FAQ: How can a create another OnionOS user instead of root



  • While OpenWrt is a single user system, you can create additional users so you don't have to disclose the root user password. You can add the user by editing /etc/passwd and /etc/shadow or you can install the useradd package:

    opkg install shadow-useradd
    

    Now add a new user named "admin", but we don't want them to have shell access:

    useradd admin -d /var -M -s /bin/false -p mytemporarypassword
    

    The password is added in cleartext so you need to change it using the command:

    passwd admin
    

    Follow the prompts to set your password then you can confirm the new user has been added as required:

    cat /etc/passwd
    cat /etc/shadow
    

    Since OnionOS uses ubus via rpc we need to add the user to the rpc user list. The configuration file is /etc/config/rcpd, but you can use uci commands to add the user:

    uci add rpcd login
    uci set rpcd.@login[-1].username='admin'
    uci set rpcd.@login[-1].password='$p$admin'
    uci add_list rpcd.@login[-1].read='*'
    uci add_list rpcd.@login[-1].write='*'
    uci commit rpcd
    

    The username must match the username we just created and the structure of the password field causes the rpc daemon to use the system password we just created.

    The "read" and "write" fields is set to an asterisk indicating that the user will have unrestricted access, the same as the root user.

    You can confirm the new user had been added using a uci command:

    uci show rpcd
    
    rpcd.@login[0]=login
    rpcd.@login[0].username='root'
    rpcd.@login[0].password='$p$root'
    rpcd.@login[0].read='*'
    rpcd.@login[0].write='*'
    rpcd.@login[1]=login
    rpcd.@login[1].username='admin'
    rpcd.@login[1].password='$p$admin'
    rpcd.@login[1].read='*'
    rpcd.@login[1].write='*'
    
    

    Now restart the rpc daemon:

    service rpcd restart
    

    You can now login to OnionOS with the same functionality as the root user has, but the user has no console access.


Log in to reply
 

Looks like your connection to Community was lost, please wait while we try to reconnect.