How to Add an User and Re Set the Root User in Yocto

How to add an user and re set the root user in yocto?

I took your example and made two small changes to get it to work.

First, I removed inherit extrauser, this isn't necessary when working with useradd. That made bitbaking the recipe fail; the username was invalid. I changed the username to custom, and everything builds fine.

When inspecting the resulting myuser_1.0-r0.0_armv5e.ipk, I can see that there are a preinstall script in myuser_1.0-r0.0_armv5e.ipk/control.tar.gz/preinst that will create your user.

How to add users at build time via Yocto?

Your question seems to consists of two parts:

1. How to add a user

   The useradd part in your example is doing this already; look into the /etc/passwd file and you will find the user1

2. How to set the password

   You have to specify the password with the -p option and ensure that a login shell (and e.g. not /bin/false) has been given:

USERADD_PARAM_${PN} = "-s /bin/bash -p '$1$HzRkQcjT$/jV0VB4GJd1b3DTXfCYNo.' user1" 

But in most cases you do not need step 2 because there are usually only service users but no ordinary users on embedded systems.

How can I add a user to login as a user and not as a root Yocto project sama5d27 board

You have to use one of the useradd classes. The documentation is there:
https://www.yoctoproject.org/docs/current/ref-manual/ref-manual.html#ref-classes-useradd

The meta-skeleton/recipes-skeleton/useradd/useradd-example.bb recipe show you how to do that dynamically.

You can also provide the uids and gids statically by using USERADDEXTENSION = "useradd-staticids" in local.conf or, preferably in your distro and then having files/passwd and files/group anywhere in your BBPATH.

How to set root password on Yocto / Poky image?

Here is what you have to do in your recipe.

inherit extrausers
EXTRA_USERS_PARAMS = "usermod -P p@ssw0rd root;"

where p@ssw0rd is the password you want root user to have.

This link may help you.

As "debug-tweaks"'s goal is to set root's password empty, you must remove it from your EXTRA_IMAGE_FEATURES.

How to add Sudouser in Yocto

Thank you Robert. I found the solution from Toradex engineer.

If someone has a problem like me, try the following.

1. Change root password.

Add the following in local.conf. I didn't use my recipe.

EXTRA_IMAGE_FEATURES=""
INHERIT += "extrausers"
EXTRA_USERS_PARAMS = " usermod -P password root; "

If someone can't use ssh, please refer to here

2. Add new user who has root permission.

EXTRA_IMAGE_FEATURES=""
INHERIT += "extrausers"
EXTRA_USERS_PARAMS = " usermod -P password1 root; \
            useradd -ou 0 -g 0 newuser; \ 
            usermod -P password2 newuser; "

Maybe your user account can't use some command like "ifconfig" because your user account doesn't have the path "/sbin". Go to your Yocto code and find the correct file and add /sbin for your user accout.

r@p:~/oe-core/layers$ grep -r /etc/profile .
./meta-toradex-demos/recipes-core/base-files/base-files/profile:# /etc/profile: system-wide .profile file for the Bourne shell (sh(1))
./meta-toradex-demos/recipes-core/base-files/base-files/profile:if [ -d /etc/profile.d ]; then
./meta-toradex-demos/recipes-core/base-files/base-files/profile:  for i in /etc/profile.d/* ; do

if [ "$HOME" = "/home/root" ]; then
   PATH=$PATH:/usr/local/sbin:/usr/sbin:/sbin
fi

if [ "$HOME" = "/home/newuser" ]; then
   PATH=$PATH:/usr/local/sbin:/usr/sbin:/sbin
fi

Yocto Warrior Cannot Set Password for root or other users

usermod with -p (minus p) needs a hash generated from openssl passwd command so you need to set Yocto variable as following:

EXTRA_USERS_PARAMS = "usermod -p $(openssl passwd <some_password>) root;"

If you want to append something to bitbake variable, you need to use _append or += operators, ie:

EXTRA_USERS_PARAMS_append = " useradd testing;"
EXTRA_USERS_PARAMS_append = " useradd mts;"
...

How to configure yocto so that no one should be able to login as root in yocto image

Add these lines to your image recipe.

inherit extrausers

EXTRA_USERS_PARAMS = "usermod -L -e 1 root; "

This locks the password and expires the account. Make sure you don't have debug-tweaks or empty-root-password in your IMAGE_FEATURES.

$ man usermod
   ...
   -e, --expiredate EXPIRE_DATE
       The date on which the user account will be disabled. The date is
       specified in the format YYYY-MM-DD.

       An empty EXPIRE_DATE argument will disable the expiration of the
       account.

       This option requires a /etc/shadow file. A /etc/shadow entry will
       be created if there were none.
   ...
   -L, --lock
       Lock a user's password. This puts a '!' in front of the encrypted
       password, effectively disabling the password. You can't use this
       option with -p or -U.

       Note: if you wish to lock the account (not only access with a
       password), you should also set the EXPIRE_DATE to 1.

Checked:

• Login with ssh is not possible, even though PermitRootLogin yes is set in /etc/ssh/sshd_config
• $ su - root is not possible, even though the login shell in /etc/passwd still points to /bin/bash instead of /sbin/nologin
• Login to ftp server via root is not possible

Not Checked:

• I did not check what happens if we add systemd.unit=rescue.target or systemd.unit=emergency.target to the kernel commandline.
• ... ?

---

Related Topics