Root access enabling (Home Media CE)

From NAS-Central Iomega Wiki
Jump to: navigation, search

Contents

Without disassembling

  1. UPDATE: none of this works on 4.x firmware. You get "404 - Page Not Found Error Message is: "'diagnostics.html' was not found.""
  1. Go to http://<IP ADDRESS OF NAS>/diagnostics.html
  2. Tick checkbox to enable SSH.
  3. Upon restart, login with username 'root' and password 'soho<admin password>' (All one word. Example:'sohoabc123'. If no admin account is set- just 'soho')

With disassembling

Warning.png Warning: Carrying out this procedure probably voids your warranty. You do this all at your own risk!

The following sections explain how to enable ssh and obtain root access to your IOMega Home Media Network CE Hard Drive. This includes removing the hard disk and making some small modifications using a Linux (or Linux Live CD) workstation. It assumes familiarity with basic Linux usage such as finding and mounting disks and some text editor knowledge.

Firstly we will enable ssh then add an account for us to login with. I recommend to enable the security mode (if not already enabled) to be able to use different users on your NAS device. This is being done by starting the web GUI and navigating to System → Security. Switch the mode to "on" and choose a user name which will serve as the new web GUI admin user, e.g. "admin". It's a good idea to enable network communication encryption as well for additional security.

How To

Remove Hard Disk

Firstly remove the hard disk from your Home Media CE NAS device. You can find a how-to on taking this out here in this wiki. Put it in your other computer and boot into your Linux distribution or Live CD. I used a copy of the Clonezilla Live CD as it proved to support the LVM volumes of the Home Media CE.

Find Disk And Mount Volumes

What we are going to do is find our disk and mount it on the /mnt directory. In my case I'm looking for a 2000 GB disk. Typically I start by switching to the root user and using parted to look at all the partitions on all the disks. On my Live CD machine it shows up as the only physical disk (which is right in my case!):

 user@debian:~$ sudo su -
 root@debian:~# parted -l
 Model: ATA ST32000542AS (scsi)
 Disk /dev/sda: 2000GB
 Sector size (logical/physical): 512B/512B
 Partition Table: gpt
 
 Number  Start   End     Size    File system  Name     Flags
  1      33.6MB  21.5GB  21.5GB               primary  raid
  2      21.5GB  2000GB  1979GB               primary

The parted command found two partitions, a small 'raid' (LVM) partition and a large data partition. Now we have a look at the LVM partitions:

 root@debian:~# lvdisplay
   --- Logical volume ---
   LV Name                /dev/195084d1_vg/lv31f1fb79
   VG Name                195084d1_vg
   LV UUID                BiT0fL-lbEA-rvaK-H9nQ-fuPA-Akft-cIV1Uj
   LV Write Access        read/write
   LV Status              available
   # open                 0
   LV Size                1.80 TiB
   Current LE             471804
   Segments               1
   Allocation             inherit
   Read ahead sectors     auto
   - currently set to     256
   Block device           254:0
    
   --- Logical volume ---
   LV Name                /dev/md0_vg/BFDlv
   VG Name                md0_vg
   LV UUID                58fZkD-nNrr-n04Q-8xIo-6xra-9Tt7-S0sz9O
   LV Write Access        read/write
   LV Status              available
   # open                 1
   LV Size                4.00 GiB
   Current LE             1024
   Segments               1
   Allocation             inherit
   Read ahead sectors     auto
   - currently set to     256
   Block device           254:1
    
   --- Logical volume ---
   LV Name                /dev/md0_vg/vol1
   VG Name                md0_vg
   LV UUID                QXYKuD-V3v7-jOyp-AAPr-6D3G-dlX5-TMPmEw
   LV Write Access        read/write
   LV Status              available
   # open                 1
   LV Size                16.00 GiB
   Current LE             4095
   Segments               1
   Allocation             inherit
   Read ahead sectors     auto
   - currently set to     256
   Block device           254:2

We found three logical volumes: the data volume and two smaller ones that will prove to contain parts of the operating system. Now we create a mountpoint and mount the second logical volume (the warning message from the mount command can be safely ignored):

 root@debian:~# mkdir /mnt/BFDlv
 root@debian:~# mount /dev/md0_vg/BFDlv /mnt/BFDlv

Looking at the new file system we find two files that will prove to contain the binaries and the configuration files of the Home Media CE:

 root@debian:~# cd /mnt/BFDlv/images
 root@debian:/mnt/BFDlv/images# ls -als
 total 450024
      4 drwxr-xr-x 2 root root      4096 2011-05-26 14:30 .
      4 drwxr-xr-x 6 root root      4096 2011-05-26 14:29 ..
 439696 -rwxr-xr-x 1 root root 449801216 2011-06-03 08:57 apps
   5132 -rw-r--r-- 1 root root   5242880 2011-06-02 19:47 config
   5132 -rwxr-xr-x 1 root root   5242880 1970-01-01 00:03 config.old
     56 -rwxr-xr-x 1 root root     53248 1970-01-01 00:03 oem
 
 root@debian:/mnt/BFDlv/images# file apps
 apps: Linux rev 0.0 ext2 filesystem data (mounted or unclean), UUID=00000000-0000-0000-0000-000000000000
 root@debian:/mnt/BFDlv/images# file config
 config: Linux rev 0.0 ext2 filesystem data (mounted or unclean), UUID=77242e26-8d00-484c-857d-36fc1b481933

During runtime, the file "config" will provide the /etc file system and the file "apps" will provide the /bin, /sbin and /usr file system.

This is a good point in time to make copies of the two files (e.g. to your USB stick) because we will alter them from this point on!

Now we create new mountpoints and mount the two file systems:

 root@debian:/mnt/BFDlv/images# mkdir /mnt/apps
 root@debian:/mnt/BFDlv/images# mkdir /mnt/config
 root@debian:/mnt/BFDlv/images# mount -o loop apps /mnt/apps
 root@debian:/mnt/BFDlv/images# mount -o loop config /mnt/config

Tadaaa! We are now ready to alter the system's configuration!

Enable SSH

In contrast to the first IOMega Home Media Drive the Cloud Edition does not contain a telnet daemon. Instead, the developers fortunately included the SSH daemon which we just need to enable.

To enable SSH you need to modify the corresponding startup file. After making a copy of the file /mnt/config/init.d/sshd I used the nano editor to remove all four comment symbols ('#') in the following section of the file:

 start() {
  	echo -n "Starting sshd: "
 #	/usr/sbin/sshd
 #	touch /var/lock/sshd
 	echo "OK"
 }	
 stop() {
 	echo -n "Stopping sshd: "
 #	killall	sshd 
 #	rm -f /var/lock/sshd
 	echo "OK" 
 }

Now save this (Ctrl-O in nano) and exit (Ctrl-X).

The user "root" should not be able to log in directly via SSH because of the simple default password (we discussed this "feature" at the beginning of this how-to). Instead, you will be able to log in with a normal user account and switch to the user "root" afterwards. To disable the root login via SSH, edit the file /mnt/config/ssh/sshd_config and set the parameter PermitRootLogin from "yes" to "no".

 PermitRootLogin no

Next time your device starts up it will have SSH enabled!

Add A User Account And Setup Access

Now we create a user called nascentral by appending the following entry to the file /mnt/config/passwd:

 nascentral:x:1000:1000:nascentral:/:/bin/sh

Save and close this file, then open /mnt/config/group and add the following line to the bottom:

 nascentral:x:1000:

Save and close the file, open /mnt/config/shadow and append the following entry:

 nascentral:$1$$goRzr7Z2nQvrAoiRJGUhr/:10933:0:99999:7:::

You now have setup the user "nascentral" with the password ioadmin123

In order to be able to use the "su" command to switch from one user to another, the SETUID bit of the "su" command has to be set:

 root@debian:~# cd /mnt/apps/bin
 root@debian:~# chmod u+s su

Now you will be able to login as user "nascentral" and switch to the "root" user by executing "su -". The user "root" has the password 'soho<admin password>' (all one word. Example:'sohoabc123'. If no admin account is set, the root password is just 'soho').

Finish Up

Now we need to unmount the NAS hard disk in our workstation and shutdown:

 root@debian:~# cd /
 root@debian:~# umount /mnt/apps
 root@debian:~# umount /mnt/config
 root@debian:~# umount /mnt/BFDlv
 root@debian:~# shutdown -h now

Finally we can put the hard disk back into the NAS.

Testing

Turn on your NAS and wait for it to boot fully. Here we will be using putty to connect to the NAS and logging in as the nascentral user, then using su to get to root. You should be able to use 'ioadmin123' as the password for the user "nascentral" and the password 'soho<admin password>' for the user "root" (all one word. Example:'sohoabc123'. If no admin account is set, the root password is just 'soho'):

 login as: nascentral
 nascentral@192.168.178.208's password:
 nascentral@hmnhd-TI1S0O:/$
 nascentral@hmnhd-TI1S0O:/$ su -
 Password:
 root@hmnhd-TI1S0O:/#
 root@hmnhd-TI1S0O:/# uname -a
 Linux hmnhd-TI1S0O 2.6.31.14 #1 SMP Wed Feb 2 16:59:09 EST 2011 armv6l GNU/Linux
 root@hmnhd-TI1S0O:/#
 root@hmnhd-TI1S0O:/# id
 uid=0(root) gid=0(root) groups=0(root),10(wheel)

Please remember to change the nascentral password to something different by using the command "passwd nascentral"!