Category:CloudBox

Introduction
The CloudBox (aka FamilyBox) looks very similar on the outside to the Internet Space.

Product information

 * Lacie CloudBox Product page Contains: Overview; Specifications; Documents; Suggested; Awards & Reviews.


 * Lacie CloudBox Product Support page Contains: Downloads; Documents; FAQs; Knowledge Base; Troubleshooting; Contact LaCie.


 * Lacie CloudBox FTP Contains: Lacie original firmware capsules Link: ftp://update.lacie.com Username: familibox Password: familibox Direct link: ftp://familibox:familibox@update.lacie.com


 * Lacie GPL Source Code Contains: Lacie GPL source code Link: ftp://update.lacie.com Username: gpl_source Password: gpl_source Direct link: ftp://gpl_source:gpl_source@update.lacie.com

Product model

 * Product Name: CloudBox
 * Product Id: familibox
 * Hardware Id: familybox
 * Hardware Revision: 1.0

cat /proc/cpuinfo
Processor      : Feroceon 88FR131 rev 1 (v5l) BogoMIPS       : 999.42 Features       : swp half thumb fastmult edsp CPU implementer : 0x56 CPU architecture: 5TE CPU variant    : 0x2 CPU part       : 0x131 CPU revision   : 1

Hardware       : familybox Revision       : 0000 Serial         : 0000000000000000

cat /proc/meminfo
MemTotal:        254348 kB MemFree:            6388 kB Buffers:            1392 kB Cached:           169184 kB SwapCached:        11232 kB Active:           105404 kB Inactive:         118964 kB Active(anon):      20360 kB Inactive(anon):    33932 kB Active(file):      85044 kB Inactive(file):    85032 kB Unevictable:           0 kB Mlocked:               0 kB SwapTotal:        262124 kB SwapFree:         223508 kB Dirty:             43520 kB Writeback:             0 kB AnonPages:         47284 kB Mapped:             6396 kB Slab:              18136 kB SReclaimable:       9252 kB SUnreclaim:         8884 kB PageTables:         1448 kB NFS_Unstable:          0 kB Bounce:                0 kB WritebackTmp:          0 kB CommitLimit:      389296 kB Committed_AS:     287240 kB VmallocTotal:     385024 kB VmallocUsed:         992 kB VmallocChunk:     382244 kB

cat /proc/partitions
For 4TB version major minor #blocks  name

31       0        512 mtdblock0 8       0 3907018584 sda 8       1       1024 sda1 8       2     196608 sda2 8       3       1024 sda3 8       4    1572864 sda4 8       5    1572864 sda5 8       6    1048576 sda6 8       7     262144 sda7 8       8 3902362439 sda8 9       4    1572852 md4 9       5    1572852 md5 9       6    1048564 md6 9       7     262132 md7 9       8 3902362300 md8 253       0 3902357504 dm-0

cat /proc/mdstat
For 4TB version Personalities : [raid1] md8 : active raid1 sda8[0] 3902362300 blocks super 1.0 [1/1] [U]

md7 : active raid1 sda7[0] 262132 blocks super 1.0 [1/1] [U]

md6 : active raid1 sda6[0] 1048564 blocks super 1.0 [1/1] [U]

md5 : active raid1 sda5[0] 1572852 blocks super 1.0 [1/1] [U]

md4 : active raid1 sda4[0] 1572852 blocks super 1.0 [1/1] [U]

cat /proc/mounts
rootfs / rootfs rw 0 0 /dev/md4 / ext2 ro,relatime,errors=continue 0 0 /dev/md6 /rw ext3 rw,relatime,errors=continue,commit=5,data=writeback 0 0 /dev/md6 /var ext3 rw,relatime,errors=continue,commit=5,data=writeback 0 0 /dev/md6 /etc ext3 rw,relatime,errors=continue,commit=5,data=writeback 0 0 /dev/md6 /root ext3 rw,relatime,errors=continue,commit=5,data=writeback 0 0 none /tmp tmpfs rw,relatime 0 0 none /media tmpfs rw,relatime 0 0 none /shares tmpfs rw,relatime 0 0 none /lacie tmpfs rw,relatime 0 0 proc /proc proc rw,relatime 0 0 sysfs /sys sysfs rw,relatime 0 0 udev /dev tmpfs rw,relatime,mode=755 0 0 devpts /dev/pts devpts rw,relatime,mode=600 0 0 /dev/dm-0 /media/internal_11 ext4 rw,relatime,barrier=1,data=ordered 0 0 /dev/dm-0 /lacie/tmp ext4 rw,relatime,barrier=1,data=ordered 0 0 /dev/dm-0 /lacie/var ext4 rw,relatime,barrier=1,data=ordered 0 0 /dev/dm-0 /lacie/torrent_dir ext4 rw,relatime,barrier=1,data=ordered 0 0 /dev/dm-0 /lacie/autoupdate ext4 rw,relatime,barrier=1,data=ordered 0 0 /dev/dm-0 /lacie/afp_db ext4 rw,relatime,barrier=1,data=ordered 0 0 /dev/dm-0 /shares/Family ext4 rw,relatime,barrier=1,data=ordered 0 0 /dev/dm-0 /shares/admin ext4 rw,relatime,barrier=1,data=ordered 0 0

cat /proc/filesystems
nodev  sysfs nodev  rootfs nodev  bdev nodev  proc nodev  debugfs nodev  sockfs nodev  pipefs nodev  anon_inodefs nodev  tmpfs nodev  inotifyfs nodev  configfs nodev  devpts ext3 ext2 ext4 cramfs squashfs nodev  ramfs hfs nodev  unionfs nodev  nfs nodev  nfs4 nodev  nfsd nodev  cifs nodev  jffs2 nodev  autofs xfs nodev  rpc_pipefs nodev  ubifs nodev  usbfs

dmesg
[   0.000000] Linux version 2.6.31.14-svn7493 (root@sbs2_node1.lacie.com) (gcc version 4.4.1 (Sourcery G++ Lite 2010q1-202) ) #1 Tue Apr 16 10:04:36 UTC 2013 [   0.000000] CPU: Feroceon 88FR131 [56251311] revision 1 (ARMv5TE), cr=00053977 [   0.000000] CPU: VIVT data cache, VIVT instruction cache [   0.000000] Machine: familybox [   0.000000] Using UBoot passing parameters structure [   0.000000] Memory policy: ECC disabled, Data cache writeback [   0.000000] On node 0 totalpages: 65536 [   0.000000] free_area_init_node: node 0, pgdat c09972d0, node_mem_map c09c5000 [   0.000000]   Normal zone: 512 pages used for memmap [   0.000000]   Normal zone: 0 pages reserved [   0.000000]   Normal zone: 65024 pages, LIFO batch:15 [   0.000000] Built 1 zonelists in Zone order, mobility grouping on. Total pages: 65024 [   0.000000] Kernel command line: console=ttyS0,115200 boot=UUID=xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx root=UUID=xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx cap=gpt,lba64 [   0.000000] PID hash table entries: 1024 (order: 10, 4096 bytes) [   0.000000] Dentry cache hash table entries: 32768 (order: 5, 131072 bytes) [   0.000000] Inode-cache hash table entries: 16384 (order: 4, 65536 bytes) [   0.000000] Memory: 256MB = 256MB total [   0.000000] Memory: 249728KB available (9316K code, 371K data, 140K init, 0K highmem) [   0.000000] Hierarchical RCU implementation. [   0.000000] NR_IRQS:114 [  25.769945] Console: colour dummy device 80x30 [  25.769980] Calibrating delay loop... 999.42 BogoMIPS (lpj=4997120) [  26.029963] Mount-cache hash table entries: 512 [  26.030301] CPU: Testing write buffer coherency: ok [   26.032302] NET: Registered protocol family 16 [  26.034633] Feroceon L2: Enabling L2 [   26.034672] Feroceon L2: Cache support initialised. [  26.035205] [   26.035211] CPU Interface [  26.035216] - [   26.035223] SDRAM_CS0 ....base 00000000, size 256MB [  26.035237] SDRAM_CS1 ....disable [  26.035246] SDRAM_CS2 ....disable [  26.035254] SDRAM_CS3 ....disable [  26.035263] PEX0_MEM ....base e8000000, size 128MB [  26.035278] PEX0_IO ....base f2000000, size   1MB [  26.035292] INTER_REGS ....base f1000000, size   1MB [  26.035306] NFLASH_CS ....base fa000000, size   2MB [  26.035321] SPI_CS ....base f4000000, size  16MB [  26.035339] BOOT_ROM_CS ....no such [  26.035360] DEV_BOOTCS ....no such [  26.035383] CRYPT_ENG ....base f0000000, size   2MB [  26.035405] [   26.035408]   Marvell Development Board (LSP Version KW_LSP_5.0.3)-- familybox  Soc: 88F6192 A1 LE [   26.035425] [  26.035431]  Detected Tclk 166666667 and SysClk 400000000 [  26.037457] Kirkwood PCIe port 0: [  26.037465] link down, ignoring [  26.046054] bio: create slab  at 0 [  26.046449] SCSI Scattered Spinup: Disabled [  26.047031] SCSI subsystem initialized [  26.047112] libata version 3.00 loaded. [  26.049434] NET: Registered protocol family 2 [  26.049544] IP route cache hash table entries: 2048 (order: 1, 8192 bytes) [  26.049787] TCP established hash table entries: 8192 (order: 4, 65536 bytes) [  26.049843] Switched to NOHz mode on CPU #0 [  26.050087] TCP bind hash table entries: 8192 (order: 3, 32768 bytes) [  26.050215] TCP: Hash tables configured (established 8192 bind 8192) [  26.050226] TCP reno registered [  26.050528] NET: Registered protocol family 1 [  30.563759] cpufreq: Init kirkwood cpufreq driver [  30.563786] cpufreq: High frequency: 1000000KHz - Low frequency: 0KHz [  30.563850] cpufreq: Setting CPU Frequency to 1000000 KHz [  30.563863] cpufreq: Setting PowerSaveState to off [  30.569901] cpufreq: Setting CPU Frequency to 1000000 KHz [  30.569912] cpufreq: Setting PowerSaveState to off [  30.580705] gpio-hd-power gpio-hd-power: GPIO Hard Disk power device initialized [  30.582615] squashfs: version 4.0 (2009/01/31) Phillip Lougher [  30.582648] Registering unionfs 2.5.10 (for 2.6.31.14) [  30.582961] Installing knfsd (copyright (C) 1996 okir@monad.swb.de). [  30.583656] JFFS2 version 2.2. (NAND) (SUMMARY) © 2001-2006 Red Hat, Inc. [   30.584171] SGI XFS with ACLs, security attributes, large block/inode numbers, no debug enabled [  30.584718] SGI XFS Quota Management subsystem [  30.584753] msgmni has been set to 488 [  30.584876] alg: No test for cipher_null (cipher_null-generic) [  30.584949] alg: No test for ecb(cipher_null) (ecb-cipher_null) [  30.585021] alg: No test for digest_null (digest_null-generic) [  30.585086] alg: No test for compress_null (compress_null-generic) [  30.593699] alg: No test for stdrng (krng) [  30.910292] alg: No test for hmac(digest_null) (hmac(digest_null-generic)) [  31.059110] Block layer SCSI generic (bsg) driver version 0.4 loaded (major 253) [  31.059127] io scheduler noop registered [  31.059136] io scheduler anticipatory registered (default) [  31.059146] io scheduler deadline registered [  31.059208] io scheduler cfq registered [  31.074829] Serial: 8250/16550 driver, 4 ports, IRQ sharing disabled [  31.075925] serial8250.0: ttyS0 at MMIO 0xf1012000 (irq = 33) is a 16550A [  31.075951] console [ttyS0] enabled [  31.480814] brd: module loaded [  31.484495] sata_mv sata_mv.0: version 1.28 [  31.488760] sata_mv sata_mv.0: slots 32 ports 1 [  31.493816] scsi0 : sata_mv [  31.497012] ata1: SATA max UDMA/133 irq 21 [  31.501479] INIT Marvell Ethernet Driver: mv_netdev [  31.506567] Loading Marvell Ethernet Driver: [  31.510849]   o Cached descriptors in DRAM [  31.514929]   o DRAM SW cache-coherency [  31.518748]   o 2 Giga ports supported [  31.522493]   o Single RX Queue support - ETH_DEF_RXQ=0 [  31.527691]   o Single TX Queue support - ETH_DEF_TXQ=0 [  31.532900]   o TCP segmentation offload (TSO) supported [  31.538188]   o Large Receive offload (LRO) supported [  31.543224]   o Receive checksum offload supported [  31.547995]   o Transmit checksum offload supported [  31.552859]   o Network Fast Processing (Routing) supported - (Disabled) [  31.559528]   o Proc tool API enabled [  31.563183]   o SKB Reuse supported - (Disabled) [  31.567781]   o SKB Recycle supported - (Disabled) [  31.572556]   o Rx descripors: q0=128 [  31.576213]   o Tx descripors: q0=532 [  31.579885]   o Loading network interface(s): [  31.585389]     o  register under mv_netdev platform [  31.591323]     o eth0, ifindex = 2, GbE port = 0 [  31.596023] [   31.596026] Warning: Giga 1 is Powered Off [  31.601611] [   31.603107] mvFpRuleDb (cc472000): 2048 entries, 8192 bytes [  31.608848] console [netcon0] enabled [  31.612515] netconsole: network logging started [  31.618445] m25p80 spi0.0: mx25l4005a (512 Kbytes) [  31.623247] Creating 1 MTD partitions on "spi_flash": [  31.628288] 0x000000000000-0x000000080000 : "u-boot" [  31.634339] mice: PS/2 mouse device common for all mice [  31.639920] input: gpio-keys as /devices/platform/gpio-keys/input/input0 [  31.647239] rtc-mv rtc-mv: rtc core: registered rtc-mv as rtc0 [  31.653093] IRQ 53/rtc-mv: IRQF_DISABLED is not guaranteed on shared IRQs [  31.660445] cpufreq: Setting CPU Frequency to 1000000 KHz [  31.660458] cpufreq: Setting PowerSaveState to off [  31.670199] cpuidle: using governor ladder [  31.674686] cpuidle: using governor menu [  31.678790] Registered led device: familybox:red:fail [  31.684246] Registered led device: familybox:blue:sata [  31.689640] mv_xor_shared mv_xor_shared.0: Marvell shared XOR driver [  31.696057] mv_xor_shared mv_xor_shared.1: Marvell shared XOR driver [  31.739869] mv_xor mv_xor.0: Marvell XOR: ( xor cpy ) [  31.779867] mv_xor mv_xor.1: Marvell XOR: ( xor fill cpy ) [  31.819878] mv_xor mv_xor.2: Marvell XOR: ( xor cpy ) [  31.859871] mv_xor mv_xor.3: Marvell XOR: ( xor fill cpy ) [  31.865855] TCP cubic registered [  31.869070] NET: Registered protocol family 17 [  31.873591] Bridge firewalling registered [  31.877591] NET: Registered protocol family 5 [  31.882177] RPC: Registered udp transport module. [  31.886864] RPC: Registered tcp transport module. [  31.892685] rtc-mv rtc-mv: setting system clock to xxxx-xx-xx xx:xx:xx UTC (xxxxxxxxxx) [  32.079861] ata1: SATA link up 3.0 Gbps (SStatus 123 SControl F300) [  32.119889] ata1.00: ATA-9: ST4000DM000-1F2168, CC54, max UDMA/133 [  32.126050] ata1.00: 7814037168 sectors, multi 0: LBA48 NCQ (depth 31/32) [  32.189946] ata1.00: configured for UDMA/133 [  32.194467] scsi 0:0:0:0: Direct-Access     ATA      ST4000DM000-1F21 CC54 PQ: 0 ANSI: 5 [  32.203354] sd 0:0:0:0: [sda] 7814037168 512-byte logical blocks: (4.00 TB/3.63 TiB) [  32.211085] sd 0:0:0:0: [sda] 4096-byte physical blocks [  32.216586] sd 0:0:0:0: Attached scsi generic sg0 type 0 [  32.222266] sd 0:0:0:0: [sda] Write Protect is off [  32.227043] sd 0:0:0:0: [sda] Mode Sense: 00 3a 00 00 [  32.227138] sd 0:0:0:0: [sda] Write cache: enabled, read cache: enabled, doesn't support DPO or FUA [  32.236651]  sda: sda1 sda2 sda3 sda4 sda5 sda6 sda7 sda8 [  32.287656] sd 0:0:0:0: [sda] Attached SCSI disk [  32.292305] Freeing init memory: 140K [  32.296503] Freeing initramfs memory: 4312K [  32.833389] EXT2-fs warning: checktime reached, running e2fsck is recommended [  35.001420] eth0: link down [  35.001439] eth0: started [  35.184598] md: md8 stopped. [  35.189140] md: bind [  35.210235] md: raid1 personality registered for level 1 [  35.210652] raid1: raid set md8 active with 1 out of 1 mirrors [  35.210746] md8: detected capacity change from 0 to 3996018995200 [  35.219063]  md8: unknown partition table [  35.229622] md: md8 stopped. [  35.229646] md: unbind [  35.229663] md: export_rdev(sda8) [  35.230214] md8: detected capacity change from 3996018995200 to 0 [  35.267203] md: md7 stopped. [  35.271655] md: bind [  35.284593] raid1: raid set md7 active with 1 out of 1 mirrors [  35.284689] md7: detected capacity change from 0 to 268423168 [  35.292980]  md7: unknown partition table [  35.326827] md: md7 stopped. [  35.326852] md: unbind [  35.326870] md: export_rdev(sda7) [  35.327233] md7: detected capacity change from 268423168 to 0 [  35.364325] md: md6 stopped. [  35.368557] md: bind [  35.381658] raid1: raid set md6 active with 1 out of 1 mirrors [  35.381755] md6: detected capacity change from 0 to 1073729536 [  35.387535]  md6: unknown partition table [  35.425365] md: md6 stopped. [  35.425389] md: unbind [  35.425407] md: export_rdev(sda6) [  35.425770] md6: detected capacity change from 1073729536 to 0 [  35.465954] md: md5 stopped. [  35.470110] md: bind [  35.483326] raid1: raid set md5 active with 1 out of 1 mirrors [  35.483422] md5: detected capacity change from 0 to 1610600448 [  35.489206]  md5: unknown partition table [  35.540309] md: md5 stopped. [  35.540334] md: unbind [  35.540351] md: export_rdev(sda5) [  35.540710] md5: detected capacity change from 1610600448 to 0 [  35.581912] md: md4 stopped. [  35.586042] md: bind [  35.599155] raid1: raid set md4 active with 1 out of 1 mirrors [  35.599253] md4: detected capacity change from 0 to 1610600448 [  35.605168]  md4: unknown partition table [  35.623150] eth0: link up, full duplex, speed 1 Gbps [  35.630083] md: md4 stopped. [  35.630107] md: unbind [  35.630124] md: export_rdev(sda4) [  35.630488] md4: detected capacity change from 1610600448 to 0 [  35.980205] md: md4 stopped. [  35.984413] md: bind [  35.997364] raid1: raid set md4 active with 1 out of 1 mirrors [  35.997461] md4: detected capacity change from 0 to 1610600448 [  35.998491]  md4: unknown partition table [  36.008781] md: md5 stopped. [  36.013038] md: bind [  36.026139] raid1: raid set md5 active with 1 out of 1 mirrors [  36.026237] md5: detected capacity change from 0 to 1610600448 [  36.027275]  md5: unknown partition table [  36.037639] md: md6 stopped. [  36.041497] md: bind [  36.054996] raid1: raid set md6 active with 1 out of 1 mirrors [  36.055095] md6: detected capacity change from 0 to 1073729536 [  36.056209]  md6: unknown partition table [  36.066642] md: md7 stopped. [  36.070917] md: bind [  36.083951] raid1: raid set md7 active with 1 out of 1 mirrors [  36.084050] md7: detected capacity change from 0 to 268423168 [  36.085262]  md7: unknown partition table [  36.095859] md: md8 stopped. [  36.100149] md: bind [  36.113177] raid1: raid set md8 active with 1 out of 1 mirrors [  36.113279] md8: detected capacity change from 0 to 3996018995200 [  36.249613]  md8: unknown partition table [  36.388666] kjournald starting. Commit interval 5 seconds [  36.388694] EXT3-fs warning: checktime reached, running e2fsck is recommended [  36.440184] EXT3 FS on md6, internal journal [  36.440201] EXT3-fs: mounted filesystem with writeback data mode. [  37.506414] Adding 262124k swap on /dev/md7. Priority:-1 extents:1 across:262124k [  37.731735] usbcore: registered new interface driver usbfs [  37.737277] usbcore: registered new interface driver hub [  37.740140] usbcore: registered new device driver usb [  37.766045] Initializing USB Mass Storage driver... [  37.768871] usbcore: registered new interface driver usb-storage [  37.768895] USB Mass Storage support registered.

Version 2.6.8.4 (2014-10-17)

 * Fix Bash Shellshock and OpenSSL vulnerabilities
 * Fix some other issues.

Version 2.6.8.2 (2013-04-16)

 * Fix security issue

Version 2.6.8.1 (removed)

 * Initial version

Getting a Root Shell
The first step in getting a root shell is to temporarily access the filesystem. Once this is achieved, modify files to permanently enable remote root login over ssh.

Accessing the Filesystem
There are several ways to access the filesystem. Choose the most appropriate to your circumstances.

Extract Drive and Plug Into Computer
This method works by opening the case, removing the drive and connecting to another Linux computer. Once connected, mount the root filesystem (type ext3) on partition 6, and update the files as described below.

Using Serial Console
A serial console can be connected to the GPIO port header on the board. The box needs to be opened to gain access. Refer to [this link] for more details on connecting a computer to the serial console. Once connected, boot the CloudBox and break the boot sequence. At the "Marvell>>" prompt, enter the following commands: setenv console "ttyS0,115200 init=/bin/sh single" ide reset run nexus_boot

This should boot the system into single-user mode and give you a root shell. You may need to mount disks to edit the files needed to enable remote shell login.

Using clunc
The "clunc" tool provides a way of getting network access to the uboot console. However, this can not be used to boot into single-user mode, because the network console is only present when uboot is running, and is not supported by the kernel.

Instead, the uboot "console" variable can be tweaked to exploit a vulnerability in a script that parses the kernel command-line parameters. Once in place, the system will boot into multi-user mode, but will be running a telnet daemon which will fork a root shell without requiring authentication.

1. Create a file in UNIX format (newlines rather than carriage-returns) containing the following: #!/bin/sh /usr/sbin/telnetd -l /bin/sh

2. Copy the file to the root of a share (eg \\Lacie-CloudBox\Family\). The CloudBox sets execute permission on files uploaded by SMB, so this script will run if we can get the CloudBox to attempt it.

3. Download and build clunc.

4. Run clunc like this: clunc -i $NASIP

5. Boot the device and wait for clunc to connect to uboot

6. At the Marvell>> prompt, enter the following commands. These won't survive a reboot, but are enough to allow us to get in once, which is all we need. setenv console "ttyS0,115200 a=a;/*/*/telnetd.sh" ide reset run nexus_boot Once the kernel is loading, you can break out of clunc with ^C.

7. Wait about 2 minutes for the CloudBox to finish booting and try to telnet: telnet $NASIP You should have a root shell.

Enabling Secure Shell
Note that there are potentially two sshd processes on the CloudBox. One listens on port 22, and provides SFTP access to shared files only. This is of no use to us because it does not allow a shell, nor does it allow access to any system files. The other instance of sshd is not running on a stock CloudBox, and needs to be enabled. This alternate instance accepts connections on port 2222.

1. Remove comment from sshd in the default.runlevel file, so initng will start it at boot time: cd /etc/initng/runlevel cp default.runlevel default.runlevel.bak sed -i '/^#sshd$/s/^#//' default.runlevel

2. Enable sshd in Unicorn cd /etc/unicorn/unicorn_conf cp unicorn.sharing.ssh.conf unicorn.sharing.ssh.conf.bak sed -i '/enabled:.*false/s/:.*/: true/' unicorn.sharing.ssh.conf

3. Check that root login is enabled cat /etc/ssh/sshd_config


 * Root login is enabled if  is set to   and   contains  . If that's not the case, enable root access as follows:

cd /etc/ssh cp sshd_config sshd_config.bak sed -i '/PermitRootLogin.*no/s/no/yes/; /AllowUsers/s/$/ root/' sshd_config

4. Start sshd ngc --start sshd

You should now be able to connect on port 2222.

Setting Up SSH Keys
The ssh daemon (that we just started) is configured (in /etc/ssh/sshd_config) so that only root can login, and this configuration setting is automatically re-written and won't survive a reboot. The root password is not known, so it's not possible to login as root with a password. Other users have their shells automatically reverted to /bin/false so that they cannot login to a shell. You could change or delete the root password, but I suspect that this also gets automatically rewritten. Instead, we use RSA keys to login as root, and avoid the password problem altogether.

The commands below will create a new key pair, and authorise it to be used for authentication as root. Alternatively, if you already have a key, you can add it into the file /root/.ssh/authorized_keys. If you're doing this bit manually, be sure to set the permissions on the .ssh</tt> directory to not be world-readable (eg chmod 700 /root/.ssh</tt>).

ssh -o batchmode=yes 0.0.0.0 # ignore the error - this simply creates .ssh with correct permissions cd ~/.ssh ssh-keygen # accept defaults, but be sure to enter a good passphrase cp id_rsa.pub authorized_keys chmod 600 authorized_keys cp .ssh/id_rsa* /shares/Family # note: this is insecure unless you entered a good passphrase A copy of the key files are placed in the \\Lacie-CloudBox\Family</tt> share, so that they can be accessed from other devices. If you're using PuTTY for ssh, you'll need to use PuttyGen to convert the private key to a format that is compatible with PuTTY/Pageant.

When connecting, remember to use port 2222 as the "root" user.

Installing Optware
Optware provides access to a huge store of packages that can be installed onto the CloudBox without interfering with the main system. The unused /opt/</tt> directory is used as the install target for Optware binaries and configuration files. This is spliced into the system by adding it into root's $PATH</tt> (in /root/.profile</tt>) and also by adding an initng file that runs at boot time and executes Optware start-up scripts in /opt/etc/init.d/</tt>.

Installing Optware is straightforward, and presents little risk of interfering with the system. Removing Optware is a matter of deleting one file on the main system and the contents of /opt/</tt>, and adjusting root's profile.

These instructions are based on those provided at http://lacie.nas-central.org/w/index.php?title=Category:2big_Network_2&section=50#Install_ipkg, and are fairly universal.

1. Create a location for the optware root

This assumes an "admin" user and share exists. Creating the directory under the admin user's share allows you to access the files over other means (eg Samba) if you have to, and also allows it to be backed up using the vendor-supplied utilities. You may prefer to make the root at /shares/opt</tt> instead of /shares/admin/opt</tt>. mkdir /shares/admin/opt mkdir /opt mount -o bind /shares/admin/opt /opt 2. Manually download and Extract the ipkg-opt package.

There's a chicken-and-egg situation we need to overcome, where we cannot install the ipkg-opt package without a package manager. We solve this by replicating the basic functions of the ipkg</tt> binary. cd /opt feed= http://ipkg.nslu2-linux.org/feeds/optware/cs08q1armel/cross/stable/ feednative= http://ipkg.nslu2-linux.org/feeds/optware/cs08q1armel/native/unstable ipkg_name=`wget -qO- $feed/Packages | awk '/^Filename: ipkg-opt/ {print $2}'` wget $feed/$ipkg_name tar -xOvzf $ipkg_name ./data.tar.gz | tar -C / -xzvf - rm $ipkg_name 3. Configure Package Sources

mkdir -p /opt/etc/ipkg echo "src cross $feed" > /opt/etc/ipkg/feeds.conf echo "src native $feednative" >> /opt/etc/ipkg/feeds.conf

4. Prepare Root's Profile

echo -e "\nexport PATH=/opt/bin:/opt/sbin:\$PATH" >> /root/.profile source /root/.profile

5. Update the Package Lists

ipkg update

6. Install the Optware Init Driver Script

Create the file /opt/etc/rc.optware containing the following:
 * 1) !/bin/sh

for i in /opt/etc/init.d/S??* ;do
 * 1) Start all init scripts in /opt/etc/init.d
 * 2) executing them in numerical order.

# Ignore dangling symlinks (if any). [ ! -f "$i" ] && continue

case "$i" in          *.sh)                # Source shell script for speed.                ( trap - INT QUIT TSTP set start . $i )               ;;           *)                # No sh extension, so fork subprocess. $i start ;;       esac done Make the file executable:

chmod 755 /opt/etc/rc.optware

7. Install the Optware InitNG File

This file is used by initng to launch the rc.optware</tt> file we just created. Copy the contents into the file into /etc/initng/optware.i:
 * 1) !/sbin/itype
 * 2) This is a i file, used by initng parsed by install_service

service optware { need = unicorn/ready; stdall = /var/log/messages; script start = { if test -z "${REAL_OPT_DIR}"; then REAL_OPT_DIR=/shares/admin/opt/ fi                 if test -n "${REAL_OPT_DIR}"; then if ! grep ' /opt ' /proc/mounts >/dev/null 2>&1 ; then mkdir -p /opt mount -o bind ${REAL_OPT_DIR} /opt fi                 fi                  [ -x /opt/etc/rc.optware ] && /opt/etc/rc.optware };         script stop = { umount /opt }; } 8. Add optware</tt> to the end of default.runlevel</tt>

echo "optware" >> /etc/initng/runlevel/default.runlevel

9. Tell initng to start Optware

ngc --start optware

After a reboot, /opt should be mounted, and any packages that install scripts in /etc/init.d/ (eg openssh</tt>) should have them executed at start-up time.