2

I'm using buildroot for an embedded product. I've added my own password-protected user via the BR2_ROOTFS_USERS_TABLES option, and that's working fine.

Problem: buildroot continues to add user and admin users to the system, and they have no passwords. These are not part of the skeleton file system, but seem to be explicitly added during the build process, although darned if I can figure out where. Plus, even when I disable BR2_TARGET_ENABLE_ROOT_LOGIN, I'm still allowed to login as root.

How can I get rid of the default user and admin users? Alternatively, how can I set their passwords to something long and unguessable?

Edit: I just discovered that removing 

BR2_TARGET_ENABLE_ROOT_LOGIN=y

from my BR2_TARGET_ENABLE_ROOT_LOGIN file isn't enough; the file has to include the line 

# BR2_TARGET_ENABLE_ROOT_LOGIN is not set

... or the built .config file will still have BR2_TARGET_ENABLE_ROOT_LOGIN=y in it. But, even after I corrected this and did a clean rebuild, my resulting system still has no-password root logins, and both user and admin accounts with empty passwords.

Daniel Griscom
  • 1,834
  • 2
  • 26
  • 50
  • Recursive grep is your friend. It might take a few minutes, but you should be able to find where this is coming from. Look both for the user id's and the passwd / shadow file origins. – Chris Stratton Oct 17 '18 at 15:15
  • @ChrisStratton Good idea, but been there/done that. There are 1300 "user"s in the codebase, and although there are only 31 "admin"s, none look apropos. And, the user IDs are almost certainly calculated from a base of 1000, and there are 2762 "1000"s. – Daniel Griscom Oct 17 '18 at 15:24

3 Answers3

2

Have you done a clean build after disabling BR2_TARGET_ENABLE_ROOT_LOGIN? I've always had problems trying to rebuild the skeleton package.

I've never seen a buildroot user named user or admin. A grep through my buildroot packages also doesn't show any such user defined: awk '/define.*_USERS/,/endef/' package/*/*mk Can you run the same on your system and be sure to include any custom *.mk files you have?

Is it possible that user and admin are leftover from earlier attempts to create your own password-protected users? Again, a clean build would help that.

cj8scrambler
  • 96
  • 7
  • Nice awk script! Unfortunately, it didn't find anything relevant. – Daniel Griscom Oct 24 '18 at 02:24
  • As I describe in the new edit to my questions, it turns out I hadn't really turned off `BR2_TARGET_ENABLE_ROOT_LOGIN=y`. But, even after I did it correctly, a clean build still has `root`, `user` and `admin` accounts. (Bummer.) – Daniel Griscom Oct 24 '18 at 02:25
2

As observed in other answers, nothing in Buildroot adds admin or user users.

Users may be added to /etc/passwd in four places:

  • The file /etc/passwd in the skeleton. If you have a custom skeleton, it may come from there.
  • The users table that is constructed from packages and filesystems. You can see what is in there in output/build/buildroot-fs/users_table.txt (or, in your old version of Buildroot, in output/build/_users_table.txt).
  • A file /etc/passwd that is present in your custom filesystem overlay.
  • Any manipulations done on /etc/passwd by a post-build script.

It is also possible (though not intended) that a package updates /etc/passwd directly. If that is the case, you will see it appear in output/build/packages-file-list.txt.

Arnout
  • 2,927
  • 16
  • 24
1

Are you sure you're using the official Buildroot ? The official Buildroot has a default /etc/passwd at https://git.buildroot.org/buildroot/tree/system/skeleton/etc/passwd and it doesn't contain any admin or user users.

Thomas Petazzoni
  • 5,636
  • 17
  • 25
  • I'm using Buildroot 2016.11.3, and yes, the skeleton `/etc/passwd` file doesn't have `admin` or `user` users. However, these users are somehow added during the build process. – Daniel Griscom Oct 18 '18 at 10:48