non root login your open wrt router


Here is a summary of the steps required :

1. edit /etc/passwd and create an account. I used admin.  set shell /bin/false so users cant login either via ssh or the console using this account.
2. edit /etc/shadow and clone the root line and name it admin

here is my /etc/passwd
root:x:0:0:root:/tmp:/bin/ash
admin:x:100:100:admin:/root:/bin/false
daemon:*:1:1:daemon:/var:/bin/false
ftp:*:55:55:ftp:/home/ftp:/bin/false
network:*:101:101:network:/var:/bin/false
nobody:*:65534:65534:nobody:/var:/bin/false

here is /etc/shadow
root:$1$dcjUpu/v$MGBl1uIAGSwTpV5Rwnmv50:15225:0:999997:::  # jangan Merubah apapun pada baris ini
admin:$1$q6rcQdCT$6Va8cqauOlDMAKvVX.HgH.:15225:0:99999:7::: # bisa diganti via command passwd admin
daemon:*:0:0:99999:7:::
ftp:*:0:0:99999:7:::
network:*:0:0:99999:7:::
nobody:*:0:0:99999:7:::

3. passwd admin and assign admin a new password
4. edit /usr/lib/lua/luci/controller/admin/index.lua and change line 28 to read
page.sysauth = {“admin”,”root”}
5. edit /usr/lib/lua/luci/controller/admin/system.lua and change line 326 to read
stat = luci.sys.user.setpasswd(“admin”, p1)
this is important or luci will change the root password instead of the admin password under system->administration
6. edit /usr/lib/lua/luci/controller/admin/servicectl.lua line 18 to read
entry({“servicectl”}, alias(“servicectl”, “status”)).sysauth = {“admin”,”root”}
this allows luci to save and activate changes.

once this is done you can login into luci as either root or admin.    Note that when logging in as root (or admin) changing the password in the gui only affects the password for admin.  The only way to change the root password is via the shell.  This is perfect for most since you want the user to access the gui and manage his account but you want to a service account that techs can use to do maintenance on the router no matter what the admin user has done in the gui

you may also can edit your custom rule menu configuration in order limiting acces your admin by editing: /overlay/usr/lib/lua/luci/model/cbi/firewall

Tinggalkan Balasan

Isikan data di bawah atau klik salah satu ikon untuk log in:

Logo WordPress.com

You are commenting using your WordPress.com account. Logout / Ubah )

Gambar Twitter

You are commenting using your Twitter account. Logout / Ubah )

Foto Facebook

You are commenting using your Facebook account. Logout / Ubah )

Foto Google+

You are commenting using your Google+ account. Logout / Ubah )

Connecting to %s