Building Tiny Linux Systems with BusyBox, Part 3
Your tiny Linux system currently just logs you in as root. Let's make a more versatile system that supports user and group names, the login command, support for logins via the console, a modem or a serial line, and utilities to add and delete users. Let's also make the disk writable, unlike the system we made in the second article. Let's fit all of this, and our BusyBox toolkit of more than 100 general-purpose UNIX commands, on one floppy with room to spare!
Go into the TinyLogin source directory and edit the Makefile. We'll be using uClibc to build TinyLogin, so set DOSTATIC to true, comment out the -lcrypt in the definition of LIBRARIES, and set USE_SYSTEM_PWD_GRP to true. Look in the Makefile for the lines that say ``To compile vs. an alternative libc, you may need to use/adjust the following lines to meet your needs.'' Change the lines below that in the same way that you changed the BusyBox Makefile to enable building with uClibc.
Warning: if you ever link TinyLogin with a C library that uses the Name Service Switch (NSS), including GNU LIBC and probably the default libc on your development system, you must set USE_SYSTEM_PWD_GRP to false in the Makefile. That will replace the functions that read the /etc/passwd and /etc/group files, etc., with a version that does not use NSS. Our tiny Linux system doesn't provide the files and other facilities needed for NSS to work, and thus TinyLogin will fail when built with it. This is the most-often-reported ``bug'' for TinyLogin, and its author is rather weary of explaining how NSS works to everyone who reports this ``bug''.
Build TinyLogin with the make command. The result should be about 58K in size.
Install TinyLogin in your tiny Linux directory using
make PREFIX=../tiny-linux install-hardlinks
Change directory up one level (cd ..).
Use an editor to modify the file tiny-var/etc/inittab, which tells /bin/init, the system startup program, which processes to start. The entire contents of the file should look like this:
::sysinit:/etc/init.d/rcS tty1::askfirst:/bin/login tty2::askfirst:/bin/login tty3::askfirst:/bin/login tty4::askfirst:/bin/login ::respawn:/sbin/getty -L ttyS0 9600 ::respawn:/sbin/getty -L ttyS1 9600 ::ctrlaltdel:/sbin/swapoff -a ::ctrlaltdel:/sbin/umount -a
This configures the system to offer a login on the first four console virtual terminals and on the first two serial ports at 9,600 baud. Create the file tiny-var/etc/passwd containing this line:
root::0:0:Super User:/:/bin/shCreate tiny-var/etc/group containing this line:
root:x:0:Create the terminal devices:
cd tiny-linux/dev mknod tty0 c 4 0 mknod tty1 c 4 1 mknod tty2 c 4 2 mknod tty3 c 4 3 mknod tty4 c 4 4 mknod ttyS0 c 4 64 mknod ttyS1 c 4 65 chmod 600 tty0 tty1 tty2 tty3 tty4 ttyS0 ttyS1Change directory up two levels (cd ../..).
Regenerate the compressed ROM filesystem, and install it on the floppy, as you have done before. Copy the new tiny var to the floppy using this command:
cp -R tiny-var/* /mnt/var
Unmount the floppy disk. Boot the floppy to test it. When the floppy boots, you will get a login prompt. Use root as your login--there's no password (yet). You'll see some complaints about missing files. Now, you can experiment with the adduser and passwd commands. You should be able to add users and set their passwords. Once you've added some users, you can log them in. To visit one of the other console virtual terminals, type Ctrl+Alt+F2 through Ctrl+Alt+F4. Ctrl+Alt+F1 will get you back to the first virtual console. You should be able to log in a different user to each virtual terminal. If you can, connect two serial terminals, set to 9,600 baud, to the first two serial ports on the system. You should be able to have users on each terminal too.
Feel free to add the missing files and test the other programs in the TinyLogin package. To have a fully functional system, you'll need /etc/shadow, /etc/gshadow, /etc/securetty and the utmp file. The location of the utmp file is defined in /usr/include/paths.h on your development system.
Security will be nonexistent because the VFAT filesystem doesn't support the ownership and mode information needed to provide security. You'll have to replace VFAT with another filesystem if you actually need this system to be secure. The USMSDOS filesystem is a good replacement for VFAT. Other filesystems are just a bit more complicated because they aren't compatible with the MS-DOS FAT filesystem used by syslinux to load the kernel and the ROM filesystem image. You could replace the FAT filesystem entirely with the MINIX or EXT2 filesystems, but you'd have to switch your boot loader from syslinux to LILO or grub. You could also mount the writable filesystem from another disk drive.
One Click, Universal Protection: Implementing Centralized Security Policies on Linux Systems
Join editor Bill Childers and Bit9's Paul Riegle on April 27 at 12pm Central to learn how to keep your Linux systems secure.
Free to Linux Journal readers.Register Now!
- Cluetrain at Fifteen
- Considering Legacy UNIX/Linux Issues
- [<Megashare>] Watch Mrs Brown's Boys Movie Online Full Movie HD 2014
- Python Scripts as a Replacement for Bash Utility Scripts
- Memory Ordering in Modern Microprocessors, Part I
- Getting Good Vibrations with Linux
- Security Hardening with Ansible
- New Products
- Putlocker!! Watch Begin Again Online 2014 Streaming Full Movie
- RSS Feeds