Building Tiny Linux Systems with BusyBox, Part 3
Your tiny Linux system currently just logs you in as root. Let's make a more versatile system that supports user and group names, the login command, support for logins via the console, a modem or a serial line, and utilities to add and delete users. Let's also make the disk writable, unlike the system we made in the second article. Let's fit all of this, and our BusyBox toolkit of more than 100 general-purpose UNIX commands, on one floppy with room to spare!
Go into the TinyLogin source directory and edit the Makefile. We'll be using uClibc to build TinyLogin, so set DOSTATIC to true, comment out the -lcrypt in the definition of LIBRARIES, and set USE_SYSTEM_PWD_GRP to true. Look in the Makefile for the lines that say ``To compile vs. an alternative libc, you may need to use/adjust the following lines to meet your needs.'' Change the lines below that in the same way that you changed the BusyBox Makefile to enable building with uClibc.
Warning: if you ever link TinyLogin with a C library that uses the Name Service Switch (NSS), including GNU LIBC and probably the default libc on your development system, you must set USE_SYSTEM_PWD_GRP to false in the Makefile. That will replace the functions that read the /etc/passwd and /etc/group files, etc., with a version that does not use NSS. Our tiny Linux system doesn't provide the files and other facilities needed for NSS to work, and thus TinyLogin will fail when built with it. This is the most-often-reported ``bug'' for TinyLogin, and its author is rather weary of explaining how NSS works to everyone who reports this ``bug''.
Build TinyLogin with the make command. The result should be about 58K in size.
Install TinyLogin in your tiny Linux directory using
make PREFIX=../tiny-linux install-hardlinks
Change directory up one level (cd ..).
Use an editor to modify the file tiny-var/etc/inittab, which tells /bin/init, the system startup program, which processes to start. The entire contents of the file should look like this:
::sysinit:/etc/init.d/rcS tty1::askfirst:/bin/login tty2::askfirst:/bin/login tty3::askfirst:/bin/login tty4::askfirst:/bin/login ::respawn:/sbin/getty -L ttyS0 9600 ::respawn:/sbin/getty -L ttyS1 9600 ::ctrlaltdel:/sbin/swapoff -a ::ctrlaltdel:/sbin/umount -a
This configures the system to offer a login on the first four console virtual terminals and on the first two serial ports at 9,600 baud. Create the file tiny-var/etc/passwd containing this line:
root::0:0:Super User:/:/bin/shCreate tiny-var/etc/group containing this line:
root:x:0:Create the terminal devices:
cd tiny-linux/dev mknod tty0 c 4 0 mknod tty1 c 4 1 mknod tty2 c 4 2 mknod tty3 c 4 3 mknod tty4 c 4 4 mknod ttyS0 c 4 64 mknod ttyS1 c 4 65 chmod 600 tty0 tty1 tty2 tty3 tty4 ttyS0 ttyS1Change directory up two levels (cd ../..).
Regenerate the compressed ROM filesystem, and install it on the floppy, as you have done before. Copy the new tiny var to the floppy using this command:
cp -R tiny-var/* /mnt/var
Unmount the floppy disk. Boot the floppy to test it. When the floppy boots, you will get a login prompt. Use root as your login--there's no password (yet). You'll see some complaints about missing files. Now, you can experiment with the adduser and passwd commands. You should be able to add users and set their passwords. Once you've added some users, you can log them in. To visit one of the other console virtual terminals, type Ctrl+Alt+F2 through Ctrl+Alt+F4. Ctrl+Alt+F1 will get you back to the first virtual console. You should be able to log in a different user to each virtual terminal. If you can, connect two serial terminals, set to 9,600 baud, to the first two serial ports on the system. You should be able to have users on each terminal too.
Feel free to add the missing files and test the other programs in the TinyLogin package. To have a fully functional system, you'll need /etc/shadow, /etc/gshadow, /etc/securetty and the utmp file. The location of the utmp file is defined in /usr/include/paths.h on your development system.
Security will be nonexistent because the VFAT filesystem doesn't support the ownership and mode information needed to provide security. You'll have to replace VFAT with another filesystem if you actually need this system to be secure. The USMSDOS filesystem is a good replacement for VFAT. Other filesystems are just a bit more complicated because they aren't compatible with the MS-DOS FAT filesystem used by syslinux to load the kernel and the ROM filesystem image. You could replace the FAT filesystem entirely with the MINIX or EXT2 filesystems, but you'd have to switch your boot loader from syslinux to LILO or grub. You could also mount the writable filesystem from another disk drive.
Fast/Flexible Linux OS Recovery
On Demand Now
In this live one-hour webinar, learn how to enhance your existing backup strategies for complete disaster recovery preparedness using Storix System Backup Administrator (SBAdmin), a highly flexible full-system recovery solution for UNIX and Linux systems.
Join Linux Journal's Shawn Powers and David Huffman, President/CEO, Storix, Inc.
Free to Linux Journal readers.Register Now!
- Server Hardening
- May 2016 Issue of Linux Journal
- EnterpriseDB's EDB Postgres Advanced Server and EDB Postgres Enterprise Manager
- The Humble Hacker?
- BitTorrent Inc.'s Sync
- The US Government and Open-Source Software
- The Death of RoboVM
- Open-Source Project Secretly Funded by CIA
- New Container Image Standard Promises More Portable Apps
- ACI Worldwide's UP Retail Payments
In modern computer systems, privacy and security are mandatory. However, connections from the outside over public networks automatically imply risks. One easily available solution to avoid eavesdroppers’ attempts is SSH. But, its wide adoption during the past 21 years has made it a target for attackers, so hardening your system properly is a must.
Additionally, in highly regulated markets, you must comply with specific operational requirements, proving that you conform to standards and even that you have included new mandatory authentication methods, such as two-factor authentication. In this ebook, I discuss SSH and how to configure and manage it to guarantee that your network is safe, your data is secure and that you comply with relevant regulations.Get the Guide