Hello.
I currently have two 2tb mybook live devices that I really like. I like them because I am an Linux user who knows a bit more than just the basics and have been able to customize them to my liking. Specifically I turned off all the indexing, media serving and remote access. I don’t use WD software for access and have created a seperate Apache instance on one of the mybooks to serve content locally and also have a raspberry pi running from an NFS mount to serve media, which works fine. I use the shares from windows, linux, and android devices in my home network as primary storage for many things.
The mybooks are getting old and now that bad actors have discovered and exploited the security holes WD is offering a 40% discount on replacements. So my plan is to replace them with two 4tb or one 8tb ex2 ultras (when they are back in stock!) and start hacking. Been reading this forum for a few days and it is apparant that WD is still the same; they supply good hardware but software could be improved. That does not bother me because I think I can modify the bits I don’t like.
When I say hacking there is a limit; I do not want to modify the firmware, what ever I do must use stock WD firmware and beable to deal with any upgrades WD supplies. I am familar with squashfs and dealing with it on a WRT router and have blackberries for building ARM images.
My router experiance is an old netgear router with stock firmware and a usb drive with customizations. When the router reboots I have to telnet into it and run a script that sets up my environment which adds user accounts, brings in a more robust busybox, sets up ssh access while disabling telnet, and some other things I am hoping with ex2 there is a way to automatically run a customization script at boot without modifying firmware. I have read this is possible by simply modifying the startup script of almost any added on app.
Because the ex2 devices are currently sold out rIght now I am just sudying the os5 firmware which I have downloaded and split into a directory on one of my raspberries. One thing I can report is the binaries seem to run fine on the blackberry and presumably binaries from the raspberry should work fine on the ex2 if dependancies are met.
If there is interest I hope to use this forum topic to both report my experiance with this project as I go forward and to create a space for others to offer suggestions and perhaps share their experiances as well.
8/11/2021 I ordered 4gb My Cloud EX2 but WD backordered it, quoting 3 or 4 weeks for delivery. We will see.
Update 9/14/21
My EX2 ultra arrived! Time to play. First thing is to make sure it works. It arrived in a sizable but very battered cardboard box vi UPS. Packed inside was a sealed retail box - completely intact. Took it out, hooked it up to a spare ethernet port, plugged it in, and turned it on. Blue lights blinked happily for a few seconds. I turned to my laptop browser and typed in mycloud.com/setup, choose the device, and I was in. After setting the admin password I looked at how it was configured. 1.94 free TB. Raid 1 by default. Perfect. First settings I changed were to turn off Apple Time Machine and to turn on ssh access.
I verified I could connect via ssh using the sshd account and password I provided. Once connected I noticed there is no bash. Only Busybox ash. No vim either just busybox vi, which is a bit limited. Both are workable but these are things I enjoyed on the mybooklive.
I went back to the GUI, set the time zone, and checked for firmware update. There was one. I ran it then I turned off auto update. For now at least because I want things to stay stable while I play with the command line. I did notice that a media server app does not come pre-installed, which is great, because I intended to continue to use my raspberry pi for that.
Disks are shown as WDC WD20EFAX-68B2RN1 - 2TB 3.5in SMR drives. Disappointing. CMR drives would have been better but maybe it does not really matter for my use case.
Since I was battling a cold (covid negative thank you Lord) I went to bed very early.
Update 9/16/21
I plan to do most of my administration using ssh command line rather that the GUI. With the single drive mybooklive I rarely used the GUI. I can’t even recall the last time I did.
The first issue to fix is login as sshd uses the transitory /home/root as home. Anything put there goes away on reboot. I would like to a use ssh keys to login in rather than typing passwords but reboot would wipe them out. I also want a persistant .profile to set prompt, paths, and aliases.
My solution was to write a very simple script I called root-setup. It’s purpose is allow a persistant root directory. I created a directory “/mnt/HD/HD_a2/EJJ_Local” and made a root level softlink “/ejj” to point to it. Then I created /ejj/root and /ejj/sbin directories. Now I could put a script in /ejj/sbin to setup root’s home as /ejj/root.
Obviously my /ejj softlink will go away on reboot so the first thing my setup script needs to do is re-create it:
#!/bin/sh
# /ejj/sbin/root-setup
# Create root level link to ejj stuff
[ -d /ejj ] || ln -s /mnt/HD/HD_a2/EJJ_Local /ejj
The [ -d /ejj ] check is so I can run the script multiple times without creating a bunch of sub-links.
/etc/passed sets root’s home to /home/root and that is where logins will find root’s .profile and .ssh credentials. However I want to use my new persistant /ejj/root directory as root’s home. Since root’s .profile and .ssh directory will be in /ejj/root I can copy them to /home/root with two lines in root-setup:
# Copy root .profile and .ssh directory to /home/root
cp /ejj/root/.profile /home/root/
cp -a /ejj/root/.ssh /home/root/
In /ejj/root/.ssh (and /home/root) I added an authorized_keys file. Now after running my script I can login as sshd without a password. Next I adjusted root’s .profile to change root’s home to my persistant root directory:
# /ejj/root/.profile
export PS1="mc0# "
export HOME=/ejj/root
cd $HOME
...
Now any edits to ~/.profile or to ~/.ssh are in /ejj/root and will get copied to /home/root when I run root-setup. All I need do is remember to run the script anytime I make significant changes and to have it run automatically on reboots.
I elected to install the Transmission app and run my setup script from /mnt/HD/HD_a2/Nas_Prog/Transmission/start.sh:
# hook to setup EJJ environment
/mnt/HD/HD_a2/EJJ_Local/sbin/root-setup
Rebooted to test that it worked.
Next time I will post how I added an ordinary user and installed a more complete and newer busybox.
Update 10/03/21
Last update I promised I would post how I added an ordinary user. Logging in as root to check things on my EX2 Ultra was a bit too scary for me. Too easy to break things when you are root.
I previously created a directory for my stuff on /mnt/HD/HD_a2/EJJ_local and had a root level softlink pointing to it. I decided to change this directory name to EJJ_files because that seemed to make better sense now that I was going to use it for more than just a root home.
I created a new user using the admin web GUI and and set the user password. I used the GUI so the user entries in /etc/passwd and /etc/shadow would be persistant across reboots. An issue with that was GUI set the user’s home directory to /usr/share/ftp but I wanted it to be a user directory in my EJJ_files. Solution to that was to issue a usermod command to modify the user’s home. I also needed to append an entry to /etc/ssh/sshd_config to specifically allow the user login: (My actual user name is not really user). So in my setup I added the two lines:
usermod -d /mnt/HD/HD_a2/EJJ_files/user user
echo "AllowUsers user" >> /etc/ssh/sshd_config
I was careful about modifying sshd_config because if it got clobbered I might not be able to login even with the sshd account. I made a backup of sshd_config just in case and tested my setup script carefully before I logged off.
I then created the user home …/EJJ_files/user and set it’s ownership to user.share. Note: I could have used the /shares/user directory that was created by the GUI for user home.
mkdir /mnt/HD/HD_a2/EJJ_files/user
chown user.share /mnt/HD/HD_a2/EJJ_files/user
This worked okay for logins with password but failed for ssh keys. The problem is that the /mnt directory has full write privs for any user (with sticky bit). SSH thinks that anybody can modify authorized_keys anywhere in the /mnt/… path by simply renaming a directory and therefore refuses to use them. That meant I had to keep my authorized_keys file in a more secure directory and replace it at reboot. My solution was to change my /ejj softlink to a directory to contain the authorized_keys files file and links to directories on EJJ_files:
$ ls -l /ejj
lrwxrwxrwx 1 root root 9 Sep 25 14:07 bin -> files/bin
drwxr-xr-x 3 root root 1024 Sep 19 12:33 etc
lrwxrwxrwx 1 root root 12 Sep 3 07:43 files -> /mnt/HD/HD_a2/EJJ_Files/
lrwxrwxrwx 1 root root 10 Sep 25 14:07 root -> files/root
lrwxrwxrwx 1 root root 10 Sep 25 14:07 sbin -> files/sbin
lrwxrwxrwx 1 root root 10 Sep 25 14:07 share -> files/share
lrwxrwxrwx 1 root root 10 Sep 25 14:07 user -> files/user
/ejj/etc is the only real directory and it contains the authorized_keys fles:
$ find /ejj/etc
/ejj/etc
/ejj/etc/ssh
/ejj/etc/ssh/user
/ejj/etc/ssh/user/authorized_keys
Additionally I appended another line to /etc/ssh/sshd_config to tell ssh where to find the authorized_keys files: (in setup)
echo "AuthorizedKeysFile /ejj/etc/ssh/%u/authorized_keys" >> /etc/ssh/sshd_config
I keep a mirror copy of /ejj in /ejj/share so I can restore it in my setup script:
EJJ_FILES=/mnt/HD/HD_a4/EJJ_files
cp -a $EJJ_FILES/share/ejj /ejj
I copied a busybox built on a raspberry to /ejj/bin and made softlinks for the bits I wanted.
That’s it.
