OpenWrt: Cannot install package sudo

2

I have installed the latest OpenWrt Chaos Calmer r42871 on my TP-LINK WR-842ND router. And everything's good except the problem:

root@router:~# opkg install sudo

Unknown package 'sudo'.

Collected errors:

  • opkg_install_cmd: Cannot install package sudo.

In the same time I can install another packages like: shadow-useradd, shadow-groupadd, etc.

The target idea is to disable the root user and to make a router more secure by using non-priv user by default (I suppose sudo would help with it at least).

It's really strange that Mr. Google doesn't know about this error yet. But I hope it will already. :)

Any advices needed!

Serhii Matrunchyk

Posted 2014-10-14T14:00:10.387

Reputation: 171

If you don’t need bleeding edge code, I suggest you stick to Barrier Breaker. – Daniel B – 2014-10-14T17:28:15.930

Is it possible to rollback to BB? – Serhii Matrunchyk – 2014-10-14T19:25:04.497

I don’t know. Probably not, but you should be able to keep most of the config files. – Daniel B – 2014-10-14T19:26:37.977

1Considering that routers are usually only accessed by their administrators, they typically use just the root account, and can happen that the sudo package is not even compiled for those platforms. First try to find if it is available in the repositories. – Raúl Salinas-Monteagudo – 2014-10-17T12:01:08.230

Answers

1

sudo is not provided anymore by this distribution, and the sudo paragraph from this documentation seems outdated.

As you can see in this ps -w exctract from my router, almost all processes are running as root :

  (... kernel process edited out)
  832 root      8984 S    /sbin/ubusd
  833 root      2716 S    /sbin/askfirst /usr/libexec/login.sh
  834 root      2716 S    /sbin/askfirst /usr/libexec/login.sh
 1122 root      7040 S    /sbin/logd -S 64
 1123 root     11120 S    /sbin/logread -f -h router -r 10.13.9.40 514 -p /var/run/logread.2.pid
 1132 root     15296 S    /sbin/rpcd
 1167 root     15440 S    /sbin/netifd
 1307 root      2888 S    /usr/sbin/dropbear -F -P /var/run/dropbear.1.pid -p 10.13.9.1:22 -K 300
 1846 root     24228 S    /usr/sbin/uhttpd -f -h /www -r router -x /cgi-bin -u /ubus -t 60 -T 30 -k 20 -A 1 -n 3 -N 100 -R -p 0.0.0
 1859 zabbix    5420 S    /usr/sbin/zabbix_agentd -c /etc/zabbix_agentd.conf -f
 1866 zabbix    5420 S    /usr/sbin/zabbix_agentd: collector [idle 1 sec]
 1867 zabbix    5420 S    /usr/sbin/zabbix_agentd: listener #1 [waiting for connection]
 1868 zabbix    5428 S    /usr/sbin/zabbix_agentd: active checks #1 [idle 1 sec]
 1876 root     15036 R    /usr/sbin/openvpn --syslog openvpn(server) --status /var/run/openvpn.server.status --cd /var/etc --config
 1908 root      3060 S <  /usr/sbin/ntpd -n -N -l -S /usr/sbin/ntpd-hotplug -p ***EDITED_OUT***.org -p ***EDITED_OUT***.org -p ***EDITED_OUT***
 1960 dnsmasq   2968 S    /usr/sbin/dnsmasq -C /var/etc/dnsmasq.conf -k -x /var/run/dnsmasq/dnsmasq.pid
 2688 root      3336 S    {dynamic_dns_upd} /bin/sh /usr/lib/ddns/dynamic_dns_updater.sh -v 0 -S ***EDITED_OUT*** -- start
 2689 root      3336 S    {dynamic_dns_upd} /bin/sh /usr/lib/ddns/dynamic_dns_updater.sh -v 0 -S ***EDITED_OUT*** -- start
 2690 root      3340 S    {dynamic_dns_upd} /bin/sh /usr/lib/ddns/dynamic_dns_updater.sh -v 0 -S ***EDITED_OUT*** -- start
 8532 root      3000 R    /usr/sbin/dropbear -F -P /var/run/dropbear.1.pid -p 10.13.9.1:22 -K 300
 8533 root      3064 S    -ash
 8609 root      3056 S    sleep 600
 8616 root      3056 S    sleep 600
 8620 root         0 SW   [kworker/u8:1]
 8678 root      3056 S    sleep 600
 8691 root      3056 R    ps w

So by adding the sudo packages, adding a user, and after a lot of configuration, the only security you will gain is typing sudo before every command, or sudo -i after each login.

According to Raúl Salinas-Monteagudo's comment, this distribution is intended for router machines, only accessed by their administrators.

pim

Posted 2014-10-14T14:00:10.387

Reputation: 662

1

You need to update the list of packages:

opkg update

Then try to showing the info for the package you are interested in:

opkg info sudo

More information in the online documentation of the project.

dawud

Posted 2014-10-14T14:00:10.387

Reputation: 1 305

It doesn't work. See the error on my question... – Serhii Matrunchyk – 2014-10-14T19:54:35.087

How to check if the package exists in the repository? Or where could I report about this issue? – Serhii Matrunchyk – 2014-10-14T19:56:02.927

Asked: 2014-10-14T14:00:10.387

Viewed: 5 840 times

Active: 2017-08-24T14:21:11.317