I have installed the latest OpenWrt Chaos Calmer r42871 on my TP-LINK WR-842ND router. And everything's good except the problem:
root@router:~# opkg install sudo
Unknown package 'sudo'.
Collected errors:
- opkg_install_cmd: Cannot install package sudo.
In the same time I can install another packages like: shadow-useradd, shadow-groupadd, etc.
The target idea is to disable the root user and to make a router more secure by using non-priv user by default (I suppose sudo would help with it at least).
It's really strange that Mr. Google doesn't know about this error yet. But I hope it will already. :)
Any advices needed!
42 Answers
You need to update the list of packages:
opkg updateThen try to showing the info for the package you are interested in:
opkg info sudoMore information in the online documentation of the project.
2sudo is not provided anymore by this distribution, and the sudo paragraph from this documentation seems outdated.
As you can see in this ps -w exctract from my router, almost all processes are running as root :
(... kernel process edited out) 832 root 8984 S /sbin/ubusd 833 root 2716 S /sbin/askfirst /usr/libexec/login.sh 834 root 2716 S /sbin/askfirst /usr/libexec/login.sh 1122 root 7040 S /sbin/logd -S 64 1123 root 11120 S /sbin/logread -f -h router -r 10.13.9.40 514 -p /var/run/logread.2.pid 1132 root 15296 S /sbin/rpcd 1167 root 15440 S /sbin/netifd 1307 root 2888 S /usr/sbin/dropbear -F -P /var/run/dropbear.1.pid -p 10.13.9.1:22 -K 300 1846 root 24228 S /usr/sbin/uhttpd -f -h /www -r router -x /cgi-bin -u /ubus -t 60 -T 30 -k 20 -A 1 -n 3 -N 100 -R -p 0.0.0 1859 zabbix 5420 S /usr/sbin/zabbix_agentd -c /etc/zabbix_agentd.conf -f 1866 zabbix 5420 S /usr/sbin/zabbix_agentd: collector [idle 1 sec] 1867 zabbix 5420 S /usr/sbin/zabbix_agentd: listener #1 [waiting for connection] 1868 zabbix 5428 S /usr/sbin/zabbix_agentd: active checks #1 [idle 1 sec] 1876 root 15036 R /usr/sbin/openvpn --syslog openvpn(server) --status /var/run/openvpn.server.status --cd /var/etc --config 1908 root 3060 S < /usr/sbin/ntpd -n -N -l -S /usr/sbin/ntpd-hotplug -p ***EDITED_OUT***.org -p ***EDITED_OUT***.org -p ***EDITED_OUT*** 1960 dnsmasq 2968 S /usr/sbin/dnsmasq -C /var/etc/dnsmasq.conf -k -x /var/run/dnsmasq/dnsmasq.pid 2688 root 3336 S {dynamic_dns_upd} /bin/sh /usr/lib/ddns/dynamic_dns_updater.sh -v 0 -S ***EDITED_OUT*** -- start 2689 root 3336 S {dynamic_dns_upd} /bin/sh /usr/lib/ddns/dynamic_dns_updater.sh -v 0 -S ***EDITED_OUT*** -- start 2690 root 3340 S {dynamic_dns_upd} /bin/sh /usr/lib/ddns/dynamic_dns_updater.sh -v 0 -S ***EDITED_OUT*** -- start 8532 root 3000 R /usr/sbin/dropbear -F -P /var/run/dropbear.1.pid -p 10.13.9.1:22 -K 300 8533 root 3064 S -ash 8609 root 3056 S sleep 600 8616 root 3056 S sleep 600 8620 root 0 SW [kworker/u8:1] 8678 root 3056 S sleep 600 8691 root 3056 R ps wSo by adding the sudo packages, adding a user, and after a lot of configuration, the only security you will gain is typing sudo before every command, or sudo -i after each login.
According to Raúl Salinas-Monteagudo's comment, this distribution is intended for router machines, only accessed by their administrators.
