I am using the meta-tegra warrior branch layer to build an sd card image for the Nvidia Jetson Nano. The image completes and the board boots, but I cannot log in if I try to set any kind of password in Yocto. I've tried creating users other than root and setting their passwords, but the same problem occurs where I cannot log in.
If I leave "debug-tweaks" enabled, and do not attempt to modify the root password at all, I can successfully log in without a password.
I am using warrior branch for OE and haven't modified other layers. How can I set a password for root?
Here are my local.conf password related lines:
# Password Stuff
INHERIT += "extrausers"
#EXTRA_IMAGE_FEATURES = "debug-tweaks"
EXTRA_USERS_PARAMS = "usermod -P mypassword123 root; "
EXTRA_USERS_PARAMS = " useradd testing; \
useradd mts; \
usermod -p 'testing12345' testing; \
usermod -p 'comp12345' comp; \
usermod with -p (minus p) needs a hash generated from openssl passwd command so you need to set Yocto variable as following:
EXTRA_USERS_PARAMS = "usermod -p $(openssl passwd <some_password>) root;"
If you want to append something to bitbake variable, you need to use _append or += operators, ie:
EXTRA_USERS_PARAMS_append = " useradd testing;"
EXTRA_USERS_PARAMS_append = " useradd mts;"
...
Related
I am trying to set the root user password in a custom recipe for yocto Dunfell.
Recipe looks like this: I have also tried EXTRA_USERS_PARAMS_append as shown in some other stackOverflow posts and it also did not work.
SUMMARY = "Test"
LICENSE = "CLOSED"
# Remove debugging tweaks
IMAGE_FEATURES_remove += " \
debug-tweaks \
"
# Add root password, and add the 'test' user
inherit extrausers
EXTRA_USERS_PARAMS = " \
usermod -P testpasswd root; \
useradd -p '' test \
"
FILES_${PN} = " /test/temp \
"
do_install () {
install -d ${D}/test/tmp
}
If I build this with my recipe, I can login as root with no password and when I check /etc/shadow the test user is not created.
I have verified that my desired directory /test/temp is created.
You should also remove allow-empty-password and empty-root-password features from IMAGE_FEATURES if they maybe available. enter link description here
and You didn't use semicolons at end of useradd -p '' test . This can cause error.
And you should be sure that debug-tweaks is not added at other strong files like local.conf
I have a recipe to add a user called foo:
inherit useradd
USERADD_PACKAGES = "${PN}"
USERADD_PARAM_${PN} = "-P foo -u 1000 -d /home/foo -r -s /bin/bash foo;"
LICENSE = "CLOSED"
do_install () {
install -d ${D}/data/docker
install -d ${D}/home/foo
chown -R foo ${D}/home/foo
chown -R foo ${D}/data/docker
}
FILES_${PN} = " \
/home/foo \
/data \
"
For an obscure reason, data/docker is owned by foo but not /home/foo. Any idea why?
Actually, you don't need to install /home/foo(nor chown) since that task should be already accomplished by useradd, thus you can remove those commands. However, you might want to modify your recipe as follows:
do_install () {
install -d -m 755 ${D}${datadir}/foo
install -d -m 755 ${D}/data/docker
chown -R foo ${D}${datadir}/foo
chown -R foo ${D}/data/docker
}
FILES_${PN} = "${datadir}/foo/* /data/docker/*"
So the reason was that another recipe was creating a subfolder in the home directory first and was owned by root by default.
When the recipe to add the user was baked, the home folder was already created with root permissions.
My solution was to add the creation of this folder in the recipe adding the user instead.
Thanks #danior for the corrections
For the YoctoProject (v2.0, Jethro) the ownership of files inside the image defaults to user and group root unless I do explicitly change them by chown and chgrp in the do_install step for the given recipe.
I have a few recipes for which all files should be owned by another group and user than root. Is there a (cleaner/smarter) way to achieve this without calling chown and chgrp in do_install?
BSP vendors do usually provide example recipes to solve basic tasks.
Usually folder is called "recipes-skeleton"
User/Group add recipe sample path for freescale BSP:
~/yocto/fsl-community-bsp/sources/poky/meta-skeleton/recipes-skeleton/useradd/useradd-example.bb
Same can be found on github:
https://github.com/dirtybit/gumstix-yocto/blob/master/meta-skeleton/recipes-skeleton/useradd/useradd-example.bb
For changing root user info look up EXTRA_USERS_PARAMS flag. Need to inherit "extrausers" class first. Documentation on class is at:
http://www.yoctoproject.org/docs/current/mega-manual/mega-manual.html#ref-classes-extrausers
You can easily add user adding the following to your recipe.
inherit extrausers
EXTRA_USERS_PARAMS = " useradd user1; \
useradd user2; \
useradd user3; \
usermod -p 'user1_psw' user1; \
usermod -p 'user2_psw' user2; \
usermod -p 'user3_psw' user3;\
usermod -a -G sudo user1; \
usermod -a -G sudo user2; \
usermod -a -G sudo user3; "
I added a new user as follows
inherit extrausers
EXTRA_USERS_PARAMS = "useradd -P p#ssW0rd user1;"
I am trying to find how to add users to sudoers list. Is there a class like extrausers
Update-1:
In class classes/extrausers.bbclass I see usermod supported. Will the following work?
inherit extrausers
EXTRA_USERS_PARAMS = "useradd -P p#ssW0rd user1;\
usermod -aG sudo user1"
Update-2:
I tried adding IMAGE_INSTALL_append += " sudo " and
inherit extrausers
EXTRA_USERS_PARAMS = "useradd -P foobar -G sudo user1;"
But that does not help me in achieving the effect of adding user1 to sudoers list. I see following error when I do sudo -v
Sorry, user user1 may not run sudo on <machine-name>.
Update-3:
I found that the sudoers file has the sudo group commented as follows:
# %sudo ALL=(ALL) ALL
Hence the reason even adding user1 to group sudo didn't help
Rather than adding user1 to group sudo I adopted approach of adding a drop-in file under /etc/sudoers.d/0001_user1 using recipes-extended/sudo/sudo_1.8.14p3.bbappend
do_install_append () {
echo "user1 ALL=(ALL) ALL" > ${D}${sysconfdir}/sudoers.d/001_first
}
Now I need help in understanding which of following is a better approach in terms of security?
uncomment sudo line in /etc/sudoers and adding user1 to /etc/sudoers
adding user1 in /etc/sudoers.d/001_first
So there are two approaches to add an user with sudo capability
Add user to sudo group and enable sudo group in /etc/sudoers
Create a file under ${D}${sysconfdir}/sudoers.d/ and add the sudo rule for user there.
Now which approach is suitable for your distro is well answered in /etc/sudoers vs /etc/sudoers.d/ file for enabling sudo for a user
In my poky build, I've added a password for root, and also I've added a user "myuser". In addition I've added sudo to the list of IMAGE_INSTALL_append.
When logging as "myuser" and tried to "sudo chmod" a file using the root password, it doesn't work "Sorry try again"...
I can log in normally as root with my password,
Anyone has seen this, is sudo working for poky?
As sudo can be executed an you've got a Sorry try again.. error message I think you either got your password wrong (make sure you use the users password, not roots) or you haven't configured sudo correctly.
For a description on how to use /etc/sudoers take a look at its manpage: https://linux.die.net/man/5/sudoers
No way. There is no su package in Yocto/OE.
Does your image build ? You should have had something like Missing or unbuildable dependency chain error, unless you've created a recipe providing su package.
To add user with sudo capability, below is an example of what you should have in your image's recipe.
Create the user with a suitable password
Add the user to sudo group
Give sudo capabilities to sudo members
I suppose you have an image recipe, or even a bbappend on an existing one.
IMAGE_INSTALL_append = " sudo"
inherit extrausers
PASSWORD = "mypassword"
USER = "myuser"
EXTRA_USERS_PARAMS = "\
useradd -p `openssl passwd ${PASSWORD}` ${USER}; \
usermod -a -G sudo ${USER}; \
"
# Here we give sudo access to sudo members
update_sudoers(){
sed -i 's/# %sudo/%sudo/' ${IMAGE_ROOTFS}/etc/sudoers
}
ROOTFS_POSTPROCESS_COMMAND += "update_sudoers;"
Problem fixed removing "sudo" from IMAGE_INSTALL_append, and just using "su" instead