Adding Your Own Users

Adding Your Own Users

Tomato does not include the standard Linux programs for adding users and groups. Nor does Tomato preserve users or groups across a reboot-these are created anew at each startup. They are also created anew when either samba, smbd, or admin service is restarted. However, there is a method of adding these on your own.

When the system creates users and groups at startup, it will append a ".custom" file (if it exists) to the end of the corresponding standard Linux file: /etc/passwd, /etc/shadow, /etc/group, and /etc/gshadow. You must create these files yourself. Once you create them, save them to nvram.

For example, to create a user named "fred" using the root password, with its own home directory, you would execute these commands:

RNAM="Fred Flinstone"
echo "$UNAM:YbqekX1wqgKQs:$UNUM:$UGRP:$RNAM:/tmp:/bin/sh" >> /etc/passwd
echo "$UNAM:x:$UNUM:$UGRP:$RNAM:/home/$UNAM:/bin/sh" >> /etc/passwd.custom
[[ $UGRP -ne 0 ]] && echo "$UNAM:x:$UGRP:" >>/etc/group
[[ $UGRP -ne 0 ]] && echo "$UNAM:x:$UGRP:" >>/etc/group.custom
sed -n -e "s,^root:,$UNAM:,p" < /etc/shadow >> /etc/shadow.custom

chmod 777 /tmp/home
ssh $UNAM@localhost "mkdir /home/$UNAM;touch /home/$UNAM/.profile && echo success"
# press return for the password prompt, you should see the word "success" reported

chmod 755 /tmp/home

nvram setfile2nvram /etc/passwd.custom
nvram setfile2nvram /etc/group.custom
nvram setfile2nvram /etc/shadow.custom
nvram setfile2nvram /home/$UNAM/.profile
nvram commit

# The following can also be accomplished by a reboot, or toggling on and off authenticated file sharing in the UI.

sed -i "/^$UNAM:/d" /etc/passwd
grep "^${UNAM}:" < /etc/shadow.custom >> /etc/shadow
grep "^${UNAM}:" < /etc/passwd.custom >> /etc/passwd

The username is "fred" and the usernumber is 200. You may create as many users as you want to, but each user should have a unique usernumber.

To create this user with a password that is the same as the current root password, omit the "#" character on the "#PSWD" line.

To create this user in the "root" group, omit the "#" character on the "#UGRP=0" line.

Tomato versions older than V5x are missing chown and have wrong file permissions on some system executable programs. In these versions both UNUM and UNUM might need to be 0 (zero) for the user to be able to log in and work correctly.

To set a password for the user, use the Tomato web GUI and change the password field to the desired password, click "save", run the above set of commands, then change the GUI password field back to the original value, and click "save" again. Note that subsequently changing the GUI password will not change the user's password. The user's password will always be the password that was in effect when the above "echo" command was executed. You can also cut & paste passwd and shadow entries from another linux box. The webpage can also be used to generate valid encrypted passwords.

These commands need only be done once for each custom username. Thereafter, the user will always be created every time the router boots up. To delete a user, edit /etc/passwd.custom and /etc/group.custom and delete the line with that username, then save them to nvram.

Unless otherwise stated, the content of this page is licensed under Creative Commons Attribution-ShareAlike 3.0 License