Merlin permanent adduser

[samisheikh]

Hello

I am currently using Merlin build 380.66-2 on RT-AC68A. Basically what I am trying to accomplish is to add a user on shell permanently. The reason for adding a user is so that I can use the Quagga package. By default Quagga runs with runuser "network". I was able to add the user and group network, and give that user appropriate permissions and was able to run Quagga and OSPFD without any issues. However after a router reboot, the network user was deleted, and Quagga was unable to run.

So my question is, can I either run Quagga with user nobody or create a permanent shell user "network"?

I even tried editing the init.d files to change the runuser from network to nobody but that didn't seem to work. At the moment I am manually starting the process without watchquagga and manually specifying the parameters u and g with the user nobody.


Any help would be appreciated.

Thanks

 

[Fitz Mutch]

Here's how I create the non-root user for Tor.

/jffs/configs/passwd.add

tor:x:65533:65533:tor:/dev/null:/dev/null

/jffs/configs/shadow.add

tor:*:0:0:99999:7:0:0:

/jffs/configs/group.add

tor:x:65533:

/jffs/configs/gshadow.add

tor:*:65533:

 

[samisheikh]

Thanks Fitz, that worked great! Quagga and OSPFD works upon reboot.

 

[sfx2000]

Here's how I create the non-root user for Tor.

Why is it that I'm vaguely unconformable with the post above?

 

[RMerlin]

Here's how I create the non-admin user for Tor.

How much effort do you think it would take to run Tor with an unprivileged user at the firmware level? I don't think it needs any iptables/routing table access, correct?

 

[Fitz Mutch]

Why is it that I'm vaguely unconformable with the post above?

You got me, there is no root user in Asuswrt?

 

[RMerlin]

You got me, there is no root user in Asuswrt?

admin is Asuswrt's UID 1. It's root, but with a different name.

 

[Fitz Mutch]

How much effort do you think it would take to run Tor with an unprivileged user at the firmware level? I don't think it needs any iptables/routing table access, correct?

I see there are other built-in Asus users: nas and nobody. Do you know if either of these is a better choice to run Tor as? Is this what you're asking?

 

[RMerlin]

I see there are other built-in Asus users: nas and nobody. Do you know if either of these is a better choice to run Tor as? Is this what you're asking?

Either nobody or another dedicated user. How do Linux distro usually go with Tor?

I don't use Tor, so I'm not familiar with how it's designed.

 

[samisheikh]

Seeing that I am not using the recommended method even thought it works, Rmerlin what do you suggest I do to run Quagga? It requires the network user to start and run.

 

[RMerlin]

Seeing that I am not using the recommended method even thought it works, Rmerlin what do you suggest I do to run Quagga? It requires the network user to start and run.

I'm not familiar with Quagga, never used it before (and no idea how the package you use is configured). Fitz's method would be the correct way of adding a permanent user for your setup.

Asus doesn't seem to specify any specific user when they start Quagga in the built-in version that's included in the firmware, they run it directly as root.

 

[RMerlin]

I see there are other built-in Asus users: nas and nobody. Do you know if either of these is a better choice to run Tor as? Is this what you're asking?

I don't like the idea of Tor sharing the same permission as dnsmasq, so I opted for adding a new "tor" user to the passwd file.

 

[Fitz Mutch]

Since the firmware will now soon support a non-root Tor user, the following technique ensures that I'm not creating duplicate entries in these system files. The purpose of this script is to ensure that the Tor user exists before the Tor service is started. Otherwise, Tor will fail to start.

Sorry for my overuse of variables, stupid Cloudflare blocked my post.

/jffs/scripts/torrc.postconf

#!/bin/sh
append_line () {
  local filepath="$1"
  local textline="$2"
  local textmatch="$3"
  /bin/grep -qF "$textmatch" "$filepath" || /bin/echo "$textline" >> "$filepath"
}
passwd="passwd"; shadow="shadow"; group="group"; gshadow="gshadow"
append_line "/etc/${passwd}" "tor:x:65533:65533:tor:/dev/null:/dev/null" "tor:"
append_line "/etc/${shadow}" "tor:*:0:0:99999:7:0:0:" "tor:"
append_line "/etc/${group}" "tor:x:65533:" "tor:"
append_line "/etc/${gshadow}" "tor:*:65533:" "tor:"