world leader in high performance signal processing
Trace: » managing_users

Managing Users

It is often said that running as root or superuser on your desktop is bad idea, the same is true in your embedded environment. While many people just leave root as the only user in the embedded system, it should be understood that while this may be an acceptable practice, managing users in uClinux is the same as any other Linux system. To manage users, there are a few commands and files which you should understand. Many of these are part of Busybox, and can be compiled into or left out of the uClinux-dist.

Commands

addgroup
adds a group to the system Busybox Man
adduser
adds a user to the system Busybox Man
delgroup
deletes a group from the system Busybox Man
deluser
deletes a user from the system Busybox Man
getty
opens a tty, prompts for a login name, then invokes /bin/login Busybox Man
last
show a listing of the last logged in users Busybox Man
login
start a session on the system Busybox Man
logname
print the user’s login name Busybox Man
su
run a shell or command as a different user or group Busybox Man
sulogin
launch a single-user login Busybox Man
whoami
print the effective user Busybox Man

Files

/etc/passwd
Where the user's name, and other pertinent information are stored. This includes the password unless your system is using shadow passwords.
/etc/shadow
Where the user's password is stored if you are using shadow passwords.
/etc/group
Where group names are stored.
/etc/aliases
Where the user's name is matched to a nickname for e-mail.

Compiling Support into the uClinux-dist

Most of the utilities needed to properly manage users/groups can be found in Customize Vendor/User Settings → BusyBox → All of these utilties have two options:

  • use the system's password and group functions. And if you are using the GNU C library (glibc), you will then need to install the /etc/nsswitch.conf configuration file and the required /lib/libnss_* libraries in order for the password and group functions to work. This generally makes your embedded system quite a bit larger.
  • allow busybox to directly access the system's /etc/password, and /etc/group files. When this option is enabled, you will not be able to use PAM to access remote LDAP password servers. And if you want hostname resolution to work with glibc, you still need the /lib/libnss_* libraries.

This option is called Use internal password and group functions rather than system functions, and should be set for normal systems.

addgroup
adduser
delgroup
deluser
getty
last
login
logname
su
sulogin
whoami

Packaging Files

The easiest way to package the password databases with your default image is to first boot the system and set the passwords to what you want. Then copy the files off the board and into the uClinux-dist build system. Typically this will be uclinux-dist/vendor/<vendor>/<board>/passwd. Then next time you run `make`, the file will be installed into your romfs/ tree automatically.

Requiring Login

You will first need to enable the getty and login programs (either the standalone or busybox versions).

If you want to enable a login prompt on your console, then modify the /etc/inittab file (typically found at uclinux-dist/vendor/<vendor>/<board>/inittab) to include a line for your console device. Assuming you use ttyBF0 by default, it would look like:

ttyBF0::respawn:/bin/getty -L ttyBF0 57600 vt100

Obviously you'll want to change the 57600 to the baud rate you want to use.

Telnet by default will automatically start using login if it detects it in the system $PATH, so you shouldn't need to configure things there.

Examples

Adding a User

Add a user foo with default options:

root:~> adduser foo

Add a user fooie with a custom homedir:

root:~> adduser -d /var/fooie fooie

Add a user mooie with a custom shell:

root:~> adduser -s /bin/false mooie

Changing a Password

Change the active user's password:

root:~> passwd

Change the password of the user foo:

root:~> passwd foo

Removing a User

Delete the user foo:

root:~> deluser foo

More Information

For a good introductory book, you may want to look at Linux in a Nutshell.