Garz & Fricke GUF-Yocto-jethro-10.0-r7885-0 Скачать руководство пользователя страница 63 | Manualshive

Страница: 63 / 87

background image

GUF-Yocto-jethro-9.0-r7707-0

i.MX6

User Manual

Blocking root access

Linux offers the opportunity to disable the root-login for specific services like ssh, or the

serial console. Since the root login is is always a popular target for attackers this easy mechanism will decrease
the risk for those kinds of brute force attacks.

This can be done by setting the root account’s shell to /sbin/nologin in the /etc/passwd file:

root:x:0:0:root:/root:/sbin/nologin

...

Note:

Ensure that another user account with the posibility to gain super user (su) rights is created

before the root access is disabled. Otherwise, you might completely lose accessibility to the device.

10.2.2 Non root user

Normally a non root user should be used for "everyday tasks" on the system.

To create a non root user use the tool

adduser

:

root@santaro:~# adduser <user name>

Changing password for <user name>

Enter the new password (minimum of 5 characters)

Please use a combination of upper and lower case letters and numbers.

New password:<enter your secure password>

Re-enter new password:<enter your secure password>

passwd: password changed.

This creates a new user <user name> with group <user name> and the home directory /home/<user name>/.
The new user can be used to login immediately. See the man page of adduser for more options.

10.2.3 super user privileges for non root user

sudo

is a tool to allow non-root users to access single commands with root user privileges. If you disable login

for the root user this method could be used to do system tasks with a normal user’s account. To enable usages
of this feature, the group

sudo

should be enabled in the sudoer file and the user needs to be added to this group.

Edit the file /etc/sudoers with the command:

visudo

and uncomment the following line:

## Uncomment to allow members of group sudo to execute any command

%sudo

ALL=(ALL) ALL

This enables the sudo privilege for users in the group "sudo". To add a user to this group, execute the following
command:

usermod -G sudo -a user

Now it is possible to execute commands with root previleges when logged in as <user name>:

user@santaro:~$ cat /etc/sudoers

cat: can't open '/etc/sudoers': Permission denied

user@santaro:~$ sudo cat /etc/sudoers

Password:

## sudoers file.

##

## This file MUST be edited with the 'visudo' command as root.

## Failure to use 'visudo' may result in syntax or file permission errors

## that prevent sudo from running.

...

63

«
...
61
62
63
64
65
...
»

Содержание GUF-Yocto-jethro-10.0-r7885-0

Страница 1: ...Yocto User Manual GUF Yocto jethro 9 0 r7707 0 i MX6 Built on 18 08 2017...

Страница 2: ...ke is liable for any direct indirect special incidental or consequential damages arising out of use or resulting from non compliancy of therein conditions and precautions even if advised of the possib...

Страница 3: ...red configuration 18 4 1 9 Autocopy 18 4 1 10 Autostart 20 4 1 11 Cron 21 4 2 Utilities 22 4 2 1 Garz Fricke system configuration 22 4 2 2 Power down mode 24 4 2 3 Reboot Halt and Poweroff 24 4 2 4 Ke...

Страница 4: ...8 Building a Garz Fricke Yocto Linux system from source 55 8 1 General information about Garz Fricke Yocto Linux systems 55 8 2 Build requirements 55 8 3 Download and installation of the Garz Fricke...

Страница 5: ...bugging 65 11 1 7 Known issues 65 11 2 Simple command line application debugging 66 11 2 1 KDbg as simple GUI debug frontend 68 11 3 Qt application debugging 72 12 Related documents and online support...

Страница 6: ...MX6 as well as the build process of the Garz Fricke Linux BSP and the integration of custom software components The BSP can be downloaded from the Garz Fricke support server I http support garz fricke...

Страница 7: ...c parts of the Linux OS and several internal device and subsystem drivers 2 3 The root file system The root file system is simply a file system It contains the Linux file system hierarchy folders and...

Страница 8: ...n start the following Linux kernel image types zImage compressed image uImage compressed image with u boot header Image uncompressed image 2 5 Further information For readers who are not familar with...

Страница 9: ...http ecos sourceware org docs latest redboot redboot guide html Information about the Yocto Project can be found at I https www yoctoproject org Documentation of the Yocto Project can be found at I ht...

Страница 10: ...are two way to connect the serial console RS232 on Molex Micro Fit connector Virtual console over USB To use the RS232 connection connect the first RS232 port of your target system using to a COM por...

Страница 11: ...inished you will see the Linux login shell Garz Fricke Yocto BSP based on Poky VERSION santaro dev ttymxc0 santaro login You can log in as user root without any password by default 3 2 SSH console Usi...

Страница 12: ...x distribution To install the TFTP server under Debian based systems with apt the following command must be executed on the host system sudo apt get install xinetd tftpd tftp The TFTP server must be c...

Страница 13: ...system type root santaro tftp g 192 168 1 100 r myapp l usr bin myapp 3 5 Uploading files with SFTP You can exchange files between the host system and the target system using an SFTP Secure FTP clien...

Страница 14: ...l3 3 wait etc init d rc 3 l4 4 wait etc init d rc 4 l5 5 wait etc init d rc 5 l6 6 wait etc init d rc 6 As the comments in the file tell the first script to be run on boot is etc init d rcS which exe...

Страница 15: ...app remove update rc d etc init d myapp exists during rc d purge continuing Removing any system startup links for myapp etc rc0 d K20myapp etc rc1 d K20myapp etc rc2 d S20myapp etc rc3 d S20myapp etc...

Страница 16: ...b dbus bindings can be found at I http dbus freedesktop org doc dbus glib 4 1 3 SSH service The ssh service allows the user to log in on the target system Futhermore the SFTP and SCP functionalities a...

Страница 17: ...config files in one specific folder To reduce the security risk of a open remote service it is possible to restrict the ssh service access to the SFTP feature locking the user into for example his ho...

Страница 18: ...t simply looks which modules are listed in etc modules and loads them using sbin modprobe To ensure that the module loading works correctly the module dependencies in lib modules kernel ver sion modul...

Страница 19: ...ks with root santaro update rc d watchdog sh defaults The watchdog service is configured using the configuration file etc watchdog conf ping 172 31 14 1 ping 172 26 1 255 interface eth0 file var log m...

Страница 20: ...ocopy on a USB stick SD card or in the NAND flash will be copied to the root of the device resp its equivalent targets Non existing folders will be created automatically The autocopy mechanism include...

Страница 21: ...tion is still enabled by default if the XML configuration contains no explicit setting for this function To be able to configure each of the autojob functions individually you may have to install an X...

Страница 22: ...lready stated in I 4 1 9 Autocopy autocopy is executed before autostart The user may desire to autostart an application from a storage media with command line args In this case a start script can be p...

Страница 23: ...l your XML configuration probably doesn t contain explicit settings for the autojob functions yet Please install one of the provided XML configuration files as shown above The possible values of all a...

Страница 24: ...configured via dhcp_wlan ip_wlan etc If a WLAN AP configuration is present it may be configured via ssid_wlan proto_wlan and psk_wlan If the script is called with a setting as parameter the setting i...

Страница 25: ...se guest IP is obtained by DHCP root santaro sconfig dhcp_wlan on root santaro sconfig ssid_wlan GuestNet root santaro sconfig proto_wlan RSN root santaro sconfig psk_wlan guest Note The settings requ...

Страница 26: ...mmand root santaro echo mem sys power state The average time it takes to enter power down mode has been measured 364 5 ms last byte on UART RX until voltage drop on VDDSOC There are different possibil...

Страница 27: ...no user processes are running anymore and all data has been written back to storage media If you d like to e g turn off the display when the halt and poweroff commands are issued you may do so yourse...

Страница 28: ...ftp g r rb logolicense xml 192 168 1 100 root santaro xconfig import b rb logolicense xml Because the bootlogo has to be shown as early as possible the Linux kernel cannot wait until the file system i...

Страница 29: ...uld not be used too extensive due to the additional demand on system memory Closing these views is due to the web page s implemenation as well as implementing forward and backward functionality if nee...

Страница 30: ...1 shows how to configure the parameters of the progress bar To configure the progress bar a configuration file needs to be created root santaro touch etc progress_bar conf Calling root santaro nano et...

Страница 31: ...nd emails from the device The sendmail tool is based on busybox and has no configuration files Everything is passed via command line The mail is passed using stdin For a simple test the following can...

Страница 32: ...ns for GUF Yocto jethro 9 0 r7707 0 cups debug qt and gpu examples Install add on using the script add ons install cups Remove add on using the script Deinstallation of an add on works with the add on...

Страница 33: ...t it will work with CUPS on Yocto However Garz Fricke cannot guarantee support for any given printer except for those listed in the release notes 5 1 1 Installation The CUPS add on is installed as des...

Страница 34: ...lgrind quick start guide is located at I http valgrind org docs manual QuickStart html The default instrumentation performs a memory check As an example we inspect the bin true executable valgrind bin...

Страница 35: ...s located at I http www ex parrot com pdw iftop The tool presents an interactive user interface started with the following command to stop the tool hit Q iftop tcpdump tcpdump is a command line packet...

Страница 36: ...the Garz Fricke hardware platforms include a dedicated connector with isolated digital I O pins On these pins the direction cannot be changed since it is determined by the wiring Thus the direction f...

Страница 37: ...85_half_duplex_mode struct serial_rs485 rs485 int fd Open port fd open dev ttymxc2 O_RDWR O_SYNC Enable RS485 half duplex mode rs485 flags SER_RS485_ENABLED SER_RS485_RTS_ON_SEND ioctl fd TIOCSRS485 r...

Страница 38: ...d The actual pin mapping is described in the hardware guide for your device There are three available functions GPIO keypad gpio All pins are available as gpios You can access them in usermode using t...

Страница 39: ...x spi spidev h Note If spidev is used to access the SPI bus directly the user is responible for keeping the interoper ability consistent with all other SPI devices that are controlled by the Linux ker...

Страница 40: ...NOT work on Garz Fricke Linux systems root santaro ip link set can0 type can bitrate 125000 root santaro ifconfig can0 up As already stated above CAN messages can be sent through the BSD Socket API T...

Страница 41: ...latforms per default support the following devices USB Mass Storage USB Keyboard There are many more device drivers available in the Linux kernel They are not activated by default because Garz Fricke...

Страница 42: ...ork across all platforms since the file otg_id_pin_emulation exists in only one of these paths Note We are not liable for system instability or hardware damages if the software emulation does not corr...

Страница 43: ...d or a USB mass storage device already contains a file system when it is plugged into the device it is mounted automatically by the udev service SD card partitions are mounted to mount point media mmc...

Страница 44: ...re from user applications or the console Please refer to the official ALSA webpage for a full documentation I http www alsa project org For a quick start here are three short examples of how to play r...

Страница 45: ...ad from the EDID but the X Server will use the resolution configured via xml 6 17 2 HDMI as secondary display The HDMI output can also be used as secondary display This mode is automatically selected...

Страница 46: ...per value upper margin in pixel lines lower value lower margin in pixel lines hslen value horizontal sync length in pixels vslen value vertical sync length in pixel lines Display flags accel value har...

Страница 47: ...ant generally uses the configuration in etc wpa_supplicant conf However on Garz Fricke systems there is a service called sharedconf as described in I 4 1 8 Garz Fricke shared configuration that genera...

Страница 48: ...amd64 other destributions might work but 32bit systems will not In that case you have to build the sdk yourself using the bsp as described in I 8 4 Building the BSP for the target platform I http supp...

Страница 49: ...o the target system s usr bin directory using one of the ways described in chapter I 3 Accessing the target system and execute it from the device shell It might be necessary to change the access right...

Страница 50: ...iguring Qt Creator To use Qt with the cross toolchain shipped with the Garz Fricke BSP the Qt version must be set up properly Furthermore the device configuration for automatic deployment must be set...

Страница 51: ...left pane of the dialog open the Devices view Add a new Generic Linux Device and configure IP and credentials according to your target settings The IP address depends on the configuration factory defa...

Страница 52: ...the version the Qt Versions section It should be set to opt guf GUF Yocto jethro 9 0 r7707 0 sdk sysroots x86_64 gufsdk linux usr bin qt5 qmake as seen in I Figure 12 Figure 12 Qt Creator Qt Versions...

Страница 53: ...t Quick Application The application will be the default sample application that comes with the Qt Creator IDE To create a new project select File New File or Project Make sure that in the top right co...

Страница 54: ...ld now For further information on how to use Qt Creator and how to program Qt applications see the online Qt documen tation I http qt project org doc qtcreator 3 0 index html I http qt project org doc...

Страница 55: ...sh etc profile d tslib sh f etc profile d qt5 touch config sh etc profile d qt5 touch config sh export DISPLAY 0 case 1 in start We don t want this script to block the rest of the boot process if 2 b...

Страница 56: ...GUF Yocto jethro 9 0 r7707 0 i MX6 User Manual root santaro update rc d f qt guf demo remove After system reboot your application will start automatically 56...

Страница 57: ...d in the BSP release notes under Software Dependencies The official Yocto documentation lists which packages have to be installed in order to be able to compile a Yocto image I https www yoctoproject...

Страница 58: ...online in the OpenEmbedded Bitbake Manual I http www yoctoproject org docs 2 0 bitbake user manual bitbake user manual html Yocto builds the images from build descriptions called recipes The recipe to...

Страница 59: ...command is permanent i e the next boot of the device will start Flash N Go System again until the bootmode is set back to regular operation FLASH N GO bootselect regular Alternatively the bootmode can...

Страница 60: ...stall sh tmp a sh sh tmp a sh The above command loads the fng install sh script from your TFTP server to the tmp directory of the Flash N Go System and executes it from there During execution of the s...

Страница 61: ...rver directory FLASH N GO export TFTP 192 168 1 100 curl tftp TFTP fng install sh tmp a sh sh tmp a sh Image my logo png Note Be aware that the boot logo needs a license either embedded into logo itse...

Страница 62: ...t there are more hints on securing the ssh service in the chapter I 4 1 3 SSH service It is possible to restrict the users allowed using this service lock a sftp access to a subfolder only and create...

Страница 63: ...assword changed This creates a new user user name with group user name and the home directory home user name The new user can be used to login immediately See the man page of adduser for more options...

Страница 64: ...ser permissions concept should solve this issue The bootmode switch should be secured with restricing physical access by the mechanical construction If this is impossible it is possible to disable the...

Страница 65: ...e firewall root santaro iptables F 10 5 2 Using secure network protocols We strongly recommend the usage of secure network protocols E g HTTPS instead of HTTP FTPS instead of FTP or SSH instead of tel...

Страница 66: ...rce code on the target device since it is not needed for normal operation and would consume a lot of disk space 11 1 3 Optimization compiler flags destroy high level language code stepping Optimizatio...

Страница 67: ...code vs kernel code debugging As already stated above the kernel is treated differently with respect to debugging Apart from the already explained different debug agents to use kernel debugging requi...

Страница 68: ...RIP clean rm f myapp o bak Since the code is debugged with O2 optimization the debugger can t cleanly relate object code to high level source lines That will result in problems on high level language...

Страница 69: ...nd assures that the debugger can access all SDK source codes that are eventually accessed by the debug session e g setpping into a library call Every source path found in the specified directory is pa...

Страница 70: ...tack gdb bt 0 main argc 1 argv 0x7efffe14 at main cpp 7 Show the contents of a variaable or more complex data type gdb p argv 1 0x7effff05 tmp myapp Step over gdb n 8 return 0 List code gdb l 3 using...

Страница 71: ...ptions dialog Set up How to invoke GDB in the dialog as shown in I Figure 19 as follows arm guf linux gnueabi gdb iex set sysroot opt guf GUF Yocto jethro 9 0 r7707 0 sdk sysroots imx6guf guf linux gn...

Страница 72: ...y ssh root 172 20 55 89 gdbserver 2345 tmp myapp Start KDbg again with connecting to target device with the follwoing command out of the myapp directory kdbg r 172 20 55 89 myapp The KDbg opens again...

Страница 73: ...as shown in I Figure 21 Figure 22 KDbg breakpoint setup Now a breakpoint can be set by right clicking on the deired instruction as shown in I Figure 22 Figure 23 KDbg run command By selecting Executi...

Страница 74: ...tp www kdbg org manual 11 3 Qt application debugging Based on the Qt Creator setup discussed in I 7 4 Using the Qt Creator IDE this chapter demonstate a simple Qt Widget application debugging session...

Страница 75: ...ator new project creation Create a new project through File New file or project as shown in I Figure 25 Figure 26 Qt Creator Qt Widget Application project type selection Select Qt Widgets Application...

Страница 76: ...evelopment kit that was created and configured in I 7 4 2 Developing with Qt Creator as shown in I Figure 28 Figure 29 Qt Creator project main class information Leave the default widget class creation...

Страница 77: ...es to myqtapp pro to set up the installation path of the myqtapp application linux target path tmp INSTALLS target as shown in I Figure 31 We select tmp here Figure 32 Qt Creator custom remote command...

Страница 78: ...wn in I Figure 33 to make sure that the automatically Garz Fricke demo is stopped if it s running From I Figure 33 we can further see that the remote installation directory we set up previously is now...

Страница 79: ...35 Qt Creator debug start and breakpint hit Finally debugging can be started s shown in I Figure 35 For more information about Qt Creator debugging consult the debugging part of the reference manual...

Страница 80: ...em User Manual GF_Flash N Go_Manual version pdf Contains relevant information about the BIOS boot logo display settings etc in the case that Flash N Go Boot is used as the bootloader Red Boot User Man...

Страница 81: ...ion and ours we want to make certain that everyone understands that there is no warranty for this free software If the software is modified by someone else and passed on we want its recipients to know...

Страница 82: ...based on the Program on a volume of a storage or distribution medium does not bring the other work under the scope of this License 3 You may copy and distribute the Program or a work based on it unde...

Страница 83: ...system in reliance on consistent application of that system it is up to the author donor to decide if he or she is willing to distribute software through any other system and a licensee cannot impose...

Страница 84: ...eral Public License as published by the Free Software Foundation either version 2 of the License or at your option any later version This program is distributed in the hope that it will be useful but...

Страница 85: ...it incorporating your program into proprietary programs If your pro gram is a subroutine library you may consider it more useful to permit linking proprietary applications with the library If this is...

Страница 86: ...Operating System OS Type Yocto Linux OS Distribution Version 2 0 Jethro OS Release Version jethro 9 0 r7707 0 B 2 Bootloader Bootloader Type Flash N Go Boot Bootloader Revision 9 0r3476 B 3 Boot Logo...

Страница 87: ...not available RPC sunrpc portmapper 111 X SNMP Server 161 not available OpenVPN 1194 UDP CUPS 631 X11 6000 X B 7 Display The display orientation of the device is by default landscape The most connecto...

Отзывы:

Нет отзывов

Похожие инструкции для GUF-Yocto-jethro-10.0-r7885-0

Бренд: Daikin Страницы: 20

Бренд: EUROCOM Страницы: 1

Бренд: DIVERSIFIED WOODCRAFTS Страницы: 18

Бренд: TES Страницы: 45

Бренд: Knoll Страницы: 2

Бренд: ESI Страницы: 8

Бренд: Biostar Страницы: 58

eon 5000 Series

Бренд: Neoware Страницы: 40

Бренд: Supermicro Страницы: 109

Бренд: JVC Страницы: 57

OptiPlex 5070 Micro

Бренд: Dell Страницы: 34

Бренд: NovaSail Страницы: 32

Бренд: MITS Страницы: 158

Бренд: G-Wiz Страницы: 50

Бренд: Uninet Страницы: 20

Бренд: PerfecTron Страницы: 7

Бренд: Keter Страницы: 2

Slimtop PCV-LX810

Бренд: VAIO Страницы: 8

Бренды по названию

0 1 2 3 4 5 6 7 8 9 A B C D E F G H I J K L M N O P Q R S T U V W X Y Z

Популярные бренды

Загрузить еще бренды