Zyxel utils

From NAS-Central Zyxel Wiki
Jump to: navigation, search

Zyxel_utils is an FFP package for ZyXEL devices. It contains various tools in a single script: /ffp/start/zyxel_utils.sh


The 'main function' in this script is zyxel_utils(), the first function in the script. In this function you can enable/configure various other functions. Almost all actions in this function are functionally reverted by invoking

/ffp/start/zyxel_utils stop

Functions are enabled by removing the '#' for the line. Almost all functions patch some files in the initramfs, which means it is reverted on reboot.

Change homedir for any user

change_homedir root /ffp/home/root

This will edit /etc/passwd, and create a directory /ffp/home/root, if it doesn't exist yet. By default the homedirs for root and admin are on the initramfs, which means they are volatile. Not very convenient. You can add more users/homedirs by calling the function once for each.

By default the homedirs of root and admin are changed.

Change shell for any user

change_shell user shell

This will edit /etc/passwd. You can add more users/shells by calling the function once for each.

Enable shell access for any user


This will copy all passwords stored in /ffp/etc/shadow to /etc/shadow. Further you can use the command

/ffp/sbin/change_password <user>

to change the password in both /etc/shadow and /ffp/etc/shadow.

Note: this has no consequence for the samba and webinterface password of that user.

Code donated by arnova

'Clean' shutdown


This will patch /etc/init.d/rc.shutdown to cleanly stop FFP. (Call all executable scripts in /ffp/start with the 'stop' parameter, to give them the chance to stop cleanly). It's only useful for the FFP stick, not for the zypkg (which is already stopped on shutdown), although it doesn't hurt.

This will not be reverted with '/ffp/start/zyxel_utils stop'.

Change http port

change_http_port portnr

When you want to run a 2nd webserver, you might want to move the firmware webserver to another port. This will edit /etc/service_conf/httpd_zld.conf..

Change https port

change_https_port portnr

When you want to run a 2nd webserver, you might want to move the firmware webserver to another port. This will edit /etc/service_conf/httpd_zld.conf.

Note: Do *not* use this in combination with Note: Do not use this in combination with the 'force https' feature in the administration menu. This will put the webinterface in a redirect loop.

Change Samba config file


By default the firmware samba uses /etc/samba/smb.conf, which is dynamically generated by the firmware. This means that any changes you do only last to the next reboot. This function will patch /etc/init.d/samba.sh to change /etc/samba/smb.conf in a symlink to /ffp/etc/samba/smb.conf before starting samba. When /ffp/etc/samba/smb.conf does not exist it will copy /etc/samba/smb.conf first. Unfortunately the firmware will not call this script when samba settings are changes in the webinterface. So you'll have to invoke

/etc/init.d/samba.sh restart

manually in that case.

Change NFS config file


By default NFS uses /etc/exports, which is a symlink to /usr/local/zy-pkgs/etc/exports. This function will patch /usr/local/zy-pkgs/etc/init.d/NFS to use /ffp/etc/exports instead. This is done by changing the symlink /etc/export before starting NFS, and changing it back afterwards. It is changed back because the firmware re-reads the exports file. If /ffp/etc/exports doesn't exist, it will be copied first.

Change FTP server advertised ip address

hook_ftp address

In some cases FTP access from outside doesn't work. This can be caused by the FTP server advertising it's local address. Sometimes your router will exchange this ont the fly, sometimes not. This function patches /usr/local/sbin/vsftpd_start.sh and /usr/local/sbin/vsftpd_start_silent.sh to add '-P address' to the FTP servers command line arguments. (address can be your public IP, or a (dyndns) domain)

A side effect can be that the server is no longer accessible from within the LAN, depending on if your router supports NAT loopback, or the throughput within the LAN can be lowered dramatically. (The traffic is routered twice, once from the LAN to the WAN, and once back.)

A second side effect is that /usr/local/sbin/ is made writable

Make a readonly directory writable

hook_directory /path/to/dir

The major part of the firmware is readonly. It's a readonly loopmounted file on /usr/. This function copies the contents of /path/to/dir/ to /ffp/var/rw/<firmware-version>/path/to/dir (if it doesn't exist yet). Thereafter /ffp/var/rw/<firmware-version>/path/to/dir is bindmounted on /path/to/dir.

You can call this function more than once for different directories.

Use with care. The function will detect if a directory is hooked already, but no if it's parents are already hooked.

Don't hook /usr/local/zy-pkgs or one of it's parents.

Let firmware cron work for you


This will hook /sbin/crond to add the lines in /ffp/etc/crontab to /var/spool/cron/crontabs/root before starting the daemon. Do not put a user in the line, the command is executed as root. The last line in /ffp/etc/crontab containing data *must* be followed by an enter If you edit /etc/ffp/crontab, simply execute

/etc/init.d/crond.sh restart

to apply it.


By default a logfile /tmp/intercept.log is generated, in which all hooked scripts log their execution:

**** root@Mon Feb 18 20:28:03 CET 2013:
1:/bin/sh /init
--5912:/bin/sh /usr/bin/restart_scheduler.sh
----5922:/bin/sh /etc/init.d/crond.sh restart
------5984:/bin/sh /etc/init.d/crond.sh start
--------5988:/ffp/bin/sh /sbin/crond -L /dev/null

You see a timestamp and a user. Further there is a backtrace from all calling processes, including their PID. If you don't want this logfile, edit the script and clear INTERCEPT_LOG

Own hooks

This log function is to beautiful to not re-use it. You can hook *any* executable (script or binary) by calling

/ffp/start/zyxel_utils.sh hook /path/to/executable

All calls of this executable will be logged. It is done by moving the executable to /path/to/hooked/executable, and creating a symlink /path/to/executable to /ffp/start/zyxel_utils.sh. (The executable bit of /ffp/start/zyxel_utils.sh need to be set). zyxel_utils.sh will write the logfile, and exec the original executable. Unhooking can be done by:

/ffp/start/zyxel_utils.sh unhook /path/to/executable

Do not hook /ffp/bin/rm and /ffp/bin/cat, as these are used within a locked section when writing the logfile.

How to install

slacker -Ui zyxel_utils

If it doesn't show up, use uwsiteloader to install the repository 'Mijzelf', and retry. Or download it manually from that repository, and install it

funpkg -i zyxel_utils<version>.txz

Chrooted FFP

Sorry, while the script contains code to let it work in a chrooted environment, it turns out to be unstable. The script execute_outside_chroot is just no robust enough to call it often.