How do I add a user and group using Yocto? - yocto

I'm getting an error when I try to create a user and add them to a group:
inherit extrausers
EXTRA_USERS_PARAMS = " groupadd radio; \
useradd -g radio -p '' elton;"
I've also tried variations using usermod with similar results. The error log states:
NOTE: Executing set_user_group ...
DEBUG: Executing shell function set_user_group
NOTE: petalinux-user-image: Performing usermod with [-R /home/kenny/Desktop/radio/build/tmp/work/plnx_zynq7-xilinx-linux-gnueabi/petalinux-user-image/1.0-r0/rootfs -P root]
Usage: usermod [options] LOGIN
Options:
-c, --comment COMMENT new value of the GECOS field
-d, --home HOME_DIR new home directory for the user account
-e, --expiredate EXPIRE_DATE set account expiration date to EXPIRE_DATE
-f, --inactive INACTIVE set password inactive after expiration
to INACTIVE
-g, --gid GROUP force use GROUP as new primary group
-G, --groups GROUPS new list of supplementary GROUPS
-a, --append append the user to the supplemental GROUPS
mentioned by the -G option without removing
the user from other groups
-h, --help display this help message and exit
-l, --login NEW_LOGIN new value of the login name
-L, --lock lock the user account
-m, --move-home move contents of the home directory to the
new location (use only with -d)
-o, --non-unique allow using duplicate (non-unique) UID
-p, --password PASSWORD use encrypted password for the new password
-P, --clear-password PASSWORD use clear password for the new password
-R, --root CHROOT_DIR directory to chroot into
-A, --prefix PREFIX_DIR prefix directory where are located the /etc/* files
-s, --shell SHELL new login shell for the user account
-u, --uid UID new UID for the user account
-U, --unlock unlock the user account
-v, --add-subuids FIRST-LAST add range of subordinate uids
-V, --del-subuids FIRST-LAST remove range of subordinate uids
-w, --add-subgids FIRST-LAST add range of subordinate gids
-W, --del-subgids FIRST-LAST remove range of subordinate gids
ERROR: petalinux-user-image: usermod command did not succeed.
I'm using Petalinux 2019.1 which is using Yocto/Thud.

Related

Yocto Warrior Cannot Set Password for root or other users

I am using the meta-tegra warrior branch layer to build an sd card image for the Nvidia Jetson Nano. The image completes and the board boots, but I cannot log in if I try to set any kind of password in Yocto. I've tried creating users other than root and setting their passwords, but the same problem occurs where I cannot log in.
If I leave "debug-tweaks" enabled, and do not attempt to modify the root password at all, I can successfully log in without a password.
I am using warrior branch for OE and haven't modified other layers. How can I set a password for root?
Here are my local.conf password related lines:
# Password Stuff
INHERIT += "extrausers"
#EXTRA_IMAGE_FEATURES = "debug-tweaks"
EXTRA_USERS_PARAMS = "usermod -P mypassword123 root; "
EXTRA_USERS_PARAMS = " useradd testing; \
useradd mts; \
usermod -p 'testing12345' testing; \
usermod -p 'comp12345' comp; \
usermod with -p (minus p) needs a hash generated from openssl passwd command so you need to set Yocto variable as following:
EXTRA_USERS_PARAMS = "usermod -p $(openssl passwd <some_password>) root;"
If you want to append something to bitbake variable, you need to use _append or += operators, ie:
EXTRA_USERS_PARAMS_append = " useradd testing;"
EXTRA_USERS_PARAMS_append = " useradd mts;"
...

Yocto Jethro: how do I add user to sudoers list

I added a new user as follows
inherit extrausers
EXTRA_USERS_PARAMS = "useradd -P p#ssW0rd user1;"
I am trying to find how to add users to sudoers list. Is there a class like extrausers
Update-1:
In class classes/extrausers.bbclass I see usermod supported. Will the following work?
inherit extrausers
EXTRA_USERS_PARAMS = "useradd -P p#ssW0rd user1;\
usermod -aG sudo user1"
Update-2:
I tried adding IMAGE_INSTALL_append += " sudo " and
inherit extrausers
EXTRA_USERS_PARAMS = "useradd -P foobar -G sudo user1;"
But that does not help me in achieving the effect of adding user1 to sudoers list. I see following error when I do sudo -v
Sorry, user user1 may not run sudo on <machine-name>.
Update-3:
I found that the sudoers file has the sudo group commented as follows:
# %sudo ALL=(ALL) ALL
Hence the reason even adding user1 to group sudo didn't help
Rather than adding user1 to group sudo I adopted approach of adding a drop-in file under /etc/sudoers.d/0001_user1 using recipes-extended/sudo/sudo_1.8.14p3.bbappend
do_install_append () {
echo "user1 ALL=(ALL) ALL" > ${D}${sysconfdir}/sudoers.d/001_first
}
Now I need help in understanding which of following is a better approach in terms of security?
uncomment sudo line in /etc/sudoers and adding user1 to /etc/sudoers
adding user1 in /etc/sudoers.d/001_first
So there are two approaches to add an user with sudo capability
Add user to sudo group and enable sudo group in /etc/sudoers
Create a file under ${D}${sysconfdir}/sudoers.d/ and add the sudo rule for user there.
Now which approach is suitable for your distro is well answered in /etc/sudoers vs /etc/sudoers.d/ file for enabling sudo for a user

Yocto/Poky sudo not working

In my poky build, I've added a password for root, and also I've added a user "myuser". In addition I've added sudo to the list of IMAGE_INSTALL_append.
When logging as "myuser" and tried to "sudo chmod" a file using the root password, it doesn't work "Sorry try again"...
I can log in normally as root with my password,
Anyone has seen this, is sudo working for poky?
As sudo can be executed an you've got a Sorry try again.. error message I think you either got your password wrong (make sure you use the users password, not roots) or you haven't configured sudo correctly.
For a description on how to use /etc/sudoers take a look at its manpage: https://linux.die.net/man/5/sudoers
No way. There is no su package in Yocto/OE.
Does your image build ? You should have had something like Missing or unbuildable dependency chain error, unless you've created a recipe providing su package.
To add user with sudo capability, below is an example of what you should have in your image's recipe.
Create the user with a suitable password
Add the user to sudo group
Give sudo capabilities to sudo members
I suppose you have an image recipe, or even a bbappend on an existing one.
IMAGE_INSTALL_append = " sudo"
inherit extrausers
PASSWORD = "mypassword"
USER = "myuser"
EXTRA_USERS_PARAMS = "\
useradd -p `openssl passwd ${PASSWORD}` ${USER}; \
usermod -a -G sudo ${USER}; \
"
# Here we give sudo access to sudo members
update_sudoers(){
sed -i 's/# %sudo/%sudo/' ${IMAGE_ROOTFS}/etc/sudoers
}
ROOTFS_POSTPROCESS_COMMAND += "update_sudoers;"
Problem fixed removing "sudo" from IMAGE_INSTALL_append, and just using "su" instead

sudo -l for a different as root

Hi all am trying list all the sudo command a user has access to as a root , obviously we can see that in sudoers file but if there are a lot of user/command aliases it becomes difficult
i am trying to do sudo -l for a different user as root
i have tried using -u option
sudo -u testuser -l
throws command usage message
sudo -u testuser sudo -l
prompts for testuser's password (i dont want password prompt as i am doing as root)
su - testuser -c 'sudo -l'
gives me below error
sudo: no tty present and no askpass program specified
please let me know how to go about this
As per man sudo:
-U user, --other-user=user
Used in conjunction with the -l option to list the privileges
for user instead of for the invoking user. The security pol-
icy may restrict listing other users' privileges. The
sudoers policy only allows root or a user with the ALL privi-
lege on the current host to use this option.
you're using -u, which is something completely different:
-u user, --user=user
Run the command as a user other than the default target user
(usually root ). The user may be either a user name or a
numeric user ID (UID) prefixed with the '#' character etc...

What is the role of -s flag in creating user

I am trying to a create a user in postgres, I did the following.
sudo -u postgres createuser mystore
But I found out that I should use -s flag while creating the user, So my question is what is role of -s flag while creating user.
And I tried to remove the user by the following steps
sudo -u postgres psql
drop user mystore
Then tried to create the store with the -s flag, it says
role "mystore" already exists.
How to handle this
createuser -s will give the new user superuser privileges. As with most command-line tools in Linux, you can get a description of each flag by running createuser --help.
The problem in psql appears to be a missing semicolon after your drop command. psql supports multi-line statements, so hitting Enter will simply add a new line; it won't submit the command to the server until it sees a semicolon terminator.