ReadyNAS shell access redux
When I wrote the original article on how to enable shell access to the readynas, I was motivated by the need to solve my backup problems. Given the unfulfilled promises from infrant regarding ssh availability, I was also frustrated, and wanted to share how easy it was to do it yourself. After solving solving the immediate problem, I did not try to develop a more elegant solution. Fortunately, the web is a big place, and I managed to inspire someone else to come up with a better solution that doesn't require removing any drives. This person, whom I will call "D", has asked to remain anonymous.
Protocol
Here is D's method for changing the root password:
This is a simple approach that exploits the ability to create symbolic links (symlinks) while using NFS, and the ability to traverse symlinks while using AFP (Apple File Protocol). It also exploits the fact that /etc/cron.d is writeable by the admin user, which permits arbitrary crontabs to be created. This will probably require a Macintosh, or another platform which can mount AFP shares.
- Enable NFS and AFP services (Services -> Standard File Protocols).
- Make a share NFS write-enabled and root privilege-enabled (Shares ->NFS)
- Make the same share AFP write-enabled for the admin user (Shares -> AFP)
- Mount the share using NFS
- Create a symbolic link on the share to /etc (etc -> /etc).
- Mount the share using AFP, as the admin user.
- Create a new crontab file in etc/cron.d/
# example listing for /etc/cron.d/passwd
* * * * * root /usr/sbin/usermod -p '$1$RVWNkJR9$CaniKWqUxyXC3ETsWKrCE1' root
- Reboot the device, to restart cron.
Notes
This would not work if the backend software on the readynas was configured properly. It turns out that frontview, which is written in perl, makes system calls directly and executes commands as the admin user. To make life easier on themselves, Infrant allows the admin user to modify key system files such as /etc/cron.d. In fact, the entire frontview interface is owned by admin, so you should be able to mount /frontview that same way that you mounted /etc and modify any of the files that control the web interface. Now that infrant has been acquired by netgear, maybe some of this will get cleaned up. I suspect that is why infrant was promising a 4.0 release of RAIDiator that will include ssh access, and will not be backwards compatible with the current versions of the OS (3.x). Sounds great, doesn't it? Given the amount of time that it takes Infrant to actually deliver on their promises lately, I think that if you want ssh access before 2008, you should probably use the method described above.
This trick worked just fine! Thanks alot for this information.
It was great if the ReadyNAS could become a build target of OpenEmbedded. Since it's built on GPL Software.. isn't Infrant supposed to offer source, sans maybe some driver ?
According to infrant, the modified sources are available here, in compliance with the GPL.
No luck here. Are you using a security mode other than "share"? Are you running some version other than 3.01c1-p6?
@Ian: I am using "user" mode security. You need to be able to mount your shares via NFS and AFP as the admin user. When you use "user" mode security, the system maps file permissions to actual user accounts on the system. I'm not sure how permissions are handled with "share" mode security.
@brian: Excellent! That was precisely it.
Thanks for the tip. SVNserve, here I come!
i added the file to cron.d and I still can't ssh in as root. i tried to ssh as admin as well, which appeared to work but I was disconnected immediately
diag == d8rth
Hum, it seems like a pretty nasty security hole that there's a default password for the "diag" account that you cannot change without hacking the box.
@E: Interesting. Looks like a primitive utility for doing very basic troubleshooting or remote maintenance on the box if the web interface is down. Like I've mentioned before, it's as if once they got the raid stuff working, they just wrote a web interface in a few days and started selling it.
Hi Brian! Thank you, this works very nicely!