In one recipe i can see the following but it is not creating any extra user or group, that i confirmed while inspecting rpm file.
inherit extrausers
EXTRA_USERS_PARAMS = "\
useradd -p '' example; \
groupadd example; \
"
So I added the following in the recipe which created a user and group for me.
inherit useradd
USERADD_PACKAGES = "${PN}"
GROUPADD_PARAM_${PN} = "--system example"
USERADD_PARAM_${PN} = "--system -M -d /var/lib/example -s /bin/false -g example example"
What is the exact difference between useradd and extrausers in yocto. Why extrausers cannot able to create user and group.
extrausers add user/group at image level and cannot be tied to a specific recipe, and that's the role of useradd class, it can be used on a recipe.
Read the note here:
Note
The user and group operations added using the extrausers class are not
tied to a specific recipe outside of the recipe for the image. Thus,
the operations can be performed across the image as a whole. Use the
useradd class to add user and group configuration to a specific
recipe.
And here is the note for useradd:
The useradd* classes support the addition of users or groups for usage
by the package on the target. For example, if you have packages that
contain system services that should be run under their own user or
group, you can use these classes to enable creation of the user or
group.
Related
I am trying to set the root user password in a custom recipe for yocto Dunfell.
Recipe looks like this: I have also tried EXTRA_USERS_PARAMS_append as shown in some other stackOverflow posts and it also did not work.
SUMMARY = "Test"
LICENSE = "CLOSED"
# Remove debugging tweaks
IMAGE_FEATURES_remove += " \
debug-tweaks \
"
# Add root password, and add the 'test' user
inherit extrausers
EXTRA_USERS_PARAMS = " \
usermod -P testpasswd root; \
useradd -p '' test \
"
FILES_${PN} = " /test/temp \
"
do_install () {
install -d ${D}/test/tmp
}
If I build this with my recipe, I can login as root with no password and when I check /etc/shadow the test user is not created.
I have verified that my desired directory /test/temp is created.
You should also remove allow-empty-password and empty-root-password features from IMAGE_FEATURES if they maybe available. enter link description here
and You didn't use semicolons at end of useradd -p '' test . This can cause error.
And you should be sure that debug-tweaks is not added at other strong files like local.conf
I am using the meta-tegra warrior branch layer to build an sd card image for the Nvidia Jetson Nano. The image completes and the board boots, but I cannot log in if I try to set any kind of password in Yocto. I've tried creating users other than root and setting their passwords, but the same problem occurs where I cannot log in.
If I leave "debug-tweaks" enabled, and do not attempt to modify the root password at all, I can successfully log in without a password.
I am using warrior branch for OE and haven't modified other layers. How can I set a password for root?
Here are my local.conf password related lines:
# Password Stuff
INHERIT += "extrausers"
#EXTRA_IMAGE_FEATURES = "debug-tweaks"
EXTRA_USERS_PARAMS = "usermod -P mypassword123 root; "
EXTRA_USERS_PARAMS = " useradd testing; \
useradd mts; \
usermod -p 'testing12345' testing; \
usermod -p 'comp12345' comp; \
usermod with -p (minus p) needs a hash generated from openssl passwd command so you need to set Yocto variable as following:
EXTRA_USERS_PARAMS = "usermod -p $(openssl passwd <some_password>) root;"
If you want to append something to bitbake variable, you need to use _append or += operators, ie:
EXTRA_USERS_PARAMS_append = " useradd testing;"
EXTRA_USERS_PARAMS_append = " useradd mts;"
...
I have created a custom group e.g "grp1" in my application recipe say "app.bb".
GROUPADD_PARAM_${PN} = "grp1"
I am trying to add my custom user e.g: "user1" to this group "grp1" in "space.bb".
USERADD_PARAM_${PN} = "-d ${localstatedir}/lib/space/ -s /bin/false -G grp1 -U user1"
The useradd command failed: "useradd: group 'grp1' does not exist".
I have also tried adding DEPENDS_${PN} = "app" in space.bb, but it doesn't help.
How can I add my custom user to my custom group in bitbake recipe?
another possible cause of this error, if some recipe is using
inherit extrauser
instead of
inherit useradd
and adding the same group grp1 with the help of
EXTRA_USERS_PARAMS = "\
useradd -p '' grp1; \
groupadd grp1; \
"
instead of classical
GROUPADD_PARAM_libAPP = "grp1"
USERADD_PARAM_libAPP = "--no-create-home --home /var/tmp --shell /bin/nologin --gid grp1 grp1"
will cause a group grp1 duplication and failure of the useradd command
For the YoctoProject (v2.0, Jethro) the ownership of files inside the image defaults to user and group root unless I do explicitly change them by chown and chgrp in the do_install step for the given recipe.
I have a few recipes for which all files should be owned by another group and user than root. Is there a (cleaner/smarter) way to achieve this without calling chown and chgrp in do_install?
BSP vendors do usually provide example recipes to solve basic tasks.
Usually folder is called "recipes-skeleton"
User/Group add recipe sample path for freescale BSP:
~/yocto/fsl-community-bsp/sources/poky/meta-skeleton/recipes-skeleton/useradd/useradd-example.bb
Same can be found on github:
https://github.com/dirtybit/gumstix-yocto/blob/master/meta-skeleton/recipes-skeleton/useradd/useradd-example.bb
For changing root user info look up EXTRA_USERS_PARAMS flag. Need to inherit "extrausers" class first. Documentation on class is at:
http://www.yoctoproject.org/docs/current/mega-manual/mega-manual.html#ref-classes-extrausers
You can easily add user adding the following to your recipe.
inherit extrausers
EXTRA_USERS_PARAMS = " useradd user1; \
useradd user2; \
useradd user3; \
usermod -p 'user1_psw' user1; \
usermod -p 'user2_psw' user2; \
usermod -p 'user3_psw' user3;\
usermod -a -G sudo user1; \
usermod -a -G sudo user2; \
usermod -a -G sudo user3; "
I added a new user as follows
inherit extrausers
EXTRA_USERS_PARAMS = "useradd -P p#ssW0rd user1;"
I am trying to find how to add users to sudoers list. Is there a class like extrausers
Update-1:
In class classes/extrausers.bbclass I see usermod supported. Will the following work?
inherit extrausers
EXTRA_USERS_PARAMS = "useradd -P p#ssW0rd user1;\
usermod -aG sudo user1"
Update-2:
I tried adding IMAGE_INSTALL_append += " sudo " and
inherit extrausers
EXTRA_USERS_PARAMS = "useradd -P foobar -G sudo user1;"
But that does not help me in achieving the effect of adding user1 to sudoers list. I see following error when I do sudo -v
Sorry, user user1 may not run sudo on <machine-name>.
Update-3:
I found that the sudoers file has the sudo group commented as follows:
# %sudo ALL=(ALL) ALL
Hence the reason even adding user1 to group sudo didn't help
Rather than adding user1 to group sudo I adopted approach of adding a drop-in file under /etc/sudoers.d/0001_user1 using recipes-extended/sudo/sudo_1.8.14p3.bbappend
do_install_append () {
echo "user1 ALL=(ALL) ALL" > ${D}${sysconfdir}/sudoers.d/001_first
}
Now I need help in understanding which of following is a better approach in terms of security?
uncomment sudo line in /etc/sudoers and adding user1 to /etc/sudoers
adding user1 in /etc/sudoers.d/001_first
So there are two approaches to add an user with sudo capability
Add user to sudo group and enable sudo group in /etc/sudoers
Create a file under ${D}${sysconfdir}/sudoers.d/ and add the sudo rule for user there.
Now which approach is suitable for your distro is well answered in /etc/sudoers vs /etc/sudoers.d/ file for enabling sudo for a user