Zyxel_utils is an FFP package for ZyXEL devices. It contains various tools in a single script: /ffp/start/zyxel_utils.sh
- 1 zyxel_utils()
- 1.1 Change homedir for any user
- 1.2 Change shell for any user
- 1.3 Enable shell access for any user
- 1.4 'Clean' shutdown
- 1.5 Change http port
- 1.6 Change https port
- 1.7 Change Samba config file
- 1.8 Change NFS config file
- 1.9 Change FTP server advertised ip address
- 1.10 Make a readonly directory writable
- 1.11 Let firmware cron work for you
- 2 Logfile
- 3 How to install
- 4 Chrooted FFP
The 'main function' in this script is zyxel_utils(), the first function in the script. In this function you can enable/configure various other functions. Almost all actions in this function are functionally reverted by invoking
Functions are enabled by removing the '#' for the line. Almost all functions patch some files in the initramfs, which means it is reverted on reboot.
Change homedir for any user
change_homedir root /ffp/home/root
This will edit /etc/passwd, and create a directory /ffp/home/root, if it doesn't exist yet. By default the homedirs for root and admin are on the initramfs, which means they are volatile. Not very convenient. You can add more users/homedirs by calling the function once for each.
By default the homedirs of root and admin are changed.
Change shell for any user
change_shell user shell
This will edit /etc/passwd. You can add more users/shells by calling the function once for each.
Enable shell access for any user
This will copy all passwords stored in /ffp/etc/shadow to /etc/shadow. Further you can use the command
to change the password in both /etc/shadow and /ffp/etc/shadow.
Note: this has no consequence for the samba and webinterface password of that user.
Code donated by arnova
This will patch /etc/init.d/rc.shutdown to cleanly stop FFP. (Call all executable scripts in /ffp/start with the 'stop' parameter, to give them the chance to stop cleanly). It's only useful for the FFP stick, not for the zypkg (which is already stopped on shutdown), although it doesn't hurt.
This will not be reverted with '/ffp/start/zyxel_utils stop'.
Change http port
When you want to run a 2nd webserver, you might want to move the firmware webserver to another port. This will edit /etc/service_conf/httpd_zld.conf..
Change https port
When you want to run a 2nd webserver, you might want to move the firmware webserver to another port. This will edit /etc/service_conf/httpd_zld.conf.
Note: Do *not* use this in combination with Note: Do not use this in combination with the 'force https' feature in the administration menu. This will put the webinterface in a redirect loop.
Change Samba config file
By default the firmware samba uses /etc/samba/smb.conf, which is dynamically generated by the firmware. This means that any changes you do only last to the next reboot. This function will patch /etc/init.d/samba.sh to change /etc/samba/smb.conf in a symlink to /ffp/etc/samba/smb.conf before starting samba. When /ffp/etc/samba/smb.conf does not exist it will copy /etc/samba/smb.conf first. Unfortunately the firmware will not call this script when samba settings are changes in the webinterface. So you'll have to invoke
manually in that case.
Change NFS config file
By default NFS uses /etc/exports, which is a symlink to /usr/local/zy-pkgs/etc/exports. This function will patch /usr/local/zy-pkgs/etc/init.d/NFS to use /ffp/etc/exports instead. This is done by changing the symlink /etc/export before starting NFS, and changing it back afterwards. It is changed back because the firmware re-reads the exports file. If /ffp/etc/exports doesn't exist, it will be copied first.
Change FTP server advertised ip address
In some cases FTP access from outside doesn't work. This can be caused by the FTP server advertising it's local address. Sometimes your router will exchange this ont the fly, sometimes not. This function patches /usr/local/sbin/vsftpd_start.sh and /usr/local/sbin/vsftpd_start_silent.sh to add '-P address' to the FTP servers command line arguments. (address can be your public IP, or a (dyndns) domain)
A side effect can be that the server is no longer accessible from within the LAN, depending on if your router supports NAT loopback, or the throughput within the LAN can be lowered dramatically. (The traffic is routered twice, once from the LAN to the WAN, and once back.)
A second side effect is that /usr/local/sbin/ is made writable
Make a readonly directory writable
The major part of the firmware is readonly. It's a readonly loopmounted file on /usr/. This function copies the contents of /path/to/dir/ to /ffp/var/rw/<firmware-version>/path/to/dir (if it doesn't exist yet). Thereafter /ffp/var/rw/<firmware-version>/path/to/dir is bindmounted on /path/to/dir.
You can call this function more than once for different directories.
Use with care. The function will detect if a directory is hooked already, but no if it's parents are already hooked.
Don't hook /usr/local/zy-pkgs or one of it's parents.
Let firmware cron work for you
This will hook /sbin/crond to add the lines in /ffp/etc/crontab to /var/spool/cron/crontabs/root before starting the daemon. Do not put a user in the line, the command is executed as root. The last line in /ffp/etc/crontab containing data *must* be followed by an enter If you edit /etc/ffp/crontab, simply execute
to apply it.
By default a logfile /tmp/intercept.log is generated, in which all hooked scripts log their execution:
**** root@Mon Feb 18 20:28:03 CET 2013: 1:/bin/sh /init --5912:/bin/sh /usr/bin/restart_scheduler.sh ----5922:/bin/sh /etc/init.d/crond.sh restart ------5984:/bin/sh /etc/init.d/crond.sh start --------5988:/ffp/bin/sh /sbin/crond -L /dev/null
You see a timestamp and a user. Further there is a backtrace from all calling processes, including their PID. If you don't want this logfile, edit the script and clear INTERCEPT_LOG
This log function is to beautiful to not re-use it. You can hook *any* executable (script or binary) by calling
/ffp/start/zyxel_utils.sh hook /path/to/executable
All calls of this executable will be logged. It is done by moving the executable to /path/to/hooked/executable, and creating a symlink /path/to/executable to /ffp/start/zyxel_utils.sh. (The executable bit of /ffp/start/zyxel_utils.sh need to be set). zyxel_utils.sh will write the logfile, and exec the original executable. Unhooking can be done by:
/ffp/start/zyxel_utils.sh unhook /path/to/executable
Do not hook /ffp/bin/rm and /ffp/bin/cat, as these are used within a locked section when writing the logfile.
How to install
slacker -Ui zyxel_utils
funpkg -i zyxel_utils<version>.txz
Sorry, while the script contains code to let it work in a chrooted environment, it turns out to be unstable. The script execute_outside_chroot is just no robust enough to call it often.