OK, I feel a little silly but maybe there is a non-obvious reason for this behaviour....

I created a non-root user by adding an entry in /etc/passwd, and then ran passwd to set the password on the account.

rec_654:$1$lF$svz1b2jrAFuEpJuVSgXud/:499:100::/home/rec_654:/bin/ash

Then, I created /home/{username} and chown'ed it to that user.

I cannot, however, log in as that user with ssh.  The connection is immediately terminated.  Here is the tail of logread that shows it happening.  (I deliberately logged in once wrong as a sanity check)

Dec 16 12:18:46 (none) kern.info dropbear[991]: Child connection from 192.168.173.22:5276
Dec 16 12:18:56 (none) kern.warn dropbear[991]: bad password attempt for 'rec_654' from 192.168.173.22:5276
Dec 16 12:19:24 (none) kern.notice dropbear[991]: password auth succeeded for 'rec_654' from 192.168.173.22:5276
Dec 16 12:19:24 (none) kern.info dropbear[991]: exit after auth (rec_654): Exited normally

Is there some other thing I need to do to make it possible to add accounts which can log in to the router?

The following works for me:

echo "test_user:*:499:100:users:/home/test_user:/bin/ash" >> /etc/passwd
echo "users:x:100:" >> /etc/group

mkdir -p /home/test_user
chown test_user.users /home/test_user
passwd test_user

test_user@OpenWrt:~$ ls -al
drwxr-xr-x    1 test_use users           0 Dec 16 19:40 .
drwxr-xr-x    1 root     root            0 Dec 16 19:40 ..
test_user@OpenWrt:~$ touch /test.txt
touch: /test.txt: Permission denied
test_user@OpenWrt:~$ touch test.txt
test_user@OpenWrt:~$ ls -al
drwxr-xr-x    1 test_use users           0 Dec 16 19:50 .
drwxr-xr-x    1 root     root            0 Dec 16 19:40 ..
-rw-r--r--    1 test_use users           0 Dec 16 19:50 test.txt
test_user@OpenWrt:~$ pwd
/home/test_user
test_user@OpenWrt:~$

logread:

Dec 16 19:42:24 (none) kern.info dropbear[2504]: exit after auth (test_user): Exited normally
Dec 16 19:43:29 (none) kern.info dropbear[2744]: Child connection from 192.168.178.116:3557
Dec 16 19:43:30 (none) kern.notice dropbear[2744]: password auth succeeded for 'test_user' from 192.168.178.116:3557
Dec 16 19:46:37 (none) kern.info dropbear[2744]: exit after auth (test_user): Exited normally
Dec 16 19:46:38 (none) kern.info dropbear[2751]: Child connection from 192.168.178.116:3582
Dec 16 19:46:39 (none) kern.notice dropbear[2751]: password auth succeeded for 'test_user' from 192.168.178.116:3582

To add the adduser, deluser, addgroup, delgroup and su commands you have to reconfigure (menuconfig) and rebuild the busybox package.

And remember: OpenWrt was never designed to be a multi-user system...

(Last edited by forum2006 on 16 Dec 2006, 20:51)

wish I could say that worked for me.  It is nearly the same steps I went through.  Odd.  I wonder if it's an RC6 thing?  Are you on RC6?

It's a standard post-RC6 build. Revision 5755.

But I have webif^2 r1828 installed. No idea if this makes any difference...

ziggurat29, did you add an entry in /etc/group?  that is one thing I don't see in your list of things done, but is in forum2006's.

Alas, yes, I had the /etc/group entry (oversight in my original post).  Thanks for the feedback and at least I know I'm not insane.  Maybe some odd interaction with packages I installed along the way.  If I get some free time, I may back it all up, flash virgin and try rebuilding to see when it breaks.  Whee!

I have a basically virgin RC6 on a wrt54gl and the commands from forum2006 worked for me.  I get the "exit auth" message after I manually log out as test_user, so it seems like something is causing the session or shell to exit immediatly.

good luck

Just so you know, nothing in webif^2 should affect the ability to use multiple users like you are trying to do. For those who want to do such a thing, you might even consider the pre-built OpenWrt images on the X-Wrt ftp site, since the Busybox included in it has all the user/group managment utilities you might want (adduser, addgroup, su, chown, etc..).

check for this

. Mine was bin/sh which does not work.

Don't forget:
If you want to allow other shells for SSH, then you have to add them to /etc/shells too.

Example:
A script that just waits for ENTER to keep the tunnels open but without a real shell.
To close the session the user has just to hit the ENTER key.

#!/bin/sh
read answer

Regards
Maddes

This is working fine in 8.0.9 dropbear.
Here's the way I setup an guest account with shell access, plus preparation for users without shell:

  NEWGROUP='guest:x:1000:'
  grep -e "${NEWGROUP}" /etc/group >/dev/null || echo "${NEWGROUP}" >>/etc/group

  NEWUSER='guest:!:1000:1000:guest:/home/guest:/bin/ash'
  grep -e "${NEWUSER}" /etc/passwd >/dev/null || echo "${NEWUSER}" >>/etc/passwd

  NEWHOME='/home/guest'
  mkdir -p ${NEWHOME}/.ssh
  touch ${NEWHOME}/.ssh/authorized_keys
  chown -R guest:guest ${NEWHOME}
  chmod u=rwx,go= ${NEWHOME} ${NEWHOME}/.ssh
  chmod u=rw,go= ${NEWHOME}/.ssh/*

  NEWSHELL='/bin/false'
  grep -e "${NEWSHELL}" /etc/shells >/dev/null || echo "${NEWSHELL}" >>/etc/shells

The grep check avoids duplicate entries.

(Last edited by maddes.b on 3 Apr 2010, 16:40)