The content of this topic has been archived on 19 Apr 2018. There are no obvious gaps in this topic, but there may still be some posts missing at the end.
Would it be possible to change the default build of busy box to include the login and password management tools? It seems like too many packages need their own unprivileged user which is difficult to manage with out these tools.
Almost every release of White Russian I have to rebuild busybox to include these tools. Just the add/del user and group tools add a mere 10k.
You can do it yourself while configuring the openwrt buildroot in the make menuconfig step. See OpenWrt Packages > Busybox configuration
That's exactly what I've been doing. But it seems that I end up doing this on every release. That is why the request to make the change to the default build for White Russian.
With all the added services that can be run on OpenWRT running everything as root is quite the risk on an appliance that is also playing firewall. Configuring unpriviledged users for each service is at least a step in the right direction to make the router secure.
Chip
When customizing your busybox configuration, you can also save it in package/busybox/config/
That's exactly what I've been doing. But it seems that I end up doing this on every release. That is why the request to make the change to the default build for White Russian.
With all the added services that can be run on OpenWRT running everything as root is quite the risk on an appliance that is also playing firewall. Configuring unpriviledged users for each service is at least a step in the right direction to make the router secure.
Chip
Adding useradd/groupadd/... whatever, had nothing todo with using unpriviledged users for services.
Just use vi or echo to add new users/groups. 10k is to much. We would like to add some generic postinst/preremove
scripts for packages. Just haven't the time for it. Patches are welcome.
The discussion might have continued from here.