Does the GPL license include the disclosure of the root password?

I am an OpenWrt newcomer and have no idea about licensing rights, etc., but have the following question:
I bought this device from a well-known German manufacturer of electrical installation technology. The license conditions and source code is duly published or made available for download.
My question about the root password was denied: "... Unfortunately, we are unable to provide you with the root password for this device and are not obliged to do so under the open source license ..."
So my question is: Is the provider right?

Best regards

Black Senator

If you want a definitive answer, it will be "ask a lawyer", specialized for licensing questions in your jurisdiction.

Perhaps reading up on the term Tivoization in relation to the GPLv2 can help you spend some time until then.

For example when you install OpenWrt the root account has no password, it is only after installation that a password is set.

So the source code they have provided is most likely what they built with and is all you are going to receive. Manufacturers take care not to leak or contaminate source code during development.

It is easy for the manufacturer to set a password during manufacturing and testing of the device and that is not covered by GPL.

Also the passwd file doesn't specifically have any license attached to it. It has existed way before openwrt or Linux have existed in any case.

1 Like

Of course, I had already looked through the source code and had stumbled across the passwd file - and found a hash value for root.

Now simply asked: if I change the passwd file accordingly (delete hash for root) and then recompile ... then the access should be open - or not?

Unfortunately, I do not know which processor is installed in the device. In the published binary firmware I found in the header "MIPS OpenWrt Linux-3.10.49".

Sadly, I am not really familiar with such operations - and the effort is not really worth it...
But ..., the only challenge that strikes me is the fact that companies still lock up their systems and think open hardware would be just a nonsense requirement.

you are mixing things up. that is the most basic security feature, not any kind of 'lockup'

Oh, i assumed you needed the password to login to the OEM stock firmware,

However if your just building your own

Just delete the hash from the shadow file for root like this

I don´t think so: If that is your opinion, then why in openwrt the root password by dafault set to blank?

Because it is safer to have a blank password which the user sets on first use than to have a default password that they never change.


why in openwrt wifi is off by default? try to relate it to the passwd issue!

1 Like