software: backfire 10.03+ Xwrt

Right now,when the firstboot after flash the firmware, i have to first open a web UI to set a password for the user "root", after that,i could use SSH to login the system with the user name "root" and the password i set before, it is kind of complex.
so i want to set a default password for the user "root" into the firmware, so that i dont need to open web UI to set the password after the firstboot.

What i did is, first i read the script source code of Xwrt about how to set the "root" password, it use the command "passwd" in the following way:

(
echo "12345678"
sleep 1
echo "12345678"
)|passwd root
this will set the root's password to "12345678".
and also, i see the default file /etc/passwd said that, before setting a password to root , the password section of root will be a '!' like:
root:!:0:0:root:/root:/bin/ash  (in the default /etc/passwd)

so i create a script named "setpass.sh", and execute it in /etc/rc.local , what i want is if there is no password set to root, create a password "12345678" to it , but if there is a password of root, do not do anything.

#!/bin/sh
var=`grep  '^root:' /etc/passwd | cut -d: -f2 `
if [ $var='!']
then
(
         echo "12345678"
         sleep 1
         echo "12345678"
)|passwd root
fi

it works, but only achiver half of my purpose. when there is no root password , it will set it to "12345678" (for example,the firstboot after flash firmware).  but if i change the  root password to other string through ssh, after reboot, it will set root password to "12345678" again!!! which means the if[ $var='!' ] does not work!
right now,what i want to know is  is there anyother way to set a default root password rather than what i did???
why if [ $var='!' ] does not work??? is there some mistake in my script or at the boot time, the /etc/passwd always display "root:!:0:0:root:/root:/bin/ash" ???

Hi!

Your condition in the if command is wrong. The right script is:

#!/bin/sh
var=`grep  '^root:' /etc/passwd | cut -d: -f2 `
if [ "$var" == "!" ]
then
(
         echo "12345678"
         sleep 1
         echo "12345678"
)|passwd root
fi

But I think, that you can modify directly the package/base-files/files/etc/passwd file before you build the firmware.

vargalex

(Last edited by vargalex on 31 May 2012, 08:06)

hello vargalex:
i tried the script u gave, it doesnt work even for the set the init password.
and also,how to modify the original /etc/passwd? the password are all encrypted, it is not easy to set a right one.
thank u for ur responce~

Hi!

Have you tired the BackFire 10.03 version?

I think (I have not tested), when you set the password on the router, and then copy the encrypted password from passwd file, than you can this paste to /package/base-files/files/etc/passwd file in your source.

Tried this but unfortunately it does not work. I am fiddling with the image generator as of trunk revision 30980.

What I did is dropping the passwd file of an alreay setup box into the custom file folder of the image generator.
It shows up in /etc on the target system but telnet is still working and the password has to be set manually.

Would be neat if setting the pw to a default one an disabling telnet was possible.
Cheers,
Mario

Put "passwd" and "shadow" into your soruce :
[openwrt]/files/etc/

e.g. ~/openwrt/trunk/files/etc/

No need to put that script into your build.

Moreover you can also set the router default IP to something other than 192.168.1.1

(Last edited by johan666 on 8 Jun 2012, 09:18)

Worked like a charm. Thanks a lot!

Thanks a lot !! Worked very well.

I have this problem too! But i don't understand "put passwd and shadow...", what's the meaning of this? Put file or something?

Yes. Custom files can be included in the binary firmware image, when you build it.
http://wiki.openwrt.org/doc/howto/build#custom.files

So, you can include a custom /etc/passwd and /etc/shadow in your firmware.

(Last edited by hnyman on 27 Aug 2013, 08:03)

First, thanks your reply!
I still do not understand, include a custom "/etc/passwd" file, or change the "package/base-file/etc/passwd" file, what's the different?
My question is  the password is encrypted, it is not easy to set a right one.

The password file is naturally encrypted, like all Linux password files.
In practice you need to set the password in a live system system and then copy that encrypted passwd (and shadow) file to the build system for the next firmware.

The working way is to place custom /etc/passwd and /etc/shadow files in the firmware (following the advice in this thread and in wiki). That file gets included in the firmware just before the image generation. Forget about modifying base-files.

(Last edited by hnyman on 27 Aug 2013, 08:19)

I see. Thanks a lot!

Hello everybody.

On 15.05 i can't change password using the script:

result is :

Packages installed: shadow*, sudoers.

How to change pass in script?

If you can generate your password hash you can use awk to manipulate the /etc/shadow file directly. The following works for me on 15.05 and trunk:

awk -F: -v OFS=: -v p="your-hash-here" '$1=="root"{$2=p}1' /etc/shadow > /tmp/shadow
mv /tmp/shadow /etc/shadow

Just make sure to escape all dollar-signs on the hash with backslashes.

UPDATE: I used awk for a while as it was the first thing which popped up when I googled on how to automate /etc/shadow manipulation, but the following one-liner also seems to work:

sed -i 's|^root::|root:your-hash-here:|' /etc/shadow

In this case you don't need to escape dollar-signs.

(Last edited by stangri on 11 Feb 2016, 18:59)

i wrote this little lua script for setting user passwords, however, LuCI MUST be install for it to function

"/usr/bin/set_passwd"

local sys = require "luci.sys"

function set_password(user,pass)
  sys.user.setpasswd(user,pass)
 return
end

if #arg == 2 then set_password(...) else print("\nUSAGE:\n\tset_passwd <user> <password>\n") end

you can use it from the cmd line like..

lua set_passwd <user> <password>

ie ... lua set_passwd root toor

to use it to set the initial password on firstboot you can use it in combination with a uci default script
01_set_passwd

#!/bin/sh
lua set_passwd root <your_password>
exit 0

just add the "files" directory to the top level of your openwrt directory, the add these two scripts

openwrt/files/usr/bin/set_passwd
openwrt/file/etc/uci-defaults

the password with be set on initial boot and then the uci-default script will be discarded

(Last edited by hostle19 on 12 Feb 2016, 14:20)

to use it from a script you could make a few simple edits so the calling script can tell if the password was set successfully or not ...

local sys = require "luci.sys"

function set_password(user,pass)
  sys.user.setpasswd(user,pass)
 print(0)
 return
end

if #arg == 2 then set_password(...) else print(1) end

#!/bin/sh

USER="root"
PASS="toor"

SET=`lua set_passwd $USER $PASS`

if [ $SET == 0 ]
then 
    echo "SUCCESS"
    exit 0
else
    echo "FAILED"
    exit 1
fi

(Last edited by hostle19 on 12 Feb 2016, 05:37)