[ELDK] Read-only root filesystem, devices and root access
Detlev Zundel
dzu at denx.de
Mon Jun 30 17:48:17 CEST 2008
Hi Giuseppe,
> On 24 Jun 2008 at 10:37, Giuseppe Modugno wrote:
>> In order to solve the problem of ptys (I'd like to use telnet) I made
>> symbolic links
>> /dev/ptyp0 ---> /tmpfs/dev/ptyp0
>> /dev/ptyp1 ---> /tmpfs/dev/ptyp1
>> ...
>> /dev/ttyp0 ---> /tmpfs/dev/ttyp0
>> /dev/ttyp1 ---> /tmpfs/dev/ttyp1
>> ...
>> Of course, /tmpfs is a read-write tmpfs filesystem I populate in
>> rc.sh.
> [CUT]
>
> Oh, I'm sorry. I was working with /dev/ttyp0 as a real device file
> and not a symbolic link to /tmpfs/dev/ttyp0.
> Now I corrected this and root login by telnet isn't working anymore,
> neither on first attempt nor on the second attempt.
>
> So I think symbolic links can't be written in /etc/securetty. In my
> case I must write
> /tmpfs/dev/ttyp0
> /tmpfs/dev/ttyp1
> ...
> that is very bad.
Why is that bad? /etc/securetty lists the allowed *devices* where you
can login. A symlink is _not_ a device, so this makes complete sense to
me.
If you look closer into the sources, you'll notice that login which
performs the pam check, uses ttyname(0) to find its terminal. ttyname()
is specified to return the name of the terminal *device*, so again,
everything perfectly normal here.
In the end you will have to specify the full device file name in
/etc/securetty. I just checked and I do not have any problems with
either the first or subsequent logins even with device nodes not in /dev
as long as I specify them in securetty.
> The best way is to login as a normal user and change to root by su
> command (I know, definitevely the best is ssh).
I don't know why this should be the best way.
> By the way, I noticed SELF package contains busybox without su
> support. Is that correct? Why?
The busybox configuration is only a sample configuration. Most users
will modify it anyway, so there is not a "correct" or "incorrect"
configuration. Maybe the fact that you are the first to complain about
this problem as long as I can remember prooves the fact ;)
Cheers
Detlev
--
C hasn't changed much since the 1970s. And let's face it it's ugly.
Can't we do better? C++? (Sorry, never mind.)
-- Rob Pike
--
DENX Software Engineering GmbH, MD: Wolfgang Denk & Detlev Zundel
HRB 165235 Munich, Office: Kirchenstr.5, D-82194 Groebenzell, Germany
Phone: (+49)-8142-66989-40 Fax: (+49)-8142-66989-80 Email: dzu at denx.de
More information about the eldk
mailing list