Thread Rating:
  • 1 Vote(s) - 5 Average
  • 1
  • 2
  • 3
  • 4
  • 5
[HOWTO] Persistent SSH Home Directories
#1
SSH with persistent user home directory guide

Disclaimer
This is an unofficial guide to SSH and setting up persistent user accounts on a Thecus NAS. It was made using a Thecus N4100PRO firmware version 5.03.02.8 so it may be quite different in other hardware and/or firmware versions. I'll try to explain each step so alternate decisions can be taken based on individual realities and/or necessities. If any ascpect of this guide is incorrect or needs further clarification please feel free to suggest a revision or point out and explain the mistakes. I'm not in any way responsible to any harm that can come to your hardware and/or data that can come from following this guide. I'm not a linux expert, only a hobbyist and this is my first guide.  Angel

Introduction
I'll consider a mostly default configuration of the NAS as a starting point. I'll not get into setting up the RAID itself, I'll only assume your RAID is correctly set and the data directory is mounted on /raid/data (which is actually symlinked to the real mount point /raid0/data). Since you can't verify that yet, we need to install the SSH module to be able to log into the NAS command line.

Download, install and activate the FajoSSHD module. At the time of writing this guide the latest version of the module was 1.09.02 containing openssh v7.1p1 and openssl 1.0.1p and could be found at FaJoSSHD (updated: V1.10.00 by outkastm)

Optional: Make the following changes to the FaJoSSHD configuration:

## (Multiple Port options are permitted.)
#Port 22
Port 10022

to

## (Multiple Port options are permitted.)
Port 22
#Port 10022

To access the SSH server at the default port configuration. This way you'll be able to access the NAS command line by entering the command:

ssh root@<NAS IP Address>
<enter your admin password>

If you want to leave this configuration untouched you'll access the NAS command line by entering the command:

ssh root@<NAS IP Address> -p 10022
<enter your admin password>

So now we are able to log into the NAS command line as the root user in the root user's home directory: /root.

Problems
The first thing everyone wants to do is to add files to the /root directory to customize root's shell experience. The first problem with this is that the /root directory is not persistent. With every reboot you will lose all the files you saved in /root. The reason this happens is that the /root directory is actually mounted on RAM so it gets erased with every reboot. You only have a few mount points available that are persistent, luckily there is one place that is persistent and (usually) has plenty of space: /raid/data (your RAID's data partition). The other problem is that you shouldn't mess around too much with the root user environment since the NAS correct operation depends on it. Additionaly I noticed that the root entry at the /etc/passwd file also gets reset with every reboot(I'm not exactly sure of this, maybe someone else can confirm).

The first problem we already have a solution: Let's put the root user home directory in /raid/data. The second problem is how to change the root user's home directory if the root entry on /etc/passwd gets reset with every reboot? Then I remebered that in the past we needed to install the SYSUSER module to actually be able to login as 'root' via SSH. This module would create a 'sys' user with the same id and privileges as root. So actually this approach solves two problems: Not being able to change the root user's home directory and also not mess around with the root's environment everytime the system runs any non-interactive scripts in the background.

We could configure the new user 'sys' to use a directory in /raid/data as home directory. To me setting this home directory inside /home sounds a lot saner. The problem with the /home directory is that it also gets recreated with every reboot. But what if we could link the /home/sys directory with the sys directory in /raid/data at boot time? Queue the META module. The META module runs any executable scripts inside a startup or shutdown directories of the module at respective NAS startup or shutdown. So install and activate the META module. At the time of this writing the META module's latest version was 2.00.02 and could be found at this Thecus Forum thread.

Solutions
Step 1: Create the 'sys' user home directory in /raid/data.

cd /raid/data
mkdir -p /home/sys

Step 2: Create an executable script to link /raid/data/home/sys to /home/sys in the startup directory in META.

cd /raid/data/module/META/system/etc/startup
vi link.sh

Create and save the script with the code below.

chmod 774 link.sh
exit

The link.sh script:
Code:
#!/bin/bash
# Script to link persistent directories to non-persistent directories

# Directory variables definitions
RHOME='/raid/data/home'
NHOME='/home'

# Link home directories
ln -sf $RHOME/sys $NHOME/sys

unset RHOME NHOME

Restart the NAS. SSH into root and check if the sys directory is present in /home.

Step 3: Create the 'sys' user and configure it's home directory.

You could use the SYSUSER module for this but I guess it's easier to use the command line. It took me a bit of time the get the right command for this since the password creation isn't really straighforward. Enter the command substituting "password" for the user's password:

useradd -u 0 -o -g 0 -d /home/sys -s /bin/bash -p "$(makepasswd -e shmd5 -p "password" | awk '{print $2}')" sys

Example:

useradd -u 0 -o -g 0 -d /home/sys -s /bin/bash -p "$(makepasswd -e shmd5 -p "admin" | awk '{print $2}')" sys

This will create a user 'sys' with uid '0', gid '0', home directory /home/sys, shell /bin/bash and password 'admin'.

In case you need to alter the password for 'sys':

usermod -p "$(makepasswd -e shmd5 -p "password" | awk '{print $2}')" sys

Or delete the 'sys' user altogether:

userdel sys

Conclusion
At this point you should be able to logout of root and log in as sys:

ssh sys@<NAS IP Address>
<enter 'sys' password>

Entering the command 'pwd' should return /home/sys. You can now save the sys user's configuration files and they will persist.

pwd
/home/sys

Additional Notes
To create a home directory for non-root users (users created on the NAS web interface) the procedure is similar:
Step 1: Create the user in the NAS web interface (Example user: 'thecus').
Step 2: SSH as root or sys user and create a home directory: /raid/data/home/thecus.
Step 3: Edit the META startup script to link /raid/data/home/thecus to /home/thecus.
Add the line: ln -sf $RHOME/thecus $NHOME/thecus to the #Link home directories section.
Logout and restart the NAS.
Step 4: SSH as root or sys user and modify the 'thecus' user home directory and login shell. Enter the command:
usermod -d /home/thecus -s /bin/bash thecus
Note: Without a login shell a normal user will not login, even with a correct password. 
Step 5: Logout and SSH in as thecus.

PS
I'll try to follow up with further configurations and customizations adding the ModBase1 module to this setup.

Screenshots
After adding your setup files you can get a more personal shell experience with your NAS command line. Even with an aging system like my Thecus N4100PRO.

SSH login welcome message (click for full size)
[Image: JWlBxjHm.png]

Editing Vim's .vimrc via SSH (click for full size)
[Image: two35z5m.png]

Dotfiles

For my dotfiles and instructions on how to install them, please visit my thecus-dotfiles repository on Github.
Note: My dotfiles assume you have the ModBase1 module installed.

REVISIONS:
- REV. 0.9.03 Beta - 2017-02-06 - Added a link to my dotfiles repository on Github.
- REV. 0.9.02 Beta - 2017-02-01 - Added some screenshots of my system after adding some configuration files.
- REV. 0.9.01 Beta - 2017-02-01 - Updated link to FaJoSSHD module and added note to Step 4 @ Additional Notes.
- REV. 0.9.00 Beta - 2017-01-30 - Initial post.
Reply


Forum Jump:


Users browsing this thread: 1 Guest(s)