Root access

m (The R&S way (Nokia 770 only) (Linux or Mac OS X needed))
Line 138: Line 138:
*[http://www.chiark.greenend.org.uk/~sgtatham/putty/ PuTTY], etc...
*[http://www.chiark.greenend.org.uk/~sgtatham/putty/ PuTTY], etc...
-
= The R&S way (Nokia 770 only) (Linux or Mac OS X needed) =
+
= The R&D way (Nokia 770 only) (Linux or Mac OS X needed) =
You can enable the Research &amp; Development mode (R&amp;D or RD mode) on the 770, which enables you to execute <code>sudo gainroot</code> to get a root shell.
You can enable the Research &amp; Development mode (R&amp;D or RD mode) on the 770, which enables you to execute <code>sudo gainroot</code> to get a root shell.

Revision as of 13:12, 13 June 2008

Image:Ambox_content.png
This is an article from the old midgard wiki that hasn't yet been fully updated for this wiki, please update it.
Please see the talk page for discussion.


OK, first, the disclaimer: Doing whatever is stated on this page is not endorsed by Nokia in any way.

Warning: There have been reports of display failures (white with dim vertical stripes) after disabling rd mode and rebooting a new 770. If you get this, there is a hardware failure in your device and you need to return it and get a replacement.

Screenshot added: Cracked screen; Screen bug Post.

Contents

Recommended methods

easyroot

Install easyroot from nitapps.com.

Then, from the shell, run root. This will give you a root shell.

OpenSSH

  1. Enabled Extras (if you haven't already).
  2. Install OpenSSH (client and server).
  3. SSH into your tablet as root
    1. For local access, run ssh root@localhost
    2. For remote access, run ssh root@tablet's ip address
  4. Use "rootme" as password (this is the factory default root password).

Securing root access

At this point you should have gained root access to your device, and be looking at the root prompt:

#

However, if your wi-fi network is not password protected, so might anyone else near you who has WiFi, SSH and a clue.

You still need to secure root-level access.

You also still need to secure the root account ("rootme" is a terrible password, and direct root log-in access is not necessarily required).

Secure future root-level access

Modify the gainroot script

(Note: easyroot already does this)

'Fix' the original /usr/sbin/gainroot script to not to check for R&D mode and allow root everytime.

You can edit line

MODE=/usr/sbin/chroot /mnt/initfs cal-tool --get-rd-mode

to be

MODE=enabled #/usr/sbin/chroot /mnt/initfs cal-tool --get-rd-mode

You can use vi editor for this, enter

vi /usr/sbin/gainroot 

position cursor at '=' character, press 'a' key, enter 'enabled #', press Esc key and save and exit with 'ZZ' command (shift + zz). The edited line may look garbled but it is OK. CTRL+L refreshes screen in vi so you can double check before saving.

From now you can use the intended way how to gain root on the device in R&D mode without having to set it.

$ sudo gainroot

Set user password

Set the password for 'user':

passwd user

Note: when typing a password nothing will be shown on the screen.

Now, for the future, unless you want to keep SSH-ing from another machine, a clever move is to add "user" to sudoers:

echo "user ALL = PASSWD: /bin/su" >> /etc/sudoers

this way your password will be asked in order to become root. Or

echo "user ALL = NOPASSWD: /bin/su" >> /etc/sudoers

in order to become root without having to type your password.

Please keep in mind that password will be cached, so you won't have to type it every time you need to sudo.

Note that if you require a password to become sudo, some built-in apps (notably Application Manager) will appear to not load while they wait silently in the background for the password to be entered. The can be avoided by running a command in the xterm with sudo prior to lauching the app, so as to appease sudo when the OS calls it.

Ok, from now on all you have to do, in your Xterm session, to get root is to write:

sudo su -

Secure the root account

You MUST change (or disable) your root password before continuing!

Else you will be walking around with a device that can be accessed using a TRIVIAL and well known password.

Change root password

To change root password (as root user):

passwd

...when asked, input (twice) your new password.

It is still recommended to limit root logins to local console only in most cases.

Disable root login (highly suggested)

NOTE: Do not perform this step without having completed Step Modify the gainroot script or Set user password

After you gained access as root user:

passwd -l root

In this case, from now on you won't be able to login directly as root user -- not from ssh and not from the local console.

To get a root prompt:

sudo su -

Disabling root login when using OpenSSH

This step is semi optional. Definitely recommended for most installations, though.

When using dropbear as ssh server, you can disable root logins via ssh: just add the option "-w" to DROPBEAR_EXTRA_ARGS in /etc/default/dropbear:

DROPBEAR_EXTRA_ARGS="-w"

After that, restart dropbear:

/etc/init.d/dropbear restart

A remote root login via ssh is then no longer possible. So you have to use the "user" account (you should give the user a password beforehand).

For Windows Users Only

Obviously the same trick works also in Windows, but you have to use a (free or commercial) SSH enabled client:

The R&D way (Nokia 770 only) (Linux or Mac OS X needed)

You can enable the Research & Development mode (R&D or RD mode) on the 770, which enables you to execute sudo gainroot to get a root shell.

NOTE: The currently availiable Nokia flasher version (as of 30 March 2006) assumes that usbfs is mounted on /proc/bus/usb, but usbfs is deprecated and has been dropped on most newer Linuxes. If you find that flasher doesn't recognise that the device is connected and you have a kernel version >= 2.6.15, this is probably the issue.

  • Download the Linux or Mac OS X flasher from
  • Ensure it's executable: chmod a+x &quot;flasher...&quot;
  • Switch off the Nokia 770
  • Unplug it from a charger
  • Connect it to your computer via USB directly (hubs can prevent the flasher from detecting the device)
  • From your computer: As root, or using sudo, execute ./flasher &lt;del&gt;enable-rd-mode &lt;/del&gt;reboot
  • "Suitable USB device not found, waiting" is displayed on the console
  • Switch on the 770 using the power button while holding down the home button I did not touch the home button and proceeded successfully -- 2005-12-27 --RickHull It worked for me after disabling the device lock -- 05/04/06 Florian I did it without the home button as well and it worked OK for me too. -- 3/26/06 -- Bill B. Well, I just did it for the first time with my one-day-old tablet, and I did have to press the home button. Otherwise, the device booted normally, and no messages came from the flasher utility (from Mac OS X). When pressing home, you get the icon for the "system settings" (a wrench over a tablet) right under the big blue NOKIA logo at boot up. The USB logo appeared in the top-right corner of the screen on both boot-ups, the normal one and the one with the home button. -- [AlbertoGonzalezPalomo]
  • Whilst it powers on you'll see additional debug information.
  • The flasher program will now tell you something like: USB device found at bus 001, device address 004 Found board Nokia 770 (F5) NOLO version 0.9.0 The device is now in R&D mode I had to pull the USB cable at this point before the unit rebooted. -- 2006-03-29 -- [NealMcBurnett] Me too -- 2006-04-01 -- N7DR
  • If not already done install an xterm on the 770
  • Open the xterm and execute sudo gainroot You will probably get a scary message pointing you the possibility of breaking your device doing so. Ignore it ¿?
  • Try this if it doesn't work: sudo /usr/sbin/gainroot

That's it. If you get the error, "Error claiming USB interface: Operation not permitted", it means you've forgotten to run the flasher as root. It is possible to encounter other errors (even if invoked as root) that may be caused by timing issues. For more information and a possible solution, go to the following maemo-developers thread.

Once becoming root, in order to easily become root without needing to be in R&D mode, modify the gainroot script (located in /usr/sbin/gainroot) to only invoke the shell (i.e. /bin/sh) or modify /etc/sudoers to make something like su sudo-capable. (IT'D BE NICE IF someone uploaded samples of the original and the modified file to the wiki at this point) Modifying gainroot is likely an easier option for novice users and should be accomplished by commenting out (i.e. prepending lines with a #) the check if R&D mode is enabled. More specifically, after the "PATH=..." line, comment out the following lines except for the /bin/sh line.

BEFORE