Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.


Topics - hiryu

Pages: [1]
1
Firmware / annoying missing sshd corner case with manually edited users
« on: February 21, 2020, 12:15:33 am »
After some back and forth on twitter, the notes have been updated:
https://twitter.com/RaptorCompSys/status/1230723235961917440

But I will give a run down on how this seemed to occur to me.
a. /etc/passwd- was giving me a random "stale file handle" issue... Which was preventing me from writing to /etc/passwd, as /etc/passwd could not be backed up to /etc/passwd-
b. Restarting the BMC fixed this so this "stale file handle" issue is intermittent?
c. Ultimately the issue here is that /etc/passwd is persistent and I had added a user. The new version of the file which can be found here: /run/initramfs/ro/etc/passwd, has the sshd user.

From here... it's clear that useradd is _really_ broken. It complains:
useradd: PAM: Permission denied

Probably needs to be built without PAM support?

adduser won't give you a list of options it accepts and it's the busybox version so who knows? Turns out it seems to _mostly_ have parity with Debian 10's adduser.

Here is how I ultimately was able to get this working:
1. addgroup --system sshd
2. adduser --system --home /var/run/sshd --shell /bin/false sshd (ignore the error about the sshd group)
3. usermod -g sshd sshd
4. chown root:root /var/run/sshd

Theoretically and ideally, the above steps should be performed BEFORE the upgrade to avoid having to hook up a serial cable.

My steps won't provide the same UID/GID as in the release notes, but will use the next available system UID/GID, which will work just as well. You could also modify the user or add some CLI switches to match Raptor's settings.

(edited to make minor fix to step 2 adduser command)

Pages: [1]