I want to add a custom user to my OpenWRT image, so that when that image is flashed onto a board, it should have the custom user account.
I figured out that adding a user to /etc/shadow file will do the trick.
But my doubt is how to set the password for the user. It seems there is an entry for password as well, but the password needs to be encrypted. How can I convert plain text password to encrypted.
Also I need to change the default 'root' password. I assume that there should be some way to alter the default 'root' password and give a new one.
NB: I need to do have a image with all these changes and do not want to do it by some script after the system boot
I am assuming you are building your own custom images.
You can customize the image by creating files folder under buildroot. You can add files/folders to this folder which will be override the default files in the distributions. For example, you can take an existing OpenWRT installation and add the user(s) and set the passwords. You can also change the root password. Backup the /etc/passwd and /etc/shadow and copy them to '<buid_root>/files folder. The folder structure will look like this
<build_root>/files
<build_root>/files/etc/passwd
<build_root>/files/etc/shadow
You can use the above approach to customize the image. Please note that above files will overwrite the default files. If you have any other software(s) which needs user(s)/group(s), you may have to add them to the above files.
When being logged via ssh as root you set a new password with passwd my_user and then copy the hash that passwd writes out to /etc/shadow. If you paste the same hash to another OpenWRT it will still work.
Then you do the same with passwd root.
Related
I have a rails app that writes to a file in my admins view folder. It creates a new folder for each user and a text file containing sensitive information.
How do i take the root folder and make sure no one can access the files inside?
/app/views/admin/NameOfFolder
NameOfFolder is the folder I want to protect that has sensitive data. The NameOfFolder is based on the user it is made for.
You don't have to. Nobody can access anything in /app. Only files in public are directly accessible to the Internet.
That said, it's highly wrong to use flat files for data storage, and especially to contain sensitive information. It's also extremely wrong to write arbitrary data files into /app/views. That directory is for your viwes, not for data storage.
Individual Folder create for each user when they register on website outside the webroot folder.I am able to upload the image and store Image path in database.However,I am unable to display the Image. I am trying to get the path of Image from database using LINQ and display in VIEW but it does not work. I can view only one(from the list of Image)Image when FILESTREAM the image path and retrun using FILESTREAMRESULT
Can anyone please guide me how to achieve it? All I want to do is create folder for each respective user when they register in external folder. Upload Image and display.
Typically, I would keep files in a secure database or within the application's subfolders. But, here's what I would suggest if you really need to access a different folder on the server.
Create a folder on your server's file system ahead of time.
On the server, assign permissions to that folder so that the identity used by your application can access it.
In your code, write code to access the folder and file path.
Hope that helps!
p.s. here's another Q&A on StackOverflow (with some words of warning) in which the second part of the answer is similar to what I suggested.
ASP.NET - Reading and writing to the file-system, outside the application
I have password protected zip file. I want to unzip that file but for the right password.
Right not what happening that even if I enter a wrong password the file is unziped.
I am using the following method for that?
[zipArchive UnzipOpenFile:strUnZip Password:#"121224"];
Password argument is unused. if i put then still unzip the files.
So how to check if user enter a right password for the password protected file.
Zip passwords are on a per-file entry basis. The password only applies to individual files within the zipfile. The use of a password on file open is a simplification of the feature which has it's issues.
As a result, even if you get the password incorrect, you can simply open the archive without issue.
The password only applies when you attempt to extract files from the archive, as a result, that is the only time the password would come into effect.
The workaround is to check for failure at extraction time - in the UnzipFileTo call.
Note: not having all the files encrypted is pretty unusual, but I've done it myself in the past; I've even put files in the archive with different password.
I am saving images on file and i am creating first folder which has Guid name for avoiding to duplicate file names. And entities hold reference src of image.
I feel that creating folder and giving guid name is wrong from point of performance. So how i have to avoid duplicate names ?
And second problem is the project seperated into 2 project. One is admin and other for user interface so i can not access my saved files from user interface. What is best practice about these problems ?
About the first problem, I think you could create a folder per user and replace the existing file, asking user confermation.
The second problem can be solved using a NFS or a shared directory where the admin and the user application can both read and write files (and you need to develope a component that retrieve the files and return them to your web apps).
I would like to create a simple file repository in Ruby on Rails. Users have their accounts, and after one logs in they can upload a file or download files previously uploaded.
The issue here is the security. Files should be safe and not available to anyone but the owners.
Where, in which folder, should I store the files, to make them as safe as possible?
Does it make sense, to rename the uploaded files, store the names in a database and restore them when needed? This might help avoid name conflicts, though I'm not sure if it's a good idea.
Should the files be stored all in one folder, or should they be somewhat divided?
rename the files, for one reason, because you have no way to know if today's file "test" is supposed to replace last week's "test" or not (perhaps the user had them in different directories)
give each user their own directory, this prevents performance problems and makes it easy to migrate, archive, or delete a single user
put metadata in the database and files in the file system
look out for code injection via file name
This is an interesting question. Depending on the level of security you want to apply I would recommend the following:
Choose a folder that is only accessible by your app server (if you chose to store in the FS)
I would always recommend to rename the files to a random generated hash (or incremntally generated name like used in URL shorteners, see the open source implementation of rubyurl). However, I wouldn't store them in a database because filesystems are built for handling files, so let it do the job. You should store the meta data in the database to be able to set the right file name when the user downloads the file.
You should partition the files among multiple folders. This gives you multiple advantages. First, filesystems are not built to handle millions of files in a single folder. If you have operations that try to get all files from a folder this takes significantly more time. If you obfuscate the original file name you could create one directory for each letter in the filename and would get a fairly good distributed number of files per directory.
One last thing to consider is the possible collision of file names. A user should not be able to guess a filename from another user. So you might need some additional checks here.
Depending on the level of security you want to achieve you can apply more and more patterns.
Just don't save the files in the public folder and create a controller that will send the files.
How you want to organise from that point on is your choice. You could make a sub folder per user. There is no need to rename from a security point of view, but do try to cleanup the filename, spaces and non ascii characters make things harder.
For simple cases (where you don't want to distribute the file store):
Store the files in the tmp directory. DON'T store them in public. Then only expose these files via a route and controller where you do the authentication/authorisation checks.
I don't see any reason to rename the files; you can separate them out into sub directories based on the user ID. But if you want to allow the uploading of files with the same name then you may need to generate a unique hash or something for each file's name.
See above. You can partition them any way you see fit. But I would definitely recommend partitioning them and not lumping them in one directory.