%
image/svg+xml

OpenWRT: sudo

Article published the ; modified the
2 minutes to read

This article has 320 words.
RAW source of the article:
Commit version: d52797e

Description

By default, OpenWRT has one only user: the root admin.

We will create a new user, without privilege, only the one to administrate correctly the system with the tool sudo.

Installation

As root, execute all those commands:

# opkg update
# opkg install shadow-useradd sudo
Tip

Configuration

user configuration

Now, config the user account:

  • # useradd ego: ego is the account name - it’s up to your convenience…
  • # passwd ego: define the password
  • # mkdir -p /home/ego/.ssh: make the main home, and the ssh folder.
  • # touch /home/ego/.ssh/authorized_keys: create empty file (to copy your SSH public keys)
  • # chown -R ego:ego /home/ego: give the user rights on his home.
  • # chmod 0700 /home/ego: auth only this user.

sudo configuration

I would only talk about the sudo most secure method of configuration: This method allows you to simply use the administrator’s password without having to login with the administrator account. The command sudo must be preceded by any other necessary command.

We edit the /etc/sudoers with the visudo command:

# visudo

Place at the bottom of the file, and uncomment the both lignes, to remove the # symbol:

# Defaults targetpw  # Ask for the password of the target user
# ALL ALL=(ALL) ALL  # WARNING: only use this together with 'Defaults targetpw'
Tip

After saving and quit, your user can use any administration commands.

SSH configuration

Now, it’s the good time to add your ssh auth key into the /home/ego/.ssh/authorized_keys file.

Warning

sysupgrade configuration

Think to edit the file /etc/sysupgrade.conf to add:

  • your home folder,
  • and /etc/sudoers.d (only if you add config into this folder)

and check with the command sysupgrade -l.

So, for the future upgrade , yours personals datas will be saved.


Documentation