1.1根文件系统树的制作
[tfz@centos rootfs]$ cd /opt/
[tfz@centos opt]$ lsbuildroot-2012.08
[tfz@centos opt]$ mkdir rootfs
[tfz@centos opt]$ cd rootfs/
[tfz@centos rootfs]$ ls
[tfz@centos rootfs]$ mkdir -p {apps,bin,data,dev,info,proc,root,sbin,sys,tmp,var,etc/{,init.d,dropbear},mnt/{,usb,sdc,nfs,dev},usr/{,bin,sbin,lib,share},lib/{,modules/{,3.0.0}}}
[tfz@centos rootfs]$ ls
apps bin data dev etc info lib mnt proc root sbin sys tmp usr var
[tfz@centos rootfs]$
[tfz@centos rootfs]$ tree -L 3
.
├── apps //挂载Application所在分区用的目录
├── bin
├── data //挂载date分区所在目录
├── dev
├── etc
│?? ├── dropbear //dropbear ssh server 依赖的文件
│?? └── init.d //系统启动初始化脚本
├── info //挂载info分区所在目录
├── lib //动态库所存放目录
│?? └── modules //insmod时,依赖/lib/modules/内核版本目录
│?? └── 3.0.0 //自定义的将Linux驱动放到该目录下,目录名对应内核版本号
├── mnt //设备分区在运行时的一些挂载点
│?? ├── dev //保留备用
│?? ├── nfs //nfs挂载点
│?? ├── sdc //sd卡挂载点
│?? └── usb //u盘挂载点
├── proc //proc文件挂载点
├── root //root用户目录
├── sbin
├── sys //sys文件系统挂载点
├── tmp //tmpfs文件系统挂载点
├── usr
│?? ├── bin
│?? ├── lib //用户程序动态库放在这里
│?? ├── sbin
│?? └── share
└── var
27 directories, 0 files
1.2 dev目录下创建设备文件
因为内核挂载完文件系统后,init进程需要用到/dev/console和/dev/null这两个设备文件来调用mdev构建dev,所以必须在制作文件系统时静态创建这两个设备文件,否则在系统启动时将提示 Warming:uable to open an initial console
[tfz@centos rootfs]$ sudo mknod -m666 dev/null c 1 3
[tfz@centos rootfs]$ sudo mknod -m666 dev/console c 5 1
[tfz@centos rootfs]$ sudo mknod -m666 dev/ttyS0 c 4 64
[tfz@centos rootfs]$ sudo mknod -m666 dev/ttySAC0 c 4 64
[tfz@centos rootfs]$ sudo mknod dev/mtdblock0 b 31 0
[tfz@centos rootfs]$ sudo mknod dev/mtdblock1 b 31 1
[tfz@centos rootfs]$ sudo mknod dev/mtdblock2 b 31 2
[tfz@centos rootfs]$ sudo mknod dev/mtdblock3 b 31 3
[tfz@centos rootfs]$ sudo mknod dev/mtdblock4 b 31 4
[tfz@centos rootfs]$ sudo mknod dev/mtdblock5 b 31 5
[tfz@centos rootfs]$ sudo mknod dev/mtdblock6 b 31 6
[tfz@centos rootfs]$ sudo mknod dev/mtdblock7 b 31 7
[tfz@centos rootfs]$ sudo mknod dev/mtdblock8 b 31 8
[tfz@centos rootfs]$ sudo mknod dev/mtdblock9 b 31 9
[tfz@centos rootfs]$ ls -l dev/
总用量 0
crw-rw-rw- 1 root root 5, 1 8月 3 13:13 console
brw-r--r-- 1 root root 31, 0 8月 3 13:14 mtdblock0
brw-r--r-- 1 root root 31, 1 8月 3 13:14 mtdblock1
brw-r--r-- 1 root root 31, 2 8月 3 13:14 mtdblock2
brw-r--r-- 1 root root 31, 3 8月 3 13:14 mtdblock3
brw-r--r-- 1 root root 31, 4 8月 3 13:14 mtdblock4
brw-r--r-- 1 root root 31, 5 8月 3 13:14 mtdblock5
brw-r--r-- 1 root root 31, 6 8月 3 13:14 mtdblock6
brw-r--r-- 1 root root 31, 7 8月 3 13:14 mtdblock7
brw-r--r-- 1 root root 31, 8 8月 3 13:14 mtdblock8
brw-r--r-- 1 root root 31, 9 8月 3 13:15 mtdblock9
crw-rw-rw- 1 root root 1, 3 8月 3 13:13 null
crw-rw-rw- 1 root root 4, 64 8月 3 13:13 ttyS0
crw-rw-rw- 1 root root 4, 64 8月 3 13:13 ttySAC0
[tfz@centos rootfs]$
1.3 var目录下创建符号链接文件
[tfz@centos rootfs]$ ln -s /tmp var/lock
[tfz@centos rootfs]$ ln -s /tmp var/log
[tfz@centos rootfs]$ ln -s /tmp var/run
[tfz@centos rootfs]$ ln -s /tmp var/tmp
[tfz@centos rootfs]$ ls -l var/
总用量 0
lrwxrwxrwx 1 tfz tfz 4 8月 3 13:15 lock -> /tmp
lrwxrwxrwx 1 tfz tfz 4 8月 3 13:16 log -> /tmp
lrwxrwxrwx 1 tfz tfz 4 8月 3 13:16 run -> /tmp
lrwxrwxrwx 1 tfz tfz 4 8月 3 13:16 tmp -> /tmp
[tfz@centos roofs]$
1.4 拷贝交叉编译器中的动态库到相应的目录下
[tfz@centos rootfs]$ cd ../buildroot-2012.08/arm920t/usr/
[tfz@centos usr]$ find -iname "*.so"
./lib/libltdl.so
./lib/libmpc.so
./lib/libgmp.so
./lib/libmpfr.so
./arm-unknown-linux-uclibcgnueabi/lib/libgcc_s.so
./arm-unknown-linux-uclibcgnueabi/sysroot/usr/lib/librt.so
./arm-unknown-linux-uclibcgnueabi/sysroot/usr/lib/libm.so
./arm-unknown-linux-uclibcgnueabi/sysroot/usr/lib/libnsl.so
./arm-unknown-linux-uclibcgnueabi/sysroot/usr/lib/libdl.so
./arm-unknown-linux-uclibcgnueabi/sysroot/usr/lib/libresolv.so
./arm-unknown-linux-uclibcgnueabi/sysroot/usr/lib/libcrypt.so
./arm-unknown-linux-uclibcgnueabi/sysroot/usr/lib/libc.so
./arm-unknown-linux-uclibcgnueabi/sysroot/usr/lib/libutil.so
./arm-unknown-linux-uclibcgnueabi/sysroot/usr/lib/libpthread.so
./arm-unknown-linux-uclibcgnueabi/sysroot/lib/libutil-0.9.33.2.so
./arm-unknown-linux-uclibcgnueabi/sysroot/lib/librt-0.9.33.2.so
./arm-unknown-linux-uclibcgnueabi/sysroot/lib/libm-0.9.33.2.so
./arm-unknown-linux-uclibcgnueabi/sysroot/lib/libcrypt-0.9.33.2.so
./arm-unknown-linux-uclibcgnueabi/sysroot/lib/libdl-0.9.33.2.so
./arm-unknown-linux-uclibcgnueabi/sysroot/lib/libresolv-0.9.33.2.so
./arm-unknown-linux-uclibcgnueabi/sysroot/lib/libpthread-0.9.33.2.so
./arm-unknown-linux-uclibcgnueabi/sysroot/lib/libnsl-0.9.33.2.so
./arm-unknown-linux-uclibcgnueabi/sysroot/lib/ld-uClibc-0.9.33.2.so
./arm-unknown-linux-uclibcgnueabi/sysroot/lib/libuClibc-0.9.33.2.so
[tfz@centos usr]$
[tfz@centos arm920t]$ find -iname "*.so"
./usr/lib/libltdl.so
./usr/lib/libmpc.so
./usr/lib/libgmp.so
./usr/lib/libmpfr.so
./usr/arm-unknown-linux-uclibcgnueabi/lib/libgcc_s.so
./usr/arm-unknown-linux-uclibcgnueabi/sysroot/usr/lib/librt.so
./usr/arm-unknown-linux-uclibcgnueabi/sysroot/usr/lib/libm.so
./usr/arm-unknown-linux-uclibcgnueabi/sysroot/usr/lib/libnsl.so
./usr/arm-unknown-linux-uclibcgnueabi/sysroot/usr/lib/libdl.so
./usr/arm-unknown-linux-uclibcgnueabi/sysroot/usr/lib/libresolv.so
./usr/arm-unknown-linux-uclibcgnueabi/sysroot/usr/lib/libcrypt.so
./usr/arm-unknown-linux-uclibcgnueabi/sysroot/usr/lib/libc.so
./usr/arm-unknown-linux-uclibcgnueabi/sysroot/usr/lib/libutil.so
./usr/arm-unknown-linux-uclibcgnueabi/sysroot/usr/lib/libpthread.so
./usr/arm-unknown-linux-uclibcgnueabi/sysroot/lib/libutil-0.9.33.2.so
./usr/arm-unknown-linux-uclibcgnueabi/sysroot/lib/librt-0.9.33.2.so
./usr/arm-unknown-linux-uclibcgnueabi/sysroot/lib/libm-0.9.33.2.so
./usr/arm-unknown-linux-uclibcgnueabi/sysroot/lib/libcrypt-0.9.33.2.so
./usr/arm-unknown-linux-uclibcgnueabi/sysroot/lib/libdl-0.9.33.2.so
./usr/arm-unknown-linux-uclibcgnueabi/sysroot/lib/libresolv-0.9.33.2.so
./usr/arm-unknown-linux-uclibcgnueabi/sysroot/lib/libpthread-0.9.33.2.so
./usr/arm-unknown-linux-uclibcgnueabi/sysroot/lib/libnsl-0.9.33.2.so
./usr/arm-unknown-linux-uclibcgnueabi/sysroot/lib/ld-uClibc-0.9.33.2.so
./usr/arm-unknown-linux-uclibcgnueabi/sysroot/lib/libuClibc-0.9.33.2.so
[tfz@centos arm920t]$ cd /opt/roofs/
[tfz@centos rootfs]$ ls
apps bin data dev etc info lib mnt proc root sbin sys tmp usr var
[tfz@centos rootfs]$ cp -af /opt/buildroot-2012.08/arm920t/usr/lib/*.so* lib/
[tfz@centos rootfs]$ ls lib/
libgmp.so libltdl.so libmpc.so libmpfr.so modules
libgmp.so.10 libltdl.so.7 libmpc.so.2 libmpfr.so.4
libgmp.so.10.0.5 libltdl.so.7.2.2 libmpc.so.2.0.0 libmpfr.so.4.1.1
[tfz@centos rootfs]$ cp -af /opt/buildroot-2012.08/arm920t/usr/arm-unknown-linux-uclibcgnueabi/sysroot/usr/lib/*.so* lib/
[tfz@centos rootfs]$ ls lib/
libcrypt.so libgmp.so libltdl.so libmpc.so libmpfr.so libm.so libresolv.so modules
libc.so libgmp.so.10 libltdl.so.7 libmpc.so.2 libmpfr.so.4 libnsl.so librt.so
libdl.so libgmp.so.10.0.5 libltdl.so.7.2.2 libmpc.so.2.0.0 libmpfr.so.4.1.1 libpthread.so libutil.so
[tfz@centos rootfs]$ cp -af /opt/buildroot-2012.08/arm920t/usr/arm-unknown-linux-uclibcgnueabi/lib/*.so* lib/
[tfz@centos rootfs]$ cp -af /opt/buildroot-2012.08/arm920t/usr/arm-unknown-linux-uclibcgnueabi/sysroot/lib/*.so* lib/
[tfz@centos rootfs]$
1.5 etc目录下创建一些文件
1.5.1 创建inittab文件
[tfz@centos rootfs]$ cd etc/
[tfz@centos etc]$ ls
dropbear init.d
[tfz@centos etc]$ vim inittab
1 # /etc/inittab
3 # Copyright (C) 2015 tfz <>
4 #
5 # Note: BusyBox init doesn't support runlevels. The runlevels field is
6 # completely ignored by BusyBox init. If you want runlevels, use sysvinit.
7 #
8 # Format for each entry: <id>:<runlevels>:<action>:<process>
9 #
10 # id == tty to run on, or empty for /dev/console.
11 # If specified, then /dev/$id device must exist
12 # runlevels == ignored, busybox doesn't support it
13 # action == one of sysinit, respawn, askfirst, wait, and once
14 # process == program to run
15 # Startup the system
16 # mount all the file systems specified in /etc/fstab
17 ::sysinit:/bin/mount -a
18
19 #Use mdev as hotplug to auto mount USB storage or SD card
20 ::sysinit:/bin/echo /sbin/mdev > /proc/sys/kernel/hotplug
21
22 #Use mdev to auto generate the device node in /dev path
23 ::sysinit:/sbin/mdev -s
24
25 #make shm, pts support
26 ::sysinit:/bin/mkdir -p /dev/pts
27 ::sysinit:/bin/mkdir -p /dev/shm
28 ::sysinit:/bin/mount -t devpts devpts /dev/pts
29
30 #Mount our apps/info partition
31 null::wait:/bin/mount -o sync,noatime,ro -t jffs2 /dev/mtdblock6 /apps
32 null::wait:/bin/mount -o sync,noatime,ro -t jffs2 /dev/mtdblock7 /info
33
34 #Set hostname
35 null::sysinit:/bin/hostname -F /etc/hostname
36
37 #Enable console logon
38 null::respawn:/sbin/getty -L ttyS0 115200 vt100
39
40 # now run any rc scripts
41 null::wait:/etc/init.d/rcS
42
43 # system daemon
44 null::respawn:/sbin/syslogd -n
45 null::respawn:/sbin/klogd -n
46
47 # Stuff to do before rebooting
48 null::shutdown:/bin/umount /apps
49 null::shutdown:/bin/umount /info
50 null::shutdown:/bin/killall klogd
51 null::shutdown:/bin/killall syslogd
52 null::shutdown:/bin/umount -a -r
53 #null::shutdown:/sbin/swapoff -a
1.5.2 创建/etc/init.d/rcS脚本
[tfz@centos etc]$ vim init.d/rcS
1 #!/bin/sh
2
3
4 # Copyright (C) 2011 tfz <>
5 # Start all init scripts in /etc/init.d
6 # executing them in numerical order.
7 #
8
9 for i in /etc/init.d/S??* ; do
10 $i
11 done
1.5.3 配置网卡的启动脚本
[tfz@centos etc]$ vim init.d/S01_network
+ i/S01_network ____________________________________________________________________
1 #!/bin/sh
2
3
4 ifconfig eth0 192.168.1.33 netmask 255.255.255.0 up
1.5.4 创建支持/apps/etc/目录下的启动脚本
[tfz@centos etc]$ vim init.d/S99_rcsApp
+ i/S99_rcsApp _____________________________________________________________________
1 #!/bin/sh
2
3 # Copyright (C) 2011 fulinux <fulinux@gmail.com>
4 #
5 # Start all init scripts in /apps/etc/init.d
6 # executing them in numerical order.
7 #
8 if (test -d /apps/etc/init.d)
9 then
10 for i in /apps/etc/init.d/S??* ; do
11 $i
12 done
13 fi
1.5.5 修改Init.d目录下的文件权限
[tfz@centos etc]$ chmod 777 init.d/*
[tfz@centos etc]$ ll init.d/
总用量 12
-rwxrwxrwx 1 tfz tfz 202 8月 3 13:43 rcS
-rwxrwxrwx 1 tfz tfz 64 8月 3 13:46 S01_network
-rwxrwxrwx 1 tfz tfz 244 8月 3 13:48 S99_rcsApp
[tfz@centos etc]$
1.5.6 创建fstab文件
[tfz@centos etc]$ vim fstab
+ fstab ____________________________________________________________________________
1 # /etc/fstab: static file system information.
2 # Copyright (C) 2015 tfz <>
3 #
4 #<File system> <mount pt> <type> <options> <dump> <pass>
5 #devpts /dev/pts devpts defaults 0 0
6 #/dev/root / ext2 rw,noauto 0 1
7 proc /proc proc defaults 0 0
8 tmpfs /tmp tmpfs defaults 0 0
9 tmpfs /dev tmpfs defaults 0 0
10 sysfs /sys sysfs defaults 0 0
1.5.7 创建hostname,hosts,TZ文件
[tfz@centos etc]$ vim profile
[tfz@centos etc]$ echo "root" > hostname
[tfz@centos etc]$ echo "127.0.0.1 localhost" >> hosts
[tfz@centos etc]$ echo "MST7MDT" >>
[tfz@centos etc]$ echo "Copyright (C) 2015 tfz<>" >> issue //系统登陆时的提示信息
[tfz@centos etc]$
1.5.8 创建profile文件
[tfz@centos etc]$ vim profile
# /etc/profile: system-wide .profile file for the Bourne shells.
export PATH=\
/bin:\
/sbin:\
/usr/bin:\
/usr/sbin:\
/usr/local/bin:\
/apps/bin:\
/apps/tools:\
/apps/tslib/bin\
# If running interactively, then:
if [ "$PS1" ]; then
if [ "$BASH" ]; then
export PS1="[\u@\h \W]\\$ "
alias ll='/bin/ls --color=tty -laFh'
alias ls='/bin/ls --color=tty -F'
export
LS_COLORS='no=00:fi=00:di=01;34:ln=01;36:pi=40;33:so=01;35:do=01;35:bd=40;33;01:cd=40;33;01:or=40;31;01:ex=01;
32:*.tar=01;31:*.tgz=01;31:*.arj=01;31:*.taz=01;31:*.lzh=01;31:*.zip=01;31:*.z=01;31:*.Z=01;31:*.gz=01;31:*.bz2=01;31:*.deb=0
1;31:*.rpm=01;31:*.jar=01;31:*.jpg=01;35:*.jpeg=01;35:*.png=01;35:*.gif=01;35:*.bmp=01;35:*.pbm=01;35:*.pgm=01;35:*.ppm=01;35
:*.tga=01;35:*.xbm=01;35:*.xpm=01;35:*.tif=01;35:*.tiff=01;35:*.mpg=01;35:*.mpeg=01;35:*.avi=01;35:*.fli=01;35:*.gl=01;35:*.d
l=01;35:*.xcf=01;35:*.xwd=01;35:';
else
if [ "`id -u`" -eq 0 ]; then
export PS1='>: '
else
export PS1='>: '
fi
fi
# System Setting
set -o vi
alias ll='ls -l'
export USER=`id -un`
export LOGNAME=$USER
export HOSTNAME=`/bin/hostname`
export HISTSIZE=1000
export HISTFILESIZE=1000
export PAGER='/bin/more '
export EDITOR='/bin/vi'
export INPUTRC=/etc/inputrc
export DMALLOC_OPTIONS=debug=0x34f47d83,inter=100,log=logfile
export VAR1=
export VAR2=
export VAR3=
export VAR4=
export VAR5=
export LD_LIBRARY_PATH=/lib:/usr/lib/
# QT Extendded 4.4.3 Setting
export QTDIR=/apps/qt-extended-4.4.3
export QWS_MOUSE_PROTO='TSLIB:/dev/event0'
export QWS_DISPLAY='LinuxFB:/dev/fb0'
export QWS_DISPLAY='LinuxFB:mmWidth240:mmHeight320:0'
export QWS_SIZE='240x320'
export QT_PLUGIN_PATH=$QTDIR/plugins/
export QT_QWS_FONTDIR=$QTDIR/lib/fonts
export PATH=$QTDIR/bin:$PATH
export LD_LIBRARY_PATH=$LD_LIBRARY_PATH:$QTDIR/lib
# Touch Scree tslib Setting
export TSLIB_ROOT=/apps/tslib
export TSLIB_CONFFILE=$TSLIB_ROOT/etc/ts.conf
export TSLIB_CALIBFILE=$TSLIB_ROOT/etc/pointercal
export TSLIB_TSDEVICE=/dev/event0
export TSLIB_CONSOLEDEVICE=none
export TSLIB_FBDEVICE=/dev/fb0
fi;
1.5.9 创建指定一些协议所使用的端口号文件 protocols
[tfz@centos etc]$ vim protocols
1 # /etc/protocols:
2 # $Id: protocols,v 1.1.1.1 2001/09/12 19:03:24 andersee Exp $
3 #
4 # Internet (IP) protocols
5 #
6 # from: @(#)protocols 5.1 (Berkeley) 4/17/89
7 #
8 # Updated for NetBSD based on RFC 1340, Assigned Numbers (July 1992).
9
10 ip 0 IP # internet protocol, pseudo protocol number
11 icmp 1 ICMP # internet control message protocol
12 igmp 2 IGMP # Internet Group Management
13 ggp 3 GGP # gateway-gateway protocol
14 ipencap 4 IP-ENCAP # IP encapsulated in IP (officially ``IP'')
15 st 5 ST # ST datagram mode
16 tcp 6 TCP # transmission control protocol
17 egp 8 EGP # exterior gateway protocol
18 pup 12 PUP # PARC universal packet protocol
19 udp 17 UDP # user datagram protocol
20 hmp 20 HMP # host monitoring protocol
21 xns-idp 22 XNS-IDP # Xerox NS IDP
22 rdp 27 RDP # "reliable datagram" protocol
23 iso-tp4 29 ISO-TP4 # ISO Transport Protocol class 4
24 xtp 36 XTP # Xpress Tranfer Protocol
25 ddp 37 DDP # Datagram Delivery Protocol
26 idpr-cmtp 39 IDPR-CMTP # IDPR Control Message Transport
27 rspf 73 RSPF #Radio Shortest Path First.
28 vmtp 81 VMTP # Versatile Message Transport
29 ospf 89 OSPFIGP # Open Shortest Path First IGP
30 ipip 94 IPIP # Yet Another IP encapsulation
31 encap 98 ENCAP # Yet Another IP encapsulation
~
1.510 创建mdev.conf文件
mdev会在/etc目录下找mdev的配置文件:mdev.conf 。如果该文件不存在,则在执行mdev -s这个命令时,会提示找不到mdev.conf 此时我们可以键一个空的,mdev.conf文件来解决这个问题下面创建使用mdev自动挂载U盘和SD卡的配置/etc/mdev.conf
[tfz@centos etc]$ vim mdev.conf
+ mdev.conf ________________________________________________________________________
1 sd[a-z][0-9] 0:0 0777 @(mount /dev/$MDEV /mnt/usb)
2 sd[a-z] 0:0 0777 $(umount /mnt/usb)
3 ub[a-z][0-9] 0:0 0777 @(mount /dev/$MDEV /mnt/usb)
4 ub[a-z] 0:0 0777 $(umount /mnt/usb)
5 mmcblk[0-9]p[0-9] 0:0 0777 @(mount /dev/$MDEV /mnt/sdc)
6 mmcblk[0-9] 0:0 0777 $(umount /mnt/sdc)
15.11 创建用户组gruop文件
[tfz@centos etc]$ vim group
+ group ____________________________________________________________________________
1 root:x:0:root
2
它的格式如下:
groupname:password:gid:members
第一个字段为用户组名称
第二个字段为用户组密码,当为x时密码是映射到/etc/gshadow中的,是非逆的
第三个字段为GID,及组号,为正整数或0,0被付于了root用户组;系统通常会预留一些较靠前的GID给系统虚拟用户之用,每个系统预留的GID都不同,Fedora预留了500个,所以我们添加新用户组时是从500开始的。GID的范围由/etc/login.defs中的GID_MIN和GID_MAX决定
第四个字段为用户列表,每个用户间用逗号分隔
这里的password代表组口令,很少用到。它可使原先不在这个群组中的用户可以通过newgrp命令暂时继承该组的权限,使用 newgrp命令时会新开一个shell。口令的加密方式和passwd文件中的口令一样,所以如果需设置组口令,要用passwd程序虚设一个用户,再把该用户password节中的加密口令拷贝到/etc/group文件中。members列代表组成员,我们可把需加入该组的用户以逗号分隔添加到这里即可。同一组的成员可继承该组所拥有的权限。
1.5.12 创建用户passwd文件
[tfz@centos etc]$ vim passwd
+ passwd ___________________________________________________________________________
1 root:x:0:0:root:/:/bin/sh
~
它的格式如下:
username:password:uid:gid:gecos:homedir:shell
第一个字段为登录名
第二个字段为口令,一般被映射到shadow文件中
第三个字段为UID
第四个字段为GID
第五个字段为用户名全称,gecos是通用电子计算机操作系统的缩写,是Bell实验室中的一台大型主机。
第六个字段为用户根目录
第七个字段为用户所用SHELL的类型
Unix系统最初是用明文保存密码的,后来由于安全的考虑,采用crypt()算法加密密码并存放在/etc/passwd文件。现在,由于计算机处理能力的提高,使密码破解变得越来越容易。/etc/passwd文件是所有合法用户都可访问的,大家都可互相看到密码的加密字符串,这给系统带来很大的安全威胁。现代的Unix系统使用影子密码系统,它把密码从/etc/pa sswd文件中分离出来,真正的密码保存在/etc/shadow文件中,shadow文件只能由超级用户访问。这样入侵者就不能获得加密密码串,用于破解。使用shadow密码文件后,/etc/passwd文件中所有帐户的password域的内容为"x",如果password域的内容为"*",则该帐号被停用。使用passwd这个程序可修改用户的密。
1.5.13 创建密码映射shadow文件
[tfz@centos etc]$vim shadow
root:($jGZIHmtT$y8ZXoPllK12/wl51kMw4e/:0:0:99999:7:::) //显示的是加密后的字符串
该文件我们可以在Linux系统上使用passwd命令修改root口令来获取:
[tfz@centos ~]$ passwd root
Changing password for user root.
New UNIX password:
Retype new UNIX password:
passwd: all authentication tokens updated successfully.
[tfz@centos ~]$ cat /etc/shadow | grep root
root:$1$jGZIHmtT$y8ZXoPllK12/wl51kMw4e/:0:0:99999:7:::
当然,在设置为嵌入式平台上的root口令后,最好把系统上的root命令恢复到原始密码。
他的格式如下:
username:password:last_change:min_change:max_change:warm:failed_expire:expiration:reserved
第一字段:用户名(也被称为登录名),在/etc/shadow中,用户名和/etc/passwd 是相同的,这样就把passwd 和shadow中用的用户记录联系在一起;这个字段是非空的;
第二字段:密码(已被加密),这个字段是非空的;
第三字段:上次修改口令的时间;这个时间是从1970年01月01日算起到最近一次修改口令的时间间隔(天数),您可以通过passwd 来修改用户的密码,然后查看/etc/shadow中此字段的变化;
第四字段:两次修改口令间隔最少的天数;如果这个字段的值为空,帐号永久可用;
第五字段:两次修改口令间隔最多的天数;如果这个字段的值为空,帐号永久可用;
第六字段:提前多少天警告用户口令将过期;如果这个字段的值为空,帐号永久可用;
第七字段:在口令过期之后多少天禁用此用户;如果这个字段的值为空,帐号永久可用;
第八字段:用户过期日期;此字段指定了用户作废的天数(从1970年的1月1日开始的天数),如果这个字段的值为空,帐号永久可用;
第九字段:保留字段,目前为空,以备将来发展之用;
这里我们设置为不用密码登陆,将password格式的内容清空:
[tfz@centos etc]$ vim shadow
+ shadow ___________________________________________________________________________
1 root::0:0:99999:7:::
1.5.18 在文件系统中安装busybox
[tfz@centos ~]$ cd /tftp/
[tfz@centos tftp]$ ls
bash_profile linux-3.0.tar.bz2 linuxrom-s3c2440.bin u-boot.bin
[tfz@centos tftp]$ rz
rz waiting to receive.
Starting zmodem transfer. Press Ctrl+C to cancel.
Transferring busybox-1.20.2.tar.bz2...
100% 2135 KB 2135 KB/s 00:00:01 0 Errors
?[tfz@centos tftp]$ ls
bash_profile linux-3.0.tar.bz2 u-boot.bin
busybox-1.20.2.tar.bz2 linuxrom-s3c2440.bin
[tfz@centos tftp]$ cd /opt/
[tfz@centos opt]$ tar -xjf /tftp/busybox-1.20.2.tar.bz2
[tfz@centos opt]$ ls
buildroot-2012.08 busybox-1.20.2 roofs
[tfz@centos opt]$ cd busybox-1.20.2/
[tfz@centos busybox-1.20.2]$
[tfz@centos busybox-1.20.2]$ vim Makefile
//将CROSS_COMPLIER修改为:
CROSS_COMPILE ?= /opt/buildroot-2012.08/arm920t/usr/bin/arm-linux-
[tfz@centos busybox-1.20.2]$ ls ../rootfs
apps bin data dev etc info lib mnt proc root sbin sys tmp usr var
[tfz@centos busybox-1.20.2]$ vt100
[tfz@centos busybox-1.20.2]$ sudo make menuconfig
#选择:
Busybox Settings --->
General Configuration --->
[*] Don't use /usr
Installation Options ("make install" behavior) --->
What kind of applet links to install (as soft-links) --->
(../rootfs) BusyBox installation prefix
#其他选项结合和自己的需求定制
[tfz@centos busybox-1.20.2]$ sudo make
#编译过程略
[tfz@centos busybox-1.20.2]$ file busybox
busybox: ELF 32-bit LSB executable, ARM, version 1 (SYSV), statically linked, stripped
[tfz@centos busybox-1.20.2]$ sudo make install
....
../rootfs/sbin/udhcpc -> ../bin/busybox
../rootfs/sbin/udhcpd -> ../bin/busybox
../rootfs/sbin/vconfig -> ../bin/busybox
../rootfs/sbin/zcip -> ../bin/busybox
--------------------------------------------------
You will probably need to make your busybox binary
setuid root to ensure all configured applets will
work properly.
--------------------------------------------------
[tfz@centos busybox-1.20.2]$
[tfz@centos busybox-1.20.2]$ ls ../rootfs
apps bin data dev etc info lib linuxrc mnt proc root sbin sys tmp usr var
1.6 移植dropbear
1.6.1首先编译成PC版的,在制作密钥时用到
[tfz@centos ~]$ wget http://matt.ucc.asn.au/dropbear/releases/dropbear-0.53.1.tar.bz2
[tfz@centos ~]$ tar -xjf dropbear-0.53.1.tar.bz2
[tfz@centos ~]$ cd dropbear-0.53.1
[tfz@centos dropbear-0.53.1]$ ./configure && make
生成的文件:
dropbear: ssh2 server
dropbearkey: 密钥生成器
dropbearconvert: 可以转换openssh的密钥
dbclient: ssh2 client
[tfz@centos dropbear-0.53.1]$ ./dropbearkey -t rsa -f /opt/rootfs/etc/dropbear/dropbear_rsa_host_key
Will output 1024 bit rsa secret key to '/opt/rootfs/etc/dropbear/dropbear_rsa_host_key'
Generating key, this may take a while...
Public key portion is:
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAAAgwChXpm6ogojmWy7GTZloJDdSIFq7pd49P3dh2I8Ap/7Cr9KRWlfQb0rchkFv1h62736FyX28S1jo7HpES9Rjp7MinG66pyzFjOfrsruzkeheo7YBrk8GPeSdEm65O3gPlJzReyMY3r020fwVIGaMf7+bPBuMsYY1g+8OcgeEygYCExz lingyun@localhost.localdomain
Fingerprint: md5 ed:a6:c9:6d:6e:85:f6:10:b2:3c:49:90:52:be:9b:19
[tfz@centos dropbear-0.53.1]$ ./dropbearkey -t dss -f /opt/rootfs/etc/dropbear/dropbear_dss_host_key
Will output 1024 bit dss secret key to '/opt/rootfs/etc/dropbear/dropbear_dss_host_key'
Generating key, this may take a while...
Public key portion is:
ssh-dss AAAAB3NzaC1kc3MAAACBAOa5XsTcByi4cdnhJ44Uro/athrTzv68+yeizFejzQM+K1e4ung/2SfAIZW/ms41HSSMhO6Siv/oOGz3cPnw8NKkWHWTP6pQmyZlvl2zNdrbDwiPGQ17rb5THoVDbXwn54c/aMR27mj+DBJ4+SDpL08wfs6k2JaelQIpBYWbFJ+rAAAAFQCgrFTR2dqbRdrk+lhaxnU7L8ADiQAAAIEAwUThj2irqMRCuItsKN+hYKmydUAtAL47ys+GBYMxKH36cLBovm19+2gaBTKsdBJbBs7j/7/xrFLPypAQmN3MukeSQvIUGQ0qzqPEcwtOdDtqOzi2//f4Cb3JUQd+JVXYj0lYGjRMZGuGzUlk6zoVoY8SEdGpQgRtI5Zi/M1H5YEAAACAMYxm7p6mBeA/SD5uESAgfPgF87h0ZIdC2cONVG0Ay/TJvOJC2ioNyQEL+UinNEV5+cA4tv5huA8zryp/jBgHVtxUQu168KlzSzo8397Rsy5Lhg7zgRGZYhLNEBzypHQjX8bpEve76GgHSbZ+9aj+zznpvAmKwonqZNLic2/HTMc= lingyun@localhost.localdomain
Fingerprint: md5 96:f3:31:04:8b:a6:1b:a5:cc:37:e5:08:9c:18:98:cd
[tfz@centos dropbear-0.53.1]$
[tfz@centos dropbear-0.53.1]$ chmod 666 /opt/rootfs/etc/dropbear/dropbear_*
[tfz@centos dropbear-0.53.1]$
1.6.2 编译ARM版本的
[tfz@centos dropbear-0.53.1]$ make distclean
[tfz@centos dropbear-0.53.1]$ ./configure CC=/opt/buildroot-2012.08/arm920t/usr/bin/arm-linux-gcc --build=i686 --host=arm-linux --disable-zlib
[tfz@centos dropbear-0.53.1]$ make
[tfz@centos dropbear-0.53.1]$ file dropbear
dropbear: ELF 32-bit LSB executable, ARM, version 1 (SYSV), dynamically linked (uses shared libs), not stripped
[tfz@centos dropbear-0.53.1]$ file dbclient
dbclient: ELF 32-bit LSB executable, ARM, version 1 (SYSV), dynamically linked (uses shared libs), not stripped
[tfz@centos dropbear-0.53.1]$ mv dbclient ssh
[tfz@centos dropbear-0.53.1]$ arm-linux-strip dropbear
[tfz@centos dropbear-0.53.1]$ arm-linux-strip ssh
[tfz@centos dropbear-0.53.1]$ cp dropbear ssh /opt/rootfs/usr/sbin/
1.6.3 在文件系统中创建启动脚本
[tfz@centos rootfs]$ vim etc/init.d/S04_dropbear
#!/bin/sh
/usr/sbin/dropbear
[tfz@centos rootfs]$ chmod 777 etc/init.d/S04_dropbear
[tfz@centos rootfs]$ ls
apps bin data dev etc info lib linuxrc mnt proc root sbin sys tmp usr var
好了,我们已经创建了一个根文件系统