How to add an user and re set the root user in yocto?
I took your example and made two small changes to get it to work.
First, I removed inherit extrauser
, this isn't necessary when working with useradd. That made bitbaking the recipe fail; the username was invalid. I changed the username to custom
, and everything builds fine.
When inspecting the resulting myuser_1.0-r0.0_armv5e.ipk
, I can see that there are a preinstall script in myuser_1.0-r0.0_armv5e.ipk/control.tar.gz/preinst
that will create your user.
How to add users at build time via Yocto?
Your question seems to consists of two parts:
How to add a user
The
useradd
part in your example is doing this already; look into the/etc/passwd
file and you will find theuser1
How to set the password
You have to specify the password with the
-p
option and ensure that a login shell (and e.g. not/bin/false
) has been given:
USERADD_PARAM_${PN} = "-s /bin/bash -p '$1$HzRkQcjT$/jV0VB4GJd1b3DTXfCYNo.' user1"
But in most cases you do not need step 2 because there are usually only service users but no ordinary users on embedded systems.
How can I add a user to login as a user and not as a root Yocto project sama5d27 board
You have to use one of the useradd classes. The documentation is there:
https://www.yoctoproject.org/docs/current/ref-manual/ref-manual.html#ref-classes-useradd
The meta-skeleton/recipes-skeleton/useradd/useradd-example.bb
recipe show you how to do that dynamically.
You can also provide the uids and gids statically by using USERADDEXTENSION = "useradd-staticids"
in local.conf or, preferably in your distro and then having files/passwd
and files/group
anywhere in your BBPATH
.
How to set root password on Yocto / Poky image?
Here is what you have to do in your recipe.
inherit extrausers
EXTRA_USERS_PARAMS = "usermod -P p@ssw0rd root;"
where p@ssw0rd is the password you want root user to have.
This link may help you.
As "debug-tweaks"'s goal is to set root's password empty, you must remove it from your EXTRA_IMAGE_FEATURES.
How to add Sudouser in Yocto
Thank you Robert. I found the solution from Toradex engineer.
If someone has a problem like me, try the following.
- Change root password.
Add the following in local.conf. I didn't use my recipe.
EXTRA_IMAGE_FEATURES=""
INHERIT += "extrausers"
EXTRA_USERS_PARAMS = " usermod -P password root; "
If someone can't use ssh, please refer to here
- Add new user who has root permission.
EXTRA_IMAGE_FEATURES=""
INHERIT += "extrausers"
EXTRA_USERS_PARAMS = " usermod -P password1 root; \
useradd -ou 0 -g 0 newuser; \
usermod -P password2 newuser; "
Maybe your user account can't use some command like "ifconfig" because your user account doesn't have the path "/sbin". Go to your Yocto code and find the correct file and add /sbin for your user accout.
r@p:~/oe-core/layers$ grep -r /etc/profile .
./meta-toradex-demos/recipes-core/base-files/base-files/profile:# /etc/profile: system-wide .profile file for the Bourne shell (sh(1))
./meta-toradex-demos/recipes-core/base-files/base-files/profile:if [ -d /etc/profile.d ]; then
./meta-toradex-demos/recipes-core/base-files/base-files/profile: for i in /etc/profile.d/* ; do
if [ "$HOME" = "/home/root" ]; then
PATH=$PATH:/usr/local/sbin:/usr/sbin:/sbin
fi
if [ "$HOME" = "/home/newuser" ]; then
PATH=$PATH:/usr/local/sbin:/usr/sbin:/sbin
fi
Yocto Warrior Cannot Set Password for root or other users
usermod
with -p
(minus p) needs a hash generated from openssl passwd
command so you need to set Yocto variable as following:
EXTRA_USERS_PARAMS = "usermod -p $(openssl passwd <some_password>) root;"
If you want to append something to bitbake variable, you need to use _append
or +=
operators, ie:
EXTRA_USERS_PARAMS_append = " useradd testing;"
EXTRA_USERS_PARAMS_append = " useradd mts;"
...
How to configure yocto so that no one should be able to login as root in yocto image
Add these lines to your image recipe.
inherit extrausers
EXTRA_USERS_PARAMS = "usermod -L -e 1 root; "
This locks the password and expires the account. Make sure you don't have debug-tweaks
or empty-root-password
in your IMAGE_FEATURES.
$ man usermod
...
-e, --expiredate EXPIRE_DATE
The date on which the user account will be disabled. The date is
specified in the format YYYY-MM-DD.
An empty EXPIRE_DATE argument will disable the expiration of the
account.
This option requires a /etc/shadow file. A /etc/shadow entry will
be created if there were none.
...
-L, --lock
Lock a user's password. This puts a '!' in front of the encrypted
password, effectively disabling the password. You can't use this
option with -p or -U.
Note: if you wish to lock the account (not only access with a
password), you should also set the EXPIRE_DATE to 1.
Checked:
- Login with ssh is not possible, even though
PermitRootLogin yes
is set in/etc/ssh/sshd_config
$ su - root
is not possible, even though the login shell in/etc/passwd
still points to/bin/bash
instead of/sbin/nologin
- Login to ftp server via root is not possible
Not Checked:
- I did not check what happens if we add
systemd.unit=rescue.target
orsystemd.unit=emergency.target
to the kernel commandline. - ... ?
Related Topics
Running Multiple Compass-Sass Watch Operations Automatically
Bluetooth Low Energy:Android Gatt-Client Connect to Linux Gatt Server
Why Does If [ !$(Grep -Q) ] Not Work When If Grep -Q Does
Remove a Specific Line from a File Without Using Sed or Awk
Comma Separated Values to Single Inverted Quote and Comma Separated Values
What Really Is the "Linger Time" That Can Be Set with So_Linger on Sockets
Simulating a Spinner for Progress in Bash
Grep Fails Inside Bash Script But Works on Command Line
Provide Password Using Shell Script
Difference Between Kernel, Kernel-Thread and User-Thread
"Cannot Write to Log File Pg_Upgrade_Internal.Log" When Upgrading from Postgresql 9.1 to 9.3
Docker Oci Runtime Create Failed: Container_Linux.Go:349: Starting Container Process Caused
What's the Purpose of the Ud2 Opcode in the Linux Kernel
Add Suffix to Each Line with Shell Script
Dbus_Bus_Request_Name (): Connections Are Not Allowed to Own the Service
What's the Difference Between 'Push' and 'Pushq' in At&T Assembly