Archive for the ‘slug’ Category

Configuring sudo

March 27, 2007

The next step in setting up a file server on the slug is an easy one: Install sudo rights for my normal user.
I use sudo as a matter of convenience; If I don’t have it installed I’m much more likely to do stuff as root (that doesn’t have to be made as root). The security aspects of sudo, where you can limit what each user (or group) can do with sudo, doesn’t really matter to me since I am the sole administrator of these boxen and I want absolute power. This means that our sudo set up will be a real simple on (you’ll see later).

But first things first; Let’s start with installing sudo to the slug.
If you haven’t logged in to the box yet, do so now:

ssh habrok@192.168.1.6

Of course you should exchange habrok for the login of the user created with the Debian installer, and the IP with the IP of your slug. Now we install sudo with apt, starting with an update of the local package list (it is always good to do an update at the start of a session, though nothing bad will happen if you forget; The packages will fail to download, that’s all):

su -
apt-get update
apt-get install sudo

Next we will configure sudo access, by editing the /etc/sudoers file. We won’t do this with the normal editor though, but run the special editor visudo instead. Visudo is used to prevent syntax errors in the /etc/sudoers file, which might otherwise lock everyone out of doing sudos. You might think that visudo has something to do with the infamous vi editor, but don’t worry, it will actually use nano for your editing session. So go ahead and type:

visudo

We will make just one change in this file. Below the “user privilege specification” comment add a line:

%wheel ALL = (root) ALL

This line means that members of the “wheel” system group (the percent sign means a group) on any host (the first “ALL”) will be able to execute any command (the second “ALL”) as root (this is the default, so it isn’t really necessary to write it out, but it is clearer this way). The reason I didn’t allow the wheel users to run command as any user (which is done by putting “ALL” within the parentheses) is that I honestly don’t know why I would ever need this (security 101: Don’t enable things you don’t know you will need).

Now save (ctrl+O) and exit (ctrl+X). Visudo will tell you if there is any syntax errors, if so press ‘e’ to correct them.

Now we need to add the users we want to run sudo to the wheel group*. First check that there isn’t already a wheel group:

cat /etc/group | grep wheel

This should return nothing (at least if you’re running a new installation of Debian like me), so go on and create this group:

addgroup --system --gid 23 wheel

The group id doesn’t have to be 23, I just find it easy to remember (you actually don’t have to specify a group id at all, if you don’t the system will assign one for you).
Now add our normal user and root (for good measure) to the wheel group:

adduser habrok wheel
adduser root wheel

Now, we have to log out and in again for our group membership to be updated, so do that now:

exit
exit
ssh habrok@192.168.1.6
groups

Now “wheel” should be listed among the groups you are member of (if not you have to su again and try to find where things went wrong), so go on and try to sudo something:

sudo apt-get update

Type your password (your password, not the root password) and see if it starts updating the package list. If it works (and it should) then you can go on lock your root account, if not you have to su to root account again and correct any errors you’ve made first.

Locking out the root user is a bit scary, you might not be able to correct mistakes if do something stupid (now or later). With the slug I can’t even use the usual recovery procedure (booting from a CD), so instead of really locking out root, I will just set a very long, random password, which I write down and keep in a secret place.

First generate a random password with your favourite password generator (I use apg, which can be found in Ubuntu’s universe). Then set the root password for the slug with:

sudo passwd root

Your slug should now be properly set up with sudo, so go on and get yourself some coffee or something.

* At this point, you may wonder why the group is called wheel (and not admins or sysops or something). This is just a tradition; The wheel group was used to restrict which users could run the “su” command (I think Berkeley might have been first with this). Now we use it to restrict sudo.

Posted in slug, sudo, suttung | Leave a Comment »

Slug installation, part 2

March 26, 2007

From the first part we inherited a slug (= a Linksys NSLU2) with a debian installer started. Now, the slug doesn’t have a console, so we need to access the installer through SSH:

ssh installer@192.168.1.6

Accept the new RSA key fingerprint (you may have to delete the previous key first, the RSA key is regenerated when you reflash), and type in the password “install”. You should be greeted by this screen:Debian installer start

Choose “Start menu” to be taken to the installer. Then you have to chose a mirror to download the Debian archives from. I think the list shows all servers, although we’re really only interested in those that has packages for ARM. Use the Debian mirror list to make sure the mirror you select carries packages for the ARM architecture before you continue. (I’ve had problem with ftp.sunet.se before, although when I check now I see that it actually has ARM packages. Well, maybe it was something else that didn’t work then.) The primary mirror for your country is usually a sensible choice.

Next up is choosing which modules to load for the installer. The guide I followed recommended these modules:

  • ext3-modules…
  • partman-auto
  • partman-ext3
  • scsi-core-modules…
  • usb-storage-modules…

We won’t use automatic partitioning, so I don’t know if partman-auto and partman-ext3 is really necessary, but it doesn’t hurt anyway.

Then we go for partitioning the disk. I used manual partioning and created a root partition (ext3), and a swap partition on the USB memory stick. Since we will be running LDAP on this box, I figured I need some swap for caching and doubled the minimum requirement of 128MB (to 260MB). Write your partitions to disk and format them (you didn’t choose to format them at the partition screen? then go back and do it right).
Next you are told to choose a language, but I don’t know what this choice really means. It certainly doesn’t change the language (I chose Sweden, but didn’t get Swedish). Maybe it is the time settings; At least it says “configuring the clock” next. Anyway, just chose your country and continue.

Then it is time to create users. First you create a root user (you only have to give a password for him) and then you also set up a regular (non-privileged) account.

After you’ve set up users the base system will be downloaded and installed to the USB stick. Answer any questions about these packages that may come up (it shouldn’t be too difficult). After installation the tasksel dialog appears:Tasksel dialog

The “Standard system” should be enough here, we will install the packages we need for the file server later. Now it will download and install some more packages, and this should take a while (I didn’t take time, but upwards an hour perhaps). When it is done you should see the following message: Installation finished

Choose “Continue”; You will then be disconnected from the slug. Wait a while (ten minutes?) and then log in with the login credentials for the user you created before (you could log in as root, but it is prudent not to).

And that’s it. You can start playing around with your new toy, as will do now with mine.

Posted in debian, equipment, slug, suttung | Leave a Comment »

Slug installation

March 26, 2007

Our first task is to reflash the Linksys NSLU2. This box will later be used as a file server at Valhall, though it currently stands silently at Bilskirnir.

Now, I actually already reflashed it with Debian/NSLU2, but I though I’d redo it to document the process. There is already a quite good document describing the installation process. This installation guide will be more specific, however, describing how I got things to work.

A look at what we need for this task:

  • A slug (not a slimy one, I mean a Linksys NSLU2)
  • A installation medium for Debian (it won’t fit in internal flash); I used a 2 GB memory stick
  • A computer running Kubuntu
  • A switch and some network cables
  • A lot of patience (the Slug isn’t very fast) and some coffee

First, we put all the equipment in place:

  1. Connect the slug to a power outlet.
  2. Connect a network cable from the slug to the switch.
  3. Connect a network cable from the computer to the switch (I use wireless normally, but this don’t work for reflashing with upslug2).
  4. Connect the memory stick to USB port 1 on the slug (port 2 probably works, but I haven’t tested so I can’t confirm this).

Power on the slug and set it to receive a IP address via DHCP. (Information about this can be found in the manual, I think.) When done, power off the slug again.

Ok, let’s download all the programs we need to the laptop. The binary image for the Debian Installer (with Intel’s proprietary network driver) can be found at slug-firmware.net. At the time of writing the most up to date image is Etch RC2, so I grabbed that one. You have to accept Intel’s license before you download. I don’t think there’s any indecent stuff there, but then I just skimmed it (and I’m certainly not a lawyer). We also need the upslug2 tool which I downloaded with apt (for Kubuntu, it is in the Universe repository, be sure you enable this first):

sudo apt-get install upslug2

Next, put the slug in upgrade mode:

  1. Press and hold the reset button with a metal clip (the hole is quite deep, so a pen won’t do)
  2. Power on the slug without releasing the reset button
  3. The top diode () shines yellow for approximately 10 seconds – keep the reset button down.
  4. When the top diode turns to amber (the change is quite subtle, be sure to do this in a dark room) immediately release the reset button (you have at least a second I think).
  5. The diode should now flash amber. If not, restart the process.

As far as I can tell, the slug will stay in upgrade mode until you reboot it, so you don’t have to hurry starting the reflash.

Now go back to the Konsole window you should have started, and type:

cd
mkdir slug
mv download/debian-etch-rc2-20070308.zip slug/
cd slug
unzip debian-etch-rc2-20070308.zip

Now run the upslug2 tool to reflash (upslug2 has to be run as root because of how it interacts with the network interface):

sudo upslug2 -i di-nslu2.bin

The installation process should begin. The upslug2 tool will report the MAC address for the slug. Use this to set up a static lease for it. I set it to 192.168.1.6 for this.
When the installation finished (it says “Rebooting… done”) you have to wait a while (5 minutes perhaps) before you can log on to your debian installation via SSH.

Coming up, the Debian Installer….

Posted in equipment, slug, suttung | 1 Comment »