On Sat, 8 Apr 2006, Brian Smucker wrote:
> > I am not familiar with dropbear but most ssl applications prohibit
> > root login which is a good thing. Look in your configuration file and
> > I would bet there is an entry similar to rootlogin=no.
> >
> I can log in as root using my password. The problem is when I attempt
> to do so using the public-key. So it's not that root login is prohibited.
>
> I would be very happy to remove the ability to login as root, but
> without su (busybox) working, I can't get root privileges. Can someone
> help me get su working? It gives me the message "This applet requires
> root privileges".
Some commands need to have root privileges. This is normally done by
setting the "s"etuid bit in the executables permissions, and having the
executable owned by root - see
http://www.newlinuxuser.com/explain-what-is-setuid-and-setgid/
So if you want to, you could set the setuid bit on the busybox
executable...
# chmod u+s /bin/busybox
make sure it is owned by root
# chown root.root /bin/busybox
And then su will work for a "normal" user.
HOWEVER - I wouldn't personally make busybox setuid. It contains far too
many functions that could allow people to get root permissions if there
were bugs within busybox.
There is a subset of busybox functionality call tinylogin, see
http://tinylogin.busybox.net/
You could install that, make that executable setuid, and relink su/login
etc to tinylogin. That would limit the risk.
Jim
p.s. I have passwordless root login to my ts7200 working fine.
Yahoo! Groups Links
<*> To visit your group on the web, go to:
http://groups.yahoo.com/group/ts-7000/
<*> To unsubscribe from this group, send an email to:
<*> Your use of Yahoo! Groups is subject to:
http://docs.yahoo.com/info/terms/
|