[yocto] problem adding a user

Wed May 15 13:30:19 PDT 2019

Instead of

useradd -p `openssl passwd test` sakura

which attempts to add the user and set the password which fails if the 
user already exists, use

usermod -p `openssl passwd test` sakura

which sets the user's password.

:rjs

On 5/15/19 1:18 PM, Greg Wilson-Lindberg wrote:
>
> Ok, I had been using the useradd class in a couple of other recipes to 
> allow me to copy files to the sakura user directory and another 
> location, but owned by sakura. That seems to have been what was 
> causing the problem.
>
>
> I had been using the extrausers class in my top level image recipe.
>
>
> So now how do I get all of this to work together? Do I need to put 
> everything that touches the sakura user in the same recipe? It seems 
> that I need to use only one of the useradd or extrausers classes?
>
>
> Greg
>
> ------------------------------------------------------------------------
> *From:* Rudolf J Streif <rudolf.streif at ibeeto.com>
> *Sent:* Wednesday, May 15, 2019 12:31 PM
> *To:* Greg Wilson-Lindberg; Yocto list discussion
> *Subject:* Re: [yocto] problem adding a user
>
> The ! for the password in /etc/shadow indicates that the account is 
> disabled:
>
> sakura:!:18031:0:99999:7:::
>
>
> Either there is something wrong with the password generation or it 
> gets disabled by something else. Maybe it's worth trying with a plain 
> image without Boot2Qt or anything else.
>
>
> :rjs
>
>
>
> On 5/15/19 11:46 AM, Greg Wilson-Lindberg wrote:
>>
>> Hi Rudolf,
>>
>> 1st, yes I inherit extrausers. Attached are the passwd & shadow files.
>>
>>
>> It shouldn't make any difference, but I'm building this for an RPi3 
>> using the Qt Boot2Qt version of the Yocto environment, distro 2.5.3.
>>
>>
>> Greg
>>
>> ------------------------------------------------------------------------
>> *From:* Rudolf J Streif <rudolf.streif at ibeeto.com>
>> *Sent:* Wednesday, May 15, 2019 11:26 AM
>> *To:* Greg Wilson-Lindberg; Yocto list discussion
>> *Subject:* Re: [yocto] problem adding a user
>>
>> Hi Greg,
>>
>>
>> > I've also tried both the back-quote and the single-quote, no 
>> difference.
>>
>>
>> Help me to understand this. the back-quotes are the right ones. If 
>> you use the single ones your password in the /etc/shadow ends up 
>> being 'openssl passwd test' (without the quotes), unless the build 
>> fails because of a parsing error (I have not tried it). Silly 
>> question, you did inherit extrausers class?
>>
>>
>> Can you post your /etc/passwd and /etc/shadow
>>
>>
>> I am surprised that this does not work with your setup. I have been 
>> doing this a gazillion times always with success.
>>
>>
>> :rjs
>>
>>
>>
>>
>> On 5/15/19 11:03 AM, Greg Wilson-Lindberg wrote:
>>>
>>> Hi Rudolf,
>>>
>>> Thanks for the reply, and the information on how openssl works.
>>>
>>>
>>> I'm trying to create a user with the same group name so the code 
>>> that I'm using reduces to:
>>>
>>> EXTRA_USERS_PARAMS = "\
>>>      useradd -p `openssl passwd test` sakura; \
>>>      usermod -a -G sudo ${SAKURA_USER}; \
>>>      "
>>> I also, as you can see, removed the macros to eliminate as much 
>>> confusion as possible.
>>>
>>>
>>> I still can't login in using the password 'test'.
>>>
>>>
>>> I've also tried both the back-quote and the single-quote, no difference.
>>>
>>> Regards,
>>>
>>>
>>> Greg
>>>
>>> ------------------------------------------------------------------------
>>> *From:* Rudolf J Streif <rudolf.streif at ibeeto.com>
>>> *Sent:* Wednesday, May 15, 2019 10:07:47 AM
>>> *To:* Greg Wilson-Lindberg; Yocto list discussion
>>> *Subject:* Re: [yocto] problem adding a user
>>> Hi Greg,
>>>
>>> Well, I suppose I wrote the book you are referring to...
>>>
>>>
>>> Using
>>>
>>> useradd -p PASSWORD USER
>>>
>>> takes the password hash for PASSWORD hence the use of openssl in:
>>>
>>> useadd -p `openssl passwd PASSWORD` USER
>>>
>>> openssl password creates the password hash using the original crypt 
>>> hash
>>> algorithm if no other options are specified. e.g.
>>>
>>> $ openssl passwd hello
>>> 6hEsTksgRkeiI
>>>
>>> With this the first two characters of the output is the salt and the
>>> rest is the password hash. If you want openssl to create the same 
>>> result
>>> again:
>>>
>>> $ openssl passwd -salt "6h" hello
>>> 6hEsTksgRkeiI
>>>
>>> You can use newer algorithms like MD5 based BSD password algorithm 1:
>>>
>>> $ openssl passwd -1 hello
>>> $1$4Mu8Fcs.$eIKgPP7RCYrb3lFZjhADA1
>>>
>>> $1 : password algorithm 1
>>> $4Mu8Fcs. : salt
>>> $eIKgPP7RCYrb3lFZjhADA1 : password hash
>>>
>>>
>>> If you log into the system you have to use the clear password. The
>>> system reads the salt, creates the password hash and compares the 
>>> results.
>>>
>>>
>>> :rjs
>>>
>>>
>>> On 5/14/19 5:34 PM, Greg Wilson-Lindberg wrote:
>>> > I'm trying to use the example in "Embedded Linux Systems with the 
>>> Yocto Project" to add a user to my Yocto build. In the book the 
>>> sample code:
>>> >
>>> >     useradd -p `openssl passwd ${DEV_PASSWORD}` developer; \
>>> >
>>> > uses openssl to generate the encrypted password string to pass to 
>>> useradd. I have never been able to get this to work. When I run the 
>>> openssl
>>> > command on the cmd line I get a different value every time, this 
>>> seems wrong, How can the password code compare against it if every 
>>> encode
>>> > produces a different value?
>>> >
>>> > I am getting the user added to the system, the home directory 
>>> shows up and the user is in the passwd and group files. I just can't 
>>> login to the
>>> > account.
>>> >
>>> > I've obviously got something confused, any help would be appreciated.
>>> >
>>> > Greg Wilson-Lindberg
>>> >
>>>
>>> -- 
>>> -----
>>> Rudolf J Streif
>>> CEO/CTO ibeeto
>>> +1.855.442.3396 x700
>>>
>> -- 
>> -----
>> Rudolf J Streif
>> CEO/CTO ibeeto
>> +1.855.442.3396 x700
> -- 
> -----
> Rudolf J Streif
> CEO/CTO ibeeto
> +1.855.442.3396 x700

-- 
-----
Rudolf J Streif
CEO/CTO ibeeto
+1.855.442.3396 x700

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.yoctoproject.org/pipermail/yocto/attachments/20190515/44e91cf6/attachment-0001.html>