Editing Root access
Warning: You are not logged in.
Your IP address will be recorded in this page's edit history.
The edit can be undone.
Please check the comparison below to verify that this is what you want to do, and then save the changes below to finish undoing the edit.
Latest revision | Your text | ||
Line 1: | Line 1: | ||
- | {{ | + | {{Midgard article}} |
- | |||
- | + | OK, first, the disclaimer: '''Doing whatever is stated on this page is not endorsed by Nokia in any way.''' | |
- | + | ''Warning: There have been reports of display failures (white with dim vertical stripes) after disabling rd mode and rebooting a new 770. If you get this, there is a hardware failure in your device and you need to return it and get a replacement.'' | |
- | + | Screenshot added: [http://www.circuitwizard.de/misc/2935.jpg Cracked screen]<nowiki>; </nowiki>[http://maemo.org/pipermail/maemo-users/2006-July/001605.html Screen bug Post]. | |
- | == | + | = Recommended methods = |
- | + | ||
- | + | == easyroot == | |
+ | Install [http://nitapps.com/dists/chinook/user/binary-armel/easyroot_1.0-4_armel.deb easyroot] from [http://nitapps.com/ nitapps.com]. | ||
- | Then, from the | + | Then, from the shell, run <code>root</code>. This will give you a root shell. |
- | + | ||
- | + | ||
- | == | + | == OpenSSH == |
- | + | ||
- | + | # Enabled Extras (if you haven't already). | |
+ | # Install OpenSSH (client and server). | ||
+ | # SSH into your tablet as root | ||
+ | ## For local access, run <code>ssh root@localhost</code> | ||
+ | ## For remote access, run <code>ssh root@''tablet's ip address''</code> | ||
+ | # Use the root password that the OpenSSH package asked you to enter to log in (in ancient OS versions you had to use the factory default "rootme" password). | ||
- | + | = Securing root access = | |
+ | At this point you should have gained root access to your device, and be looking at the root prompt: | ||
- | + | <nowiki>#</nowiki> | |
- | + | '''However, if your wi-fi network is not password protected, so might anyone else near you who has WiFi, SSH and a clue.''' | |
- | + | You still need to secure root-level access. | |
- | + | You also still need to secure the root account ("rootme" is a terrible password, and direct root log-in access is not necessarily required). | |
- | + | ||
- | + | ||
- | + | ||
- | + | ||
- | + | ||
- | + | ||
- | + | == Secure future root-level access == | |
- | + | === Modify the gainroot script === | |
+ | <small>''Note: [[#easyroot|easyroot]] already does this.''</small> | ||
- | + | 'Fix' the original /usr/sbin/gainroot script to not to check for R&D mode and allow root everytime. | |
- | + | You can edit line | |
- | + | MODE=<code>/usr/sbin/chroot /mnt/initfs cal-tool --get-rd-mode</code> | |
- | + | to be | |
- | + | MODE=enabled #<code>/usr/sbin/chroot /mnt/initfs cal-tool --get-rd-mode</code> | |
- | You | + | You can use vi editor for this, enter |
- | + | vi /usr/sbin/gainroot | |
- | + | ||
- | + | ||
- | = | + | position cursor at '=' character, press 'a' key, enter 'enabled #', press Esc key and save and exit with 'ZZ' command (shift + zz). The edited line may look garbled but it is OK. CTRL+L refreshes screen in vi so you can double check before saving. |
- | + | ||
- | + | From now you can use the intended way how to gain root on the device in R&D mode without having to set it. | |
- | + | $ sudo gainroot | |
- | + | ||
- | + | ||
- | + | === Set user password === | |
- | + | Set the [http://en.wikipedia.org/wiki/Password_strength password] for 'user': | |
- | + | passwd user | |
+ | |||
+ | Note: when typing a password nothing will be shown on the screen. | ||
+ | |||
+ | Now, for the future, unless you want to keep SSH-ing from another machine, a clever move is to add "user" to sudoers: | ||
+ | |||
+ | echo "user ALL = PASSWD: /bin/su" >> /etc/sudoers | ||
+ | |||
+ | this way your password will be asked in order to become root. Or | ||
+ | |||
+ | echo "user ALL = NOPASSWD: /bin/su" >> /etc/sudoers | ||
+ | |||
+ | in order to become root without having to type your password. | ||
+ | |||
+ | Please keep in mind that password will be cached, so you won't have to type it ''every'' time you need to sudo. | ||
+ | |||
+ | Note that if you require a password to become sudo, some built-in apps (notably Application Manager) will appear to not load while they wait silently in the background for the password to be entered. The can be avoided by running a command in the xterm with sudo prior to lauching the app, so as to appease sudo when the OS calls it. | ||
+ | |||
+ | Ok, from now on all you have to do, in your Xterm session, to get root is to write: | ||
+ | |||
+ | sudo su - | ||
+ | |||
+ | === Secure the root account === | ||
+ | |||
+ | '''You ''MUST'' change (or disable) your root password before continuing!''' | ||
+ | |||
+ | Else you will be walking around with a device that can be accessed using a TRIVIAL and well known password. | ||
+ | |||
+ | ==== Change root password ==== | ||
+ | |||
+ | To change root password (as root user): | ||
+ | |||
+ | passwd | ||
+ | |||
+ | ...when asked, input (twice) your [http://en.wikipedia.org/wiki/Password_strength new password]. | ||
+ | |||
+ | '''It is still recommended to limit root logins to local console only in most cases.''' | ||
+ | |||
+ | ==== Disable root login ('''highly suggested''') ==== | ||
+ | |||
+ | '''NOTE:''' Do not perform this step without having completed Step [[Root access#Modify the gainroot script|Modify the gainroot script]] or [[Root access#Set user password|Set user password]] | ||
+ | |||
+ | After you gained access as root user: | ||
+ | |||
+ | passwd -l root | ||
+ | |||
+ | In this case, from now on you won't be able to login directly as root user -- not from ssh and not from the local console. | ||
+ | |||
+ | To get a root prompt: | ||
+ | |||
+ | sudo su - | ||
+ | |||
+ | === Disabling root login when using OpenSSH === | ||
+ | |||
+ | This step is semi optional. Definitely recommended for most installations, though. | ||
+ | |||
+ | When using dropbear as ssh server, you can disable root logins via ssh: just add the option "-w" to DROPBEAR_EXTRA_ARGS in /etc/default/dropbear: | ||
+ | |||
+ | DROPBEAR_EXTRA_ARGS="-w" | ||
+ | |||
+ | After that, restart dropbear: | ||
+ | |||
+ | /etc/init.d/dropbear restart | ||
+ | |||
+ | A remote root login via ssh is then no longer possible. So you have to use the "user" account (you should give the user a password beforehand). | ||
+ | |||
+ | === For Windows Users Only === | ||
+ | |||
+ | Obviously the same trick works also in Windows, but you have to use a (free or commercial) SSH enabled client: | ||
+ | *[http://www.celestialsoftware.net/telnet/ Absolute Telnet] | ||
+ | *[http://www.vandyke.com/download/securecrt/index.html SecureCRT] | ||
+ | *[http://www.chiark.greenend.org.uk/~sgtatham/putty/ PuTTY], etc... | ||
+ | |||
+ | == R&D Mode == | ||
+ | <small>''Note: As R&D mode has other side effects beyond simply enabling root access (including several that can negatively impact battery life), it is ''not'' the recommended method for gaining root access. Use [[#easyroot|easyroot]] instead.</small> | ||
+ | |||
+ | You can enable the Research & Development mode (R&D or RD mode, which enables you to execute <code>sudo gainroot</code> to get a root shell, simply follow the setup steps for flashing covered in [[Upgrading_tablet_OS#Flashing_your_Nokia_tablet|Upgrading tablet OS]], then execute | ||
+ | |||
+ | sudo ./flasher-3.0 --enable-rd-mode -r | ||
+ | |||
+ | You are now in R&D mode, and the sudo gainroot script's check will be satisfied. | ||
- | |||
+ | [[Category:Users]] | ||
+ | [[Category:Midgard wiki]] | ||
[[Category:Wiki page of the day]] | [[Category:Wiki page of the day]] | ||
- |
Learn more about Contributing to the wiki.