How to set the IGEL OS factory reset password separate from any other password that the IGEL thin client uses?


Is there a way to make the factory reset password separate from any other password that the thin client uses (especially separate from administrator and root passwords)?


At the moment no, but that could a thing to put on the #feature-requests list maybe?


I will do that. Thank you!

Another question, then… is there a command that we could run (for example, obfuscated behind a menu option) that we could run to (help a user) reset an offline thin client?


Well… most of applications or commands started in GUI are user based, the reset_to_defaults command needs root privilege… I will have a look but I‘m on a business trip, does someone else have an idea?


I suppose that I could add it to /etc/sudoers for the user account, and maybe require a special password to use the menu item.


Would be great but would assume we have sudo onboard (which we don‘t), or did I understood you wrong?


Right, I just checked that… it’s not there. maybe ‘su -c’ would work, though… no, that wouldn’t work. Maybe setting the setuid bit on /bin/reset_to_defaults?

It looks like that and the other file(s?) that it calls are also shell scripts, and setuid doesn’t really work on scripts for understandable security reasons. There are workarounds, like making an actual (small) C program to run the script…


You are absolutely right, that will cause an issue. I will see if we can find a security-level-acceptable way of working, will send an idea if found!


Thanks! I might just make and compile a short C program to run it for me, and run that setuid as a non-script executable. 🙂


Sounds good, would be happy to see it! Keep my fingers crossed!


Custom application: if /usr/bin/gtkmessage -L -m “Please enter the username and password” | /bin/grep topsecretpassword; then /wfs/Igel_factory_reset; /sbin/reboot; fi

C program: #include <stdio.h>

#include <stdlib.h>

int main() {

system(“/etc/reset_terminal_to_factory_defaults –force”);

return 0;

}

Make the compiled (gcc Igel_factory_reset.c -o Igel_factory_reset) program a ‘File’ owned by root, and use a final desktop command to run ‘chmod u+s /wfs/Igel_factory_reset’

Edit: That worked for me… at least once. However, it doesn’t work consistently. I might be doing something incorrectly…

Continue reading and comment on the thread ‘How to set the IGEL OS factory reset password separate from any other password that the IGEL thin client uses?’.  Not a member? Join Here!

Learn more, search the IGEL Knowledge Base



Ask a question or comment on the above messasge thread?

Join or log in to the IGEL Community to ask us anything and meet other IGEL customers, partners, and EUC enthusiasts.

Submit a question, or Join Today!


Popular Message Threads


Categories & Tags: