sbin to $PATH variable\033[0m'
|
||||
ln -sf /opt/bin/opkg /bin
|
||||
echo -e '\033[32mInfo: Patching Quectel Login Binary\033[0m'
|
||||
opkg update && opkg install shadow-login shadow-passwd shadow-useradd
|
||||
if [ "$?" -ne 0 ]; then
|
||||
echo -e "\e[1;31mPackage installation failed. Please check your internet connection and try again.\e[0m"
|
||||
exit 1
|
||||
fi
|
||||
|
||||
# Replace the login and passwd binaries and set home for root to a writable directory
|
||||
rm /opt/etc/shadow
|
||||
rm /opt/etc/passwd
|
||||
cp /etc/shadow /opt/etc/
|
||||
cp /etc/passwd /opt/etc
|
||||
mkdir /usrdata/root
|
||||
mkdir /usrdata/root/bin
|
||||
touch /usrdata/root/.profile
|
||||
echo "# Set PATH for all shells" > /usrdata/root/.profile
|
||||
echo "export PATH=/bin:/usr/sbin:/usr/bin:/sbin:/opt/sbin:/opt/bin:/usrdata/root/bin" >> /usrdata/root/.profile
|
||||
chmod +x /usrdata/root/.profile
|
||||
sed -i '1s|/home/root:/bin/sh|/usrdata/root:/bin/bash|' /opt/etc/passwd
|
||||
rm /bin/login /usr/bin/passwd
|
||||
ln -sf /opt/bin/login /bin
|
||||
ln -sf /opt/bin/passwd /usr/bin/
|
||||
ln -sf /opt/bin/useradd /usr/bin/
|
||||
echo -e "\e[1;31mPlease set the root password.\e[0m"
|
||||
/usr/bin/passwd
|
||||
|
||||
# Install basic and useful utilites
|
||||
opkg install mc htop dfc lsof
|
||||
ln -sf /opt/bin/mc /bin
|
||||
ln -sf /opt/bin/htop /bin
|
||||
ln -sf /opt/bin/dfc /bin
|
||||
ln -sf /opt/bin/lsof /bin
|
||||
# Remount filesystem as read-only
|
||||
mount -o remount,ro /
|
||||
echo -e '\033[32mInfo: Congratulations!\033[0m'
|
||||
echo -e '\033[32mInfo: If there are no errors above then Entware was successfully initialized.\033[0m'
|
||||
Binary file not shown.
Binary file not shown.
Binary file not shown.
@@ -1 +0,0 @@
|
||||
busybox
|
||||
Binary file not shown.
@@ -1 +0,0 @@
|
||||
busybox
|
||||
@@ -1 +0,0 @@
|
||||
busybox
|
||||
@@ -1 +0,0 @@
|
||||
busybox
|
||||
@@ -1 +0,0 @@
|
||||
busybox
|
||||
@@ -1 +0,0 @@
|
||||
busybox
|
||||
@@ -1 +0,0 @@
|
||||
busybox
|
||||
@@ -1 +0,0 @@
|
||||
busybox
|
||||
@@ -1 +0,0 @@
|
||||
busybox
|
||||
@@ -1 +0,0 @@
|
||||
busybox
|
||||
@@ -1 +0,0 @@
|
||||
busybox
|
||||
@@ -1 +0,0 @@
|
||||
busybox
|
||||
@@ -1 +0,0 @@
|
||||
busybox
|
||||
@@ -1 +0,0 @@
|
||||
busybox
|
||||
@@ -1 +0,0 @@
|
||||
busybox
|
||||
@@ -1 +0,0 @@
|
||||
busybox
|
||||
@@ -1 +0,0 @@
|
||||
busybox
|
||||
@@ -1 +0,0 @@
|
||||
busybox
|
||||
@@ -1 +0,0 @@
|
||||
busybox
|
||||
@@ -1 +0,0 @@
|
||||
busybox
|
||||
@@ -1 +0,0 @@
|
||||
busybox
|
||||
@@ -1 +0,0 @@
|
||||
/usr/bin/login
|
||||
@@ -1 +0,0 @@
|
||||
busybox
|
||||
@@ -1 +0,0 @@
|
||||
busybox
|
||||
@@ -1 +0,0 @@
|
||||
busybox
|
||||
@@ -1 +0,0 @@
|
||||
busybox
|
||||
@@ -1 +0,0 @@
|
||||
busybox
|
||||
@@ -1 +0,0 @@
|
||||
busybox
|
||||
@@ -1 +0,0 @@
|
||||
busybox
|
||||
@@ -1 +0,0 @@
|
||||
busybox
|
||||
@@ -1 +0,0 @@
|
||||
busybox
|
||||
Binary file not shown.
@@ -1 +0,0 @@
|
||||
busybox
|
||||
@@ -1 +0,0 @@
|
||||
busybox
|
||||
@@ -1 +0,0 @@
|
||||
busybox
|
||||
@@ -1 +0,0 @@
|
||||
busybox
|
||||
@@ -1 +0,0 @@
|
||||
busybox
|
||||
@@ -1 +0,0 @@
|
||||
busybox
|
||||
@@ -1 +0,0 @@
|
||||
busybox
|
||||
@@ -1 +0,0 @@
|
||||
busybox
|
||||
@@ -1 +0,0 @@
|
||||
busybox
|
||||
@@ -1 +0,0 @@
|
||||
busybox
|
||||
@@ -1 +0,0 @@
|
||||
busybox
|
||||
@@ -1 +0,0 @@
|
||||
busybox
|
||||
@@ -1 +0,0 @@
|
||||
busybox
|
||||
@@ -1 +0,0 @@
|
||||
busybox
|
||||
@@ -1 +0,0 @@
|
||||
busybox
|
||||
@@ -1 +0,0 @@
|
||||
busybox
|
||||
@@ -1 +0,0 @@
|
||||
busybox
|
||||
@@ -1 +0,0 @@
|
||||
busybox
|
||||
Binary file not shown.
Binary file not shown.
@@ -1 +0,0 @@
|
||||
busybox
|
||||
@@ -1 +0,0 @@
|
||||
busybox
|
||||
@@ -1 +0,0 @@
|
||||
busybox
|
||||
@@ -1 +0,0 @@
|
||||
busybox
|
||||
@@ -1,9 +0,0 @@
|
||||
_______ ________ __
|
||||
| |.-----.-----.-----.| | | |.----.| |_
|
||||
| - || _ | -__| || | | || _|| _|
|
||||
|_______|| __|_____|__|__||________||__| |____|
|
||||
|__| W I R E L E S S F R E E D O M
|
||||
-----------------------------------------------------
|
||||
OpenWrt-SDXLEMUR-Subsystem based on 22.03.5, r20134-5f15225c1e
|
||||
Modified by iamromulan on GitHub
|
||||
-----------------------------------------------------
|
||||
@@ -1,15 +0,0 @@
|
||||
================= FAILSAFE MODE active ================
|
||||
special commands:
|
||||
* firstboot reset settings to factory defaults
|
||||
* mount_root mount root-partition with config files
|
||||
|
||||
after mount_root:
|
||||
* passwd change root's password
|
||||
* /etc/config directory with config files
|
||||
|
||||
for more help see:
|
||||
https://openwrt.org/docs/guide-user/troubleshooting/
|
||||
- failsafe_and_factory_reset
|
||||
- root_password_reset
|
||||
=======================================================
|
||||
|
||||
@@ -1,22 +0,0 @@
|
||||
{
|
||||
"bounding": [
|
||||
"CAP_NET_BIND_SERVICE",
|
||||
"CAP_SYS_TIME"
|
||||
],
|
||||
"effective": [
|
||||
"CAP_NET_BIND_SERVICE",
|
||||
"CAP_SYS_TIME"
|
||||
],
|
||||
"ambient": [
|
||||
"CAP_NET_BIND_SERVICE",
|
||||
"CAP_SYS_TIME"
|
||||
],
|
||||
"permitted": [
|
||||
"CAP_NET_BIND_SERVICE",
|
||||
"CAP_SYS_TIME"
|
||||
],
|
||||
"inheritable": [
|
||||
"CAP_NET_BIND_SERVICE",
|
||||
"CAP_SYS_TIME"
|
||||
]
|
||||
}
|
||||
@@ -1,5 +0,0 @@
|
||||
config dropbear
|
||||
option PasswordAuth 'on'
|
||||
option RootPasswordAuth 'on'
|
||||
option Port '22'
|
||||
# option BannerFile '/etc/banner'
|
||||
@@ -1,4 +0,0 @@
|
||||
DEVICE_MANUFACTURER='Quectel'
|
||||
DEVICE_MANUFACTURER_URL='https://quectel.com/'
|
||||
DEVICE_PRODUCT='RM520N-GL'
|
||||
DEVICE_REVISION='v0'
|
||||
@@ -1,6 +0,0 @@
|
||||
#
|
||||
# Lookup man 5 ethers for syntax documentation
|
||||
#
|
||||
# Examples :
|
||||
# 02:00:11:22:33:44 OpenWrt.lan
|
||||
# 02:00:11:22:33:44 192.168.1.1
|
||||
@@ -1 +0,0 @@
|
||||
# <file system> <mount point> <type> <options> <dump> <pass>
|
||||
@@ -1,45 +0,0 @@
|
||||
root:x:0:
|
||||
daemon:x:1:
|
||||
bin:x:2:
|
||||
sys:x:3:
|
||||
adm:x:4:
|
||||
tty:x:5:
|
||||
disk:x:6:
|
||||
lp:x:7:
|
||||
mail:x:8:
|
||||
dialout:x:20:
|
||||
audio:x:29:
|
||||
www-data:x:33:
|
||||
ftp:x:55:
|
||||
users:x:100:
|
||||
network:x:101:
|
||||
nogroup:x:65534:
|
||||
radio:x:1001:radio,system
|
||||
diag:x:2901:radio,diag
|
||||
inet:x:3003:radio
|
||||
net_admin:x:3005:radio
|
||||
system:x:1000:radio,system
|
||||
wifi:x:1010:radio,wifi,0
|
||||
netdev:x:996:radio
|
||||
net_raw:x:3004:radio
|
||||
kmsg:x:2902:radio
|
||||
locclient:x:4021:radio,locclient
|
||||
adb:x:2000:radio,adb
|
||||
qbt:x:2888:qbt
|
||||
ntp:x:123:ntp
|
||||
dnsmasq:x:453:dnsmasq
|
||||
ubi:x:3015:ubi
|
||||
gps:x:1021:gps
|
||||
logd:x:514:logd
|
||||
wakelock:x:3010:radio
|
||||
ubus:x:81:ubus
|
||||
media:x:2807:media
|
||||
input:x:1004:input
|
||||
qrtr:x:2906:qrtr
|
||||
rebooters:x:1301:diag
|
||||
leprop:x:5002:leprop
|
||||
readproc:x:3009:
|
||||
qwes:x:3013:
|
||||
sdcard:x:1015:
|
||||
disk:x:6:
|
||||
plugdev:x:272:system
|
||||
@@ -1,9 +0,0 @@
|
||||
127.0.0.1 localhost OpenWrt
|
||||
|
||||
# The following lines are desirable for IPv6 capable hosts
|
||||
::1 localhost ip6-localhost ip6-loopback
|
||||
fe00::0 ip6-localnet
|
||||
ff00::0 ip6-mcastprefix
|
||||
ff02::1 ip6-allnodes
|
||||
ff02::2 ip6-allrouters
|
||||
127.0.1.1 sdxlemur
|
||||
@@ -1,18 +0,0 @@
|
||||
[
|
||||
[ "case", "ACTION", {
|
||||
"add": [
|
||||
[ "if",
|
||||
[ "has", "FIRMWARE" ],
|
||||
[
|
||||
[ "exec", "/sbin/hotplug-call", "%SUBSYSTEM%" ],
|
||||
[ "load-firmware", "/lib/firmware" ],
|
||||
[ "return" ]
|
||||
]
|
||||
]
|
||||
]
|
||||
} ],
|
||||
[ "if",
|
||||
[ "eq", "SUBSYSTEM", "button" ],
|
||||
[ "exec", "/etc/rc.button/failsafe" ]
|
||||
]
|
||||
]
|
||||
@@ -1,87 +0,0 @@
|
||||
[
|
||||
[ "case", "ACTION", {
|
||||
"add": [
|
||||
[ "if",
|
||||
[ "and",
|
||||
[ "has", "MAJOR" ],
|
||||
[ "has", "MINOR" ]
|
||||
],
|
||||
[
|
||||
[ "if",
|
||||
[ "eq", "DEVNAME", "null" ],
|
||||
[
|
||||
[ "makedev", "/dev/%DEVNAME%", "0666" ],
|
||||
[ "exec", "/bin/ln", "-s", "/proc/self/fd/0", "/dev/stdin" ],
|
||||
[ "exec", "/bin/ln", "-s", "/proc/self/fd/1", "/dev/stdout" ],
|
||||
[ "exec", "/bin/ln", "-s", "/proc/self/fd/2", "/dev/stderr" ],
|
||||
[ "return" ]
|
||||
]
|
||||
],
|
||||
[ "if",
|
||||
[ "eq", "DEVNAME",
|
||||
[ "full", "ptmx", "zero", "tty", "net", "random", "urandom" ]
|
||||
],
|
||||
[
|
||||
[ "makedev", "/dev/%DEVNAME%", "0666" ],
|
||||
[ "return" ]
|
||||
]
|
||||
],
|
||||
[ "if",
|
||||
[ "regex", "DEVNAME", "^snd" ],
|
||||
[ "makedev", "/dev/%DEVNAME%", "0660", "audio" ]
|
||||
],
|
||||
[ "if",
|
||||
[ "regex", "DEVNAME", "^tty" ],
|
||||
[ "makedev", "/dev/%DEVNAME%", "0660", "dialout" ]
|
||||
],
|
||||
[ "if",
|
||||
[ "has", "DEVNAME" ],
|
||||
[ "makedev", "/dev/%DEVNAME%", "0600" ]
|
||||
]
|
||||
]
|
||||
],
|
||||
[ "if",
|
||||
[ "has", "FIRMWARE" ],
|
||||
[
|
||||
[ "exec", "/sbin/hotplug-call", "%SUBSYSTEM%" ],
|
||||
[ "load-firmware", "/lib/firmware" ],
|
||||
[ "return" ]
|
||||
]
|
||||
],
|
||||
[ "if",
|
||||
[ "regex", "DEVNAME", "^ttyGS" ],
|
||||
[ "start-console", "%DEVNAME%" ]
|
||||
]
|
||||
],
|
||||
"remove" : [
|
||||
[ "if",
|
||||
[ "and",
|
||||
[ "has", "DEVNAME" ],
|
||||
[ "has", "MAJOR" ],
|
||||
[ "has", "MINOR" ]
|
||||
],
|
||||
[ "rm", "/dev/%DEVNAME%" ]
|
||||
]
|
||||
]
|
||||
} ],
|
||||
[ "if",
|
||||
[ "and",
|
||||
[ "has", "BUTTON" ],
|
||||
[ "eq", "SUBSYSTEM", "button" ]
|
||||
],
|
||||
[ "button", "/etc/rc.button/%BUTTON%" ]
|
||||
],
|
||||
[ "if",
|
||||
[ "and",
|
||||
[ "eq", "SUBSYSTEM", "usb-serial" ],
|
||||
[ "regex", "DEVNAME",
|
||||
[ "^ttyUSB", "^ttyACM" ]
|
||||
]
|
||||
],
|
||||
[ "exec", "/sbin/hotplug-call", "tty" ],
|
||||
[ "if",
|
||||
[ "isdir", "/etc/hotplug.d/%SUBSYSTEM%" ],
|
||||
[ "exec", "/sbin/hotplug-call", "%SUBSYSTEM%" ]
|
||||
]
|
||||
]
|
||||
]
|
||||
@@ -1,41 +0,0 @@
|
||||
#!/bin/sh /etc/rc.common
|
||||
# Copyright (C) 2006-2011 OpenWrt.org
|
||||
|
||||
START=50
|
||||
|
||||
USE_PROCD=1
|
||||
PROG=/usr/sbin/crond
|
||||
|
||||
validate_cron_section() {
|
||||
uci_validate_section system system "${1}" \
|
||||
'cronloglevel:uinteger'
|
||||
}
|
||||
|
||||
start_service() {
|
||||
[ -z "$(ls /etc/crontabs/)" ] && return 1
|
||||
|
||||
loglevel="$(uci_get "system.@system[0].cronloglevel")"
|
||||
|
||||
[ -z "${loglevel}" ] || {
|
||||
/sbin/validate_data uinteger "${loglevel}" 2>/dev/null
|
||||
[ "$?" -eq 0 ] || {
|
||||
echo "validation failed"
|
||||
return 1
|
||||
}
|
||||
}
|
||||
|
||||
mkdir -p /var/spool/cron
|
||||
ln -s /etc/crontabs /var/spool/cron/ 2>/dev/null
|
||||
|
||||
procd_open_instance
|
||||
procd_set_param command "$PROG" -f -c /etc/crontabs -l "${loglevel:-5}"
|
||||
for crontab in /etc/crontabs/*; do
|
||||
procd_set_param file "$crontab"
|
||||
done
|
||||
procd_set_param respawn
|
||||
procd_close_instance
|
||||
}
|
||||
|
||||
service_triggers() {
|
||||
procd_add_validation validate_cron_section
|
||||
}
|
||||
@@ -1,282 +0,0 @@
|
||||
#!/bin/sh /etc/rc.common
|
||||
# Copyright (C) 2006-2010 OpenWrt.org
|
||||
# Copyright (C) 2006 Carlos Sobrinho
|
||||
|
||||
START=19
|
||||
STOP=50
|
||||
|
||||
USE_PROCD=1
|
||||
PROG=/usr/sbin/dropbear
|
||||
NAME=dropbear
|
||||
PIDCOUNT=0
|
||||
|
||||
extra_command "killclients" "Kill ${NAME} processes except servers and yourself"
|
||||
|
||||
_dropbearkey()
|
||||
{
|
||||
/usr/bin/dropbearkey "$@" 0<&- 1>&- 2>&-
|
||||
}
|
||||
|
||||
# $1 - host key file name
|
||||
hk_verify()
|
||||
{
|
||||
[ -f "$1" ] || return 1
|
||||
[ -s "$1" ] || return 2
|
||||
_dropbearkey -y -f "$1" || return 3
|
||||
return 0
|
||||
}
|
||||
|
||||
# $1 - hk_verify() return code
|
||||
hk_errmsg()
|
||||
{
|
||||
case "$1" in
|
||||
0) ;;
|
||||
1) echo "file does not exist" ;;
|
||||
2) echo "file has zero length" ;;
|
||||
3) echo "file is not valid host key or not supported" ;;
|
||||
*) echo "unknown error" ;;
|
||||
esac
|
||||
}
|
||||
|
||||
# $1 - config option
|
||||
# $2 - host key file name
|
||||
hk_config()
|
||||
{
|
||||
local x m
|
||||
hk_verify "$2"; x=$?
|
||||
case "$x" in
|
||||
0) procd_append_param command -r "$2"
|
||||
;;
|
||||
*) m=$(hk_errmsg "$x")
|
||||
logger -t "${NAME}" -p daemon.warn \
|
||||
"option '$1', value '$2': $m, skipping"
|
||||
;;
|
||||
esac
|
||||
}
|
||||
|
||||
# $1 - host key file name
|
||||
hk_config__keyfile()
|
||||
{
|
||||
hk_config 'keyfile' "$1"
|
||||
}
|
||||
|
||||
hk_generate_as_needed()
|
||||
{
|
||||
local kdir kgen ktype tdir kcount tfile
|
||||
kdir='/etc/dropbear'
|
||||
|
||||
kgen=''
|
||||
for ktype in ed25519 ecdsa rsa; do
|
||||
hk_verify "${kdir}/dropbear_${ktype}_host_key" && continue
|
||||
|
||||
kgen="${kgen} ${ktype}"
|
||||
done
|
||||
|
||||
[ -z "${kgen}" ] && return
|
||||
|
||||
tdir=$(mktemp -d); chmod 0700 "${tdir}"
|
||||
|
||||
kcount=0
|
||||
for ktype in ${kgen}; do
|
||||
tfile="${tdir}/dropbear_${ktype}_host_key"
|
||||
|
||||
if ! _dropbearkey -t ${ktype} -f "${tfile}"; then
|
||||
# unsupported key type
|
||||
rm -f "${tfile}"
|
||||
continue
|
||||
fi
|
||||
|
||||
kcount=$((kcount+1))
|
||||
done
|
||||
|
||||
if [ ${kcount} -ne 0 ]; then
|
||||
mkdir -p "${kdir}"; chmod 0700 "${kdir}"; chown root "${kdir}"
|
||||
mv -f "${tdir}/"* "${kdir}/"
|
||||
fi
|
||||
|
||||
rm -rf "${tdir}"
|
||||
}
|
||||
|
||||
append_ports()
|
||||
{
|
||||
local ipaddrs="$1"
|
||||
local port="$2"
|
||||
|
||||
[ -z "$ipaddrs" ] && {
|
||||
procd_append_param command -p "$port"
|
||||
return
|
||||
}
|
||||
|
||||
for addr in $ipaddrs; do
|
||||
procd_append_param command -p "$addr:$port"
|
||||
done
|
||||
}
|
||||
|
||||
validate_section_dropbear()
|
||||
{
|
||||
uci_load_validate dropbear dropbear "$1" "$2" \
|
||||
'PasswordAuth:bool:1' \
|
||||
'enable:bool:1' \
|
||||
'Interface:string' \
|
||||
'GatewayPorts:bool:0' \
|
||||
'RootPasswordAuth:bool:1' \
|
||||
'RootLogin:bool:1' \
|
||||
'rsakeyfile:file' \
|
||||
'keyfile:list(file)' \
|
||||
'BannerFile:file' \
|
||||
'Port:port:22' \
|
||||
'SSHKeepAlive:uinteger:300' \
|
||||
'IdleTimeout:uinteger:0' \
|
||||
'MaxAuthTries:uinteger:3' \
|
||||
'RecvWindowSize:uinteger:0' \
|
||||
'mdns:bool:1'
|
||||
}
|
||||
|
||||
dropbear_instance()
|
||||
{
|
||||
local ipaddrs
|
||||
|
||||
[ "$2" = 0 ] || {
|
||||
echo "validation failed"
|
||||
return 1
|
||||
}
|
||||
|
||||
[ -n "${Interface}" ] && {
|
||||
[ -n "${BOOT}" ] && return 0
|
||||
|
||||
network_get_ipaddrs_all ipaddrs "${Interface}" || {
|
||||
echo "interface ${Interface} has no physdev or physdev has no suitable ip"
|
||||
return 1
|
||||
}
|
||||
}
|
||||
|
||||
[ "${enable}" = "0" ] && return 1
|
||||
PIDCOUNT="$(( ${PIDCOUNT} + 1))"
|
||||
local pid_file="/var/run/${NAME}.${PIDCOUNT}.pid"
|
||||
|
||||
procd_open_instance
|
||||
procd_set_param command "$PROG" -F -P "$pid_file"
|
||||
[ "${PasswordAuth}" -eq 0 ] && procd_append_param command -s
|
||||
[ "${GatewayPorts}" -eq 1 ] && procd_append_param command -a
|
||||
[ "${RootPasswordAuth}" -eq 0 ] && procd_append_param command -g
|
||||
[ "${RootLogin}" -eq 0 ] && procd_append_param command -w
|
||||
if [ -n "${rsakeyfile}" ]; then
|
||||
logger -t ${NAME} -p daemon.warn \
|
||||
"option 'rsakeyfile' is considered to be deprecated and" \
|
||||
"will be removed in future releases, use 'keyfile' instead"
|
||||
hk_config 'rsakeyfile' "${rsakeyfile}"
|
||||
fi
|
||||
config_list_foreach "$1" "keyfile" hk_config__keyfile
|
||||
[ -n "${BannerFile}" ] && procd_append_param command -b "${BannerFile}"
|
||||
append_ports "${ipaddrs}" "${Port}"
|
||||
[ "${IdleTimeout}" -ne 0 ] && procd_append_param command -I "${IdleTimeout}"
|
||||
[ "${SSHKeepAlive}" -ne 0 ] && procd_append_param command -K "${SSHKeepAlive}"
|
||||
[ "${MaxAuthTries}" -ne 0 ] && procd_append_param command -T "${MaxAuthTries}"
|
||||
[ "${RecvWindowSize}" -gt 0 -a "${RecvWindowSize}" -le 1048576 ] && \
|
||||
procd_append_param command -W "${RecvWindowSize}"
|
||||
[ "${mdns}" -ne 0 ] && procd_add_mdns "ssh" "tcp" "$Port" "daemon=dropbear"
|
||||
procd_set_param respawn
|
||||
procd_close_instance
|
||||
}
|
||||
|
||||
load_interfaces()
|
||||
{
|
||||
config_get interface "$1" Interface
|
||||
config_get enable "$1" enable 1
|
||||
|
||||
[ "${enable}" = "1" ] && interfaces=" ${interface} ${interfaces}"
|
||||
}
|
||||
|
||||
boot()
|
||||
{
|
||||
BOOT=1
|
||||
start "$@"
|
||||
}
|
||||
|
||||
start_service()
|
||||
{
|
||||
hk_generate_as_needed
|
||||
|
||||
. /lib/functions.sh
|
||||
. /lib/functions/network.sh
|
||||
|
||||
config_load "${NAME}"
|
||||
config_foreach validate_section_dropbear dropbear dropbear_instance
|
||||
}
|
||||
|
||||
service_triggers()
|
||||
{
|
||||
local interfaces
|
||||
|
||||
procd_add_config_trigger "config.change" "dropbear" /etc/init.d/dropbear reload
|
||||
|
||||
config_load "${NAME}"
|
||||
config_foreach load_interfaces dropbear
|
||||
|
||||
[ -n "${interfaces}" ] && {
|
||||
for n in $interfaces ; do
|
||||
procd_add_interface_trigger "interface.*" $n /etc/init.d/dropbear reload
|
||||
done
|
||||
}
|
||||
|
||||
procd_add_validation validate_section_dropbear
|
||||
}
|
||||
|
||||
shutdown() {
|
||||
# close all open connections
|
||||
killall dropbear
|
||||
}
|
||||
|
||||
killclients()
|
||||
{
|
||||
local ignore=''
|
||||
local server
|
||||
local pid
|
||||
|
||||
# if this script is run from inside a client session, then ignore that session
|
||||
pid="$$"
|
||||
while [ "${pid}" -ne 0 ]
|
||||
do
|
||||
# get parent process id
|
||||
pid=$(cut -d ' ' -f 4 "/proc/${pid}/stat")
|
||||
[ "${pid}" -eq 0 ] && break
|
||||
|
||||
# check if client connection
|
||||
grep -F -q -e "${PROG}" "/proc/${pid}/cmdline" && {
|
||||
append ignore "${pid}"
|
||||
break
|
||||
}
|
||||
done
|
||||
|
||||
# get all server pids that should be ignored
|
||||
for server in $(cat /var/run/${NAME}.*.pid)
|
||||
do
|
||||
append ignore "${server}"
|
||||
done
|
||||
|
||||
# get all running pids and kill client connections
|
||||
local skip
|
||||
for pid in $(pidof "${NAME}")
|
||||
do
|
||||
# check if correct program, otherwise process next pid
|
||||
grep -F -q -e "${PROG}" "/proc/${pid}/cmdline" || {
|
||||
continue
|
||||
}
|
||||
|
||||
# check if pid should be ignored (servers, ourself)
|
||||
skip=0
|
||||
for server in ${ignore}
|
||||
do
|
||||
if [ "${pid}" = "${server}" ]
|
||||
then
|
||||
skip=1
|
||||
break
|
||||
fi
|
||||
done
|
||||
[ "${skip}" -ne 0 ] && continue
|
||||
|
||||
# kill process
|
||||
echo "${initscript}: Killing ${pid}..."
|
||||
kill -KILL ${pid}
|
||||
done
|
||||
}
|
||||
@@ -1,130 +0,0 @@
|
||||
#!/bin/sh /etc/rc.common
|
||||
# Copyright (C) 2011 OpenWrt.org
|
||||
|
||||
START=98
|
||||
|
||||
USE_PROCD=1
|
||||
PROG=/usr/sbin/ntpd
|
||||
HOTPLUG_SCRIPT=/usr/sbin/ntpd-hotplug
|
||||
|
||||
get_dhcp_ntp_servers() {
|
||||
local interfaces="$1"
|
||||
local filter="*"
|
||||
local interface ntpservers ntpserver
|
||||
|
||||
for interface in $interfaces; do
|
||||
[ "$filter" = "*" ] && filter="@.interface='$interface'" || filter="$filter,@.interface='$interface'"
|
||||
done
|
||||
|
||||
ntpservers=$(ubus call network.interface dump | jsonfilter -e "@.interface[$filter]['data']['ntpserver']")
|
||||
|
||||
for ntpserver in $ntpservers; do
|
||||
local duplicate=0
|
||||
local entry
|
||||
for entry in $server; do
|
||||
[ "$ntpserver" = "$entry" ] && duplicate=1
|
||||
done
|
||||
[ "$duplicate" = 0 ] && server="$server $ntpserver"
|
||||
done
|
||||
}
|
||||
|
||||
validate_ntp_section() {
|
||||
uci_load_validate system timeserver "$1" "$2" \
|
||||
'dhcp_interface:list(string)' \
|
||||
'enable_server:bool:0' \
|
||||
'enabled:bool:1' \
|
||||
'interface:string' \
|
||||
'server:list(host)' \
|
||||
'use_dhcp:bool:1'
|
||||
}
|
||||
|
||||
start_ntpd_instance() {
|
||||
local peer
|
||||
|
||||
[ "$2" = 0 ] || {
|
||||
echo "validation failed"
|
||||
return 1
|
||||
}
|
||||
|
||||
[ $enabled = 0 ] && return
|
||||
|
||||
[ $use_dhcp = 1 ] && get_dhcp_ntp_servers "$dhcp_interface"
|
||||
|
||||
[ -z "$server" -a "$enable_server" = "0" ] && return
|
||||
|
||||
procd_open_instance
|
||||
procd_set_param command "$PROG" -n -N
|
||||
if [ "$enable_server" = "1" ]; then
|
||||
procd_append_param command -l
|
||||
[ -n "$interface" ] && {
|
||||
local ifname
|
||||
|
||||
network_get_device ifname "$interface" || \
|
||||
ifname="$interface"
|
||||
procd_append_param command -I "$ifname"
|
||||
procd_append_param netdev "$ifname"
|
||||
}
|
||||
fi
|
||||
[ -x "$HOTPLUG_SCRIPT" ] && procd_append_param command -S "$HOTPLUG_SCRIPT"
|
||||
for peer in $server; do
|
||||
procd_append_param command -p $peer
|
||||
done
|
||||
procd_set_param respawn
|
||||
#[ -x /sbin/ujail -a -e /etc/capabilities/ntpd.json ] && {
|
||||
# procd_add_jail ntpd ubus
|
||||
# procd_add_jail_mount "$HOTPLUG_SCRIPT"
|
||||
# procd_add_jail_mount "/usr/share/libubox/jshn.sh"
|
||||
# procd_add_jail_mount "/usr/bin/env"
|
||||
# procd_add_jail_mount "/usr/bin/jshn"
|
||||
# procd_add_jail_mount "/bin/ubus"
|
||||
# procd_set_param capabilities /etc/capabilities/ntpd.json
|
||||
# procd_set_param user ntp
|
||||
# procd_set_param group ntp
|
||||
# procd_set_param no_new_privs 1
|
||||
#}
|
||||
procd_close_instance
|
||||
}
|
||||
|
||||
start_service() {
|
||||
. /lib/functions/network.sh
|
||||
validate_ntp_section ntp start_ntpd_instance
|
||||
}
|
||||
|
||||
service_triggers() {
|
||||
local script name use_dhcp enable_server interface
|
||||
|
||||
script=$(readlink -f "$initscript")
|
||||
name=$(basename ${script:-$initscript})
|
||||
|
||||
procd_add_config_trigger "config.change" "system" /etc/init.d/$name reload
|
||||
|
||||
config_load system
|
||||
config_get use_dhcp ntp use_dhcp 1
|
||||
|
||||
[ $use_dhcp = 1 ] && {
|
||||
local dhcp_interface
|
||||
config_get dhcp_interface ntp dhcp_interface
|
||||
|
||||
if [ -n "$dhcp_interface" ]; then
|
||||
for n in $dhcp_interface; do
|
||||
procd_add_interface_trigger "interface.*" $n /etc/init.d/$name reload
|
||||
done
|
||||
else
|
||||
procd_add_raw_trigger "interface.*" 1000 /etc/init.d/$name reload
|
||||
fi
|
||||
}
|
||||
|
||||
config_get_bool enable_server ntp enable_server 0
|
||||
config_get interface ntp interface
|
||||
|
||||
[ $enable_server -eq 1 ] && [ -n "$interface" ] && {
|
||||
local ifname
|
||||
|
||||
network_get_device ifname "$interface" || \
|
||||
ifname="$interface"
|
||||
procd_add_interface_trigger "interface.*" "$ifname" \
|
||||
/etc/init.d/"$name" reload
|
||||
}
|
||||
|
||||
procd_add_validation validate_ntp_section
|
||||
}
|
||||
@@ -1,5 +0,0 @@
|
||||
::sysinit:/etc/init.d/rcS S boot
|
||||
::shutdown:/etc/init.d/rcS K shutdown
|
||||
# avoid auto reboot by twice type ctrl+c
|
||||
#::askconsole:/usr/libexec/login.sh
|
||||
console::respawn:/usr/libexec/login.sh
|
||||
@@ -1,430 +0,0 @@
|
||||
#
|
||||
# /etc/login.defs - Configuration control definitions for the shadow package.
|
||||
#
|
||||
# $Id$
|
||||
#
|
||||
|
||||
#
|
||||
# Delay in seconds before being allowed another attempt after a login failure
|
||||
# Note: When PAM is used, some modules may enforce a minimum delay (e.g.
|
||||
# pam_unix(8) enforces a 2s delay)
|
||||
#
|
||||
FAIL_DELAY 3
|
||||
|
||||
#
|
||||
# Enable logging and display of /var/log/faillog login(1) failure info.
|
||||
#
|
||||
FAILLOG_ENAB yes
|
||||
|
||||
#
|
||||
# Enable display of unknown usernames when login(1) failures are recorded.
|
||||
#
|
||||
LOG_UNKFAIL_ENAB no
|
||||
|
||||
#
|
||||
# Enable logging of successful logins
|
||||
#
|
||||
LOG_OK_LOGINS no
|
||||
|
||||
#
|
||||
# Enable logging and display of /var/log/lastlog login(1) time info.
|
||||
#
|
||||
LASTLOG_ENAB yes
|
||||
|
||||
#
|
||||
# Limit the highest user ID number for which the lastlog entries should
|
||||
# be updated.
|
||||
#
|
||||
# No LASTLOG_UID_MAX means that there is no user ID limit for writing
|
||||
# lastlog entries.
|
||||
#
|
||||
#LASTLOG_UID_MAX
|
||||
|
||||
#
|
||||
# Enable checking and display of mailbox status upon login.
|
||||
#
|
||||
# Disable if the shell startup files already check for mail
|
||||
# ("mailx -e" or equivalent).
|
||||
#
|
||||
MAIL_CHECK_ENAB yes
|
||||
|
||||
#
|
||||
# Enable additional checks upon password changes.
|
||||
#
|
||||
OBSCURE_CHECKS_ENAB yes
|
||||
|
||||
#
|
||||
# Enable checking of time restrictions specified in /etc/porttime.
|
||||
#
|
||||
PORTTIME_CHECKS_ENAB yes
|
||||
|
||||
#
|
||||
# Enable setting of ulimit, umask, and niceness from passwd(5) gecos field.
|
||||
#
|
||||
QUOTAS_ENAB yes
|
||||
|
||||
#
|
||||
# Enable "syslog" logging of su(1) activity - in addition to sulog file logging.
|
||||
# SYSLOG_SG_ENAB does the same for newgrp(1) and sg(1).
|
||||
#
|
||||
SYSLOG_SU_ENAB yes
|
||||
SYSLOG_SG_ENAB yes
|
||||
|
||||
#
|
||||
# If defined, either full pathname of a file containing device names or
|
||||
# a ":" delimited list of device names. Root logins will be allowed only
|
||||
# from these devices.
|
||||
#
|
||||
CONSOLE /etc/securetty
|
||||
#CONSOLE console:tty01:tty02:tty03:tty04
|
||||
|
||||
#
|
||||
# If defined, all su(1) activity is logged to this file.
|
||||
#
|
||||
#SULOG_FILE /var/log/sulog
|
||||
|
||||
#
|
||||
# If defined, ":" delimited list of "message of the day" files to
|
||||
# be displayed upon login.
|
||||
#
|
||||
MOTD_FILE /etc/motd
|
||||
#MOTD_FILE /etc/motd:/usr/lib/news/news-motd
|
||||
|
||||
#
|
||||
# If defined, this file will be output before each login(1) prompt.
|
||||
#
|
||||
#ISSUE_FILE /etc/issue
|
||||
|
||||
#
|
||||
# If defined, file which maps tty line to TERM environment parameter.
|
||||
# Each line of the file is in a format similar to "vt100 tty01".
|
||||
#
|
||||
#TTYTYPE_FILE /etc/ttytype
|
||||
|
||||
#
|
||||
# If defined, login(1) failures will be logged here in a utmp format.
|
||||
# last(1), when invoked as lastb(1), will read /var/log/btmp, so...
|
||||
#
|
||||
FTMP_FILE /var/log/btmp
|
||||
|
||||
#
|
||||
# If defined, name of file whose presence will inhibit non-root
|
||||
# logins. The content of this file should be a message indicating
|
||||
# why logins are inhibited.
|
||||
#
|
||||
NOLOGINS_FILE /etc/nologin
|
||||
|
||||
#
|
||||
# If defined, the command name to display when running "su -". For
|
||||
# example, if this is defined as "su" then ps(1) will display the
|
||||
# command as "-su". If not defined, then ps(1) will display the
|
||||
# name of the shell actually being run, e.g. something like "-sh".
|
||||
#
|
||||
#SU_NAME su
|
||||
|
||||
#
|
||||
# *REQUIRED*
|
||||
# Directory where mailboxes reside, _or_ name of file, relative to the
|
||||
# home directory. If you _do_ define both, MAIL_DIR takes precedence.
|
||||
#
|
||||
MAIL_DIR /var/spool/mail
|
||||
#MAIL_FILE .mail
|
||||
|
||||
#
|
||||
# If defined, file which inhibits all the usual chatter during the login
|
||||
# sequence. If a full pathname, then hushed mode will be enabled if the
|
||||
# user's name or shell are found in the file. If not a full pathname, then
|
||||
# hushed mode will be enabled if the file exists in the user's home directory.
|
||||
#
|
||||
HUSHLOGIN_FILE .hushlogin
|
||||
#HUSHLOGIN_FILE /etc/hushlogins
|
||||
|
||||
#
|
||||
# If defined, either a TZ environment parameter spec or the
|
||||
# fully-rooted pathname of a file containing such a spec.
|
||||
#
|
||||
#ENV_TZ TZ=CST6CDT
|
||||
#ENV_TZ /etc/tzname
|
||||
|
||||
#
|
||||
# If defined, an HZ environment parameter spec.
|
||||
#
|
||||
# for Linux/x86
|
||||
ENV_HZ HZ=100
|
||||
# For Linux/Alpha...
|
||||
#ENV_HZ HZ=1024
|
||||
|
||||
#
|
||||
# *REQUIRED* The default PATH settings, for superuser and normal users.
|
||||
#
|
||||
# (they are minimal, add the rest in the shell startup files)
|
||||
ENV_SUPATH PATH=/sbin:/bin:/usr/sbin:/usr/bin
|
||||
ENV_PATH PATH=/bin:/usr/bin
|
||||
|
||||
#
|
||||
# Terminal permissions
|
||||
#
|
||||
# TTYGROUP Login tty will be assigned this group ownership.
|
||||
# TTYPERM Login tty will be set to this permission.
|
||||
#
|
||||
# If you have a write(1) program which is "setgid" to a special group
|
||||
# which owns the terminals, define TTYGROUP as the number of such group
|
||||
# and TTYPERM as 0620. Otherwise leave TTYGROUP commented out and
|
||||
# set TTYPERM to either 622 or 600.
|
||||
#
|
||||
TTYGROUP tty
|
||||
TTYPERM 0600
|
||||
|
||||
#
|
||||
# Login configuration initializations:
|
||||
#
|
||||
# ERASECHAR Terminal ERASE character ('\010' = backspace).
|
||||
# KILLCHAR Terminal KILL character ('\025' = CTRL/U).
|
||||
# ULIMIT Default "ulimit" value.
|
||||
#
|
||||
# The ERASECHAR and KILLCHAR are used only on System V machines.
|
||||
# The ULIMIT is used only if the system supports it.
|
||||
# (now it works with setrlimit too; ulimit is in 512-byte units)
|
||||
#
|
||||
# Prefix these values with "0" to get octal, "0x" to get hexadecimal.
|
||||
#
|
||||
ERASECHAR 0177
|
||||
KILLCHAR 025
|
||||
#ULIMIT 2097152
|
||||
|
||||
# Default initial "umask" value used by login(1) on non-PAM enabled systems.
|
||||
# Default "umask" value for pam_umask(8) on PAM enabled systems.
|
||||
# UMASK is also used by useradd(8) and newusers(8) to set the mode for new
|
||||
# home directories if HOME_MODE is not set.
|
||||
# 022 is the default value, but 027, or even 077, could be considered
|
||||
# for increased privacy. There is no One True Answer here: each sysadmin
|
||||
# must make up their mind.
|
||||
UMASK 022
|
||||
|
||||
# HOME_MODE is used by useradd(8) and newusers(8) to set the mode for new
|
||||
# home directories.
|
||||
# If HOME_MODE is not set, the value of UMASK is used to create the mode.
|
||||
#HOME_MODE 0700
|
||||
|
||||
#
|
||||
# Password aging controls:
|
||||
#
|
||||
# PASS_MAX_DAYS Maximum number of days a password may be used.
|
||||
# PASS_MIN_DAYS Minimum number of days allowed between password changes.
|
||||
# PASS_MIN_LEN Minimum acceptable password length.
|
||||
# PASS_WARN_AGE Number of days warning given before a password expires.
|
||||
#
|
||||
PASS_MAX_DAYS 99999
|
||||
PASS_MIN_DAYS 0
|
||||
PASS_MIN_LEN 5
|
||||
PASS_WARN_AGE 7
|
||||
|
||||
#
|
||||
# If "yes", the user must be listed as a member of the first gid 0 group
|
||||
# in /etc/group (called "root" on most Linux systems) to be able to "su"
|
||||
# to uid 0 accounts. If the group doesn't exist or is empty, no one
|
||||
# will be able to "su" to uid 0.
|
||||
#
|
||||
SU_WHEEL_ONLY no
|
||||
|
||||
#
|
||||
# If compiled with cracklib support, sets the path to the dictionaries
|
||||
#
|
||||
CRACKLIB_DICTPATH /var/cache/cracklib/cracklib_dict
|
||||
|
||||
#
|
||||
# Min/max values for automatic uid selection in useradd(8)
|
||||
#
|
||||
UID_MIN 1000
|
||||
UID_MAX 60000
|
||||
# System accounts
|
||||
SYS_UID_MIN 101
|
||||
SYS_UID_MAX 999
|
||||
# Extra per user uids
|
||||
SUB_UID_MIN 100000
|
||||
SUB_UID_MAX 600100000
|
||||
SUB_UID_COUNT 65536
|
||||
|
||||
#
|
||||
# Min/max values for automatic gid selection in groupadd(8)
|
||||
#
|
||||
GID_MIN 1000
|
||||
GID_MAX 60000
|
||||
# System accounts
|
||||
SYS_GID_MIN 101
|
||||
SYS_GID_MAX 999
|
||||
# Extra per user group ids
|
||||
SUB_GID_MIN 100000
|
||||
SUB_GID_MAX 600100000
|
||||
SUB_GID_COUNT 65536
|
||||
|
||||
#
|
||||
# Max number of login(1) retries if password is bad
|
||||
#
|
||||
LOGIN_RETRIES 5
|
||||
|
||||
#
|
||||
# Max time in seconds for login(1)
|
||||
#
|
||||
LOGIN_TIMEOUT 60
|
||||
|
||||
#
|
||||
# Maximum number of attempts to change password if rejected (too easy)
|
||||
#
|
||||
PASS_CHANGE_TRIES 5
|
||||
|
||||
#
|
||||
# Warn about weak passwords (but still allow them) if you are root.
|
||||
#
|
||||
PASS_ALWAYS_WARN yes
|
||||
|
||||
#
|
||||
# Number of significant characters in the password for crypt().
|
||||
# Default is 8, don't change unless your crypt() is better.
|
||||
# Ignored if MD5_CRYPT_ENAB set to "yes".
|
||||
#
|
||||
#PASS_MAX_LEN 8
|
||||
|
||||
#
|
||||
# Require password before chfn(1)/chsh(1) can make any changes.
|
||||
#
|
||||
CHFN_AUTH yes
|
||||
|
||||
#
|
||||
# Which fields may be changed by regular users using chfn(1) - use
|
||||
# any combination of letters "frwh" (full name, room number, work
|
||||
# phone, home phone). If not defined, no changes are allowed.
|
||||
# For backward compatibility, "yes" = "rwh" and "no" = "frwh".
|
||||
#
|
||||
CHFN_RESTRICT rwh
|
||||
|
||||
#
|
||||
# Password prompt (%s will be replaced by user name).
|
||||
#
|
||||
# XXX - it doesn't work correctly yet, for now leave it commented out
|
||||
# to use the default which is just "Password: ".
|
||||
#LOGIN_STRING "%s's Password: "
|
||||
|
||||
#
|
||||
# Only works if compiled with MD5_CRYPT defined:
|
||||
# If set to "yes", new passwords will be encrypted using the MD5-based
|
||||
# algorithm compatible with the one used by recent releases of FreeBSD.
|
||||
# It supports passwords of unlimited length and longer salt strings.
|
||||
# Set to "no" if you need to copy encrypted passwords to other systems
|
||||
# which don't understand the new algorithm. Default is "no".
|
||||
#
|
||||
# Note: If you use PAM, it is recommended to use a value consistent with
|
||||
# the PAM modules configuration.
|
||||
#
|
||||
# This variable is deprecated. You should use ENCRYPT_METHOD instead.
|
||||
#
|
||||
#MD5_CRYPT_ENAB no
|
||||
|
||||
#
|
||||
# Only works if compiled with ENCRYPTMETHOD_SELECT defined:
|
||||
# If set to MD5, MD5-based algorithm will be used for encrypting password
|
||||
# If set to SHA256, SHA256-based algorithm will be used for encrypting password
|
||||
# If set to SHA512, SHA512-based algorithm will be used for encrypting password
|
||||
# If set to BCRYPT, BCRYPT-based algorithm will be used for encrypting password
|
||||
# If set to DES, DES-based algorithm will be used for encrypting password (default)
|
||||
# Overrides the MD5_CRYPT_ENAB option
|
||||
#
|
||||
# Note: If you use PAM, it is recommended to use a value consistent with
|
||||
# the PAM modules configuration.
|
||||
#
|
||||
ENCRYPT_METHOD BCRYPT
|
||||
|
||||
#
|
||||
# Only works if ENCRYPT_METHOD is set to SHA256 or SHA512.
|
||||
#
|
||||
# Define the number of SHA rounds.
|
||||
# With a lot of rounds, it is more difficult to brute-force the password.
|
||||
# However, more CPU resources will be needed to authenticate users if
|
||||
# this value is increased.
|
||||
#
|
||||
# If not specified, the libc will choose the default number of rounds (5000).
|
||||
# The values must be within the 1000-999999999 range.
|
||||
# If only one of the MIN or MAX values is set, then this value will be used.
|
||||
# If MIN > MAX, the highest value will be used.
|
||||
#
|
||||
#SHA_CRYPT_MIN_ROUNDS 5000
|
||||
#SHA_CRYPT_MAX_ROUNDS 5000
|
||||
|
||||
#
|
||||
# Only works if ENCRYPT_METHOD is set to BCRYPT.
|
||||
#
|
||||
# Define the number of BCRYPT rounds.
|
||||
# With a lot of rounds, it is more difficult to brute-force the password.
|
||||
# However, more CPU resources will be needed to authenticate users if
|
||||
# this value is increased.
|
||||
#
|
||||
# If not specified, 13 rounds will be attempted.
|
||||
# If only one of the MIN or MAX values is set, then this value will be used.
|
||||
# If MIN > MAX, the highest value will be used.
|
||||
#
|
||||
#BCRYPT_MIN_ROUNDS 13
|
||||
#BCRYPT_MAX_ROUNDS 13
|
||||
|
||||
#
|
||||
# List of groups to add to the user's supplementary group set
|
||||
# when logging in from the console (as determined by the CONSOLE
|
||||
# setting). Default is none.
|
||||
#
|
||||
# Use with caution - it is possible for users to gain permanent
|
||||
# access to these groups, even when not logged in from the console.
|
||||
# How to do it is left as an exercise for the reader...
|
||||
#
|
||||
#CONSOLE_GROUPS floppy:audio:cdrom
|
||||
|
||||
#
|
||||
# Should login be allowed if we can't cd to the home directory?
|
||||
# Default is no.
|
||||
#
|
||||
DEFAULT_HOME yes
|
||||
|
||||
#
|
||||
# If this file exists and is readable, login environment will be
|
||||
# read from it. Every line should be in the form name=value.
|
||||
#
|
||||
ENVIRON_FILE /etc/environment
|
||||
|
||||
#
|
||||
# If defined, this command is run when removing a user.
|
||||
# It should remove any at/cron/print jobs etc. owned by
|
||||
# the user to be removed (passed as the first argument).
|
||||
#
|
||||
#USERDEL_CMD /usr/sbin/userdel_local
|
||||
|
||||
#
|
||||
# Enable setting of the umask group bits to be the same as owner bits
|
||||
# (examples: 022 -> 002, 077 -> 007) for non-root users, if the uid is
|
||||
# the same as gid, and username is the same as the primary group name.
|
||||
#
|
||||
# This also enables userdel(8) to remove user groups if no members exist.
|
||||
#
|
||||
USERGROUPS_ENAB yes
|
||||
|
||||
#
|
||||
# If set to a non-zero number, the shadow utilities will make sure that
|
||||
# groups never have more than this number of users on one line.
|
||||
# This permits to support split groups (groups split into multiple lines,
|
||||
# with the same group ID, to avoid limitation of the line length in the
|
||||
# group file).
|
||||
#
|
||||
# 0 is the default value and disables this feature.
|
||||
#
|
||||
#MAX_MEMBERS_PER_GROUP 0
|
||||
|
||||
#
|
||||
# If useradd(8) should create home directories for users by default (non
|
||||
# system users only).
|
||||
# This option is overridden with the -M or -m flags on the useradd(8)
|
||||
# command-line.
|
||||
#
|
||||
#CREATE_HOME yes
|
||||
|
||||
#
|
||||
# Force use shadow, even if shadow passwd & shadow group files are
|
||||
# missing.
|
||||
#
|
||||
#FORCE_SHADOW yes
|
||||
Some files were not shown because too many files have changed in this diff Show More
Reference in New Issue
Block a user