[yocto] problem adding a user
Leon Woestenberg
leon at sidebranch.com
Thu May 23 14:44:04 PDT 2019
Hello Rudolf, Greg,
On Thu, 23 May 2019 at 22:43, Rudolf Streif <rudolf.streif at ibeeto.com>
wrote:
>
> It eluded me earlier but in both instances the variable containing the
> password does not seem to be expanded.
>
Could it be the spaces around the = equal sign must be removed?
https://unix.stackexchange.com/questions/258727/spaces-in-variable-assignments-in-shell-scripts
Regards, Leon
> First version without the single quotes:
>
> SAKURA_PASS = "$1$QVO3K6Ii$fvkoDKnlzz3d5uVoL7KcM0"
>
> EXTRA_USERS_PARAMS = "\
> usermod -p ${SAKURA_PASS} ${SAKURA_USER}; \
> usermod -a -G sudo,dialout ${SAKURA_USER}; \
> "
> results in:
>
> NOTE: scribe: Performing usermod with [-R /home/gwilson/Qt/Qt-5.12.3/Yocto-build-RPi3/build-raspberrypi3/tmp/work/raspberrypi3-poky-linux-gnueabi/scribe/1.0-r0/rootfs -p sakura]
>
> and with the quotes:
>
> SAKURA_PASS = "$1$QVO3K6Ii$fvkoDKnlzz3d5uVoL7KcM0"
>
> EXTRA_USERS_PARAMS = "\
> usermod -p '${SAKURA_PASS}' ${SAKURA_USER}; \
> usermod -a -G sudo,dialout ${SAKURA_USER}; \
> "
> results in:
> NOTE: scribe: Performing usermod with [-R /home/gwilson/Qt/Qt-5.12.3/Yocto-build-RPi3/build-raspberrypi3/tmp/work/raspberrypi3-poky-linux-gnueabi/scribe/1.0-r0/rootfs -p '' sakura]
>
> It looks as if the variable SAKURA_PASS is not set at all. I looked at your scribe.bb recipe you attached earlier but I could not find any reason why the variable is not set. Is there a chance that it is overridden somewhere elase?
>
> :rjs
>
>
> On Wed, May 22, 2019 at 1:28 PM Greg Wilson-Lindberg <GWilson at sakuraus.com>
> wrote:
>
>> Rudolf,
>>
>> Here is the first half of the file, the whole file is over the 500k
>> limit of free pastebin:
>>
>> https://pastebin.com/UcnKebce
>>
>>
>> And here is the 2nd half of the file:
>>
>> https://pastebin.com/9117tdUU
>>
>>
>> Greg
>> ------------------------------
>> *From:* Rudolf Streif <rudolf.streif at ibeeto.com>
>> *Sent:* Wednesday, May 22, 2019 12:42:40 PM
>> *To:* Greg Wilson-Lindberg
>> *Cc:* Yocto list discussion
>> *Subject:* Re: [yocto] problem adding a user
>>
>> Greg,
>> Can you share the logfile via Pastebin?
>> :rjs
>>
>> On Tue, May 21, 2019 at 11:09 AM Greg Wilson-Lindberg <
>> GWilson at sakuraus.com> wrote:
>>
>>> Rudolf,
>>>
>>> Something else is happening to me. I changed to this in the image recipe:
>>>
>>> SAKURA_USER = "sakura"
>>>
>>> SAKURA_PASSWD = "Distracted"
>>> SAKURA_PASS = "$1$QVO3K6Ii$fvkoDKnlzz3d5uVoL7KcM0"
>>>
>>> EXTRA_USERS_PARAMS = "\
>>> usermod -p '${SAKURA_PASS}' ${SAKURA_USER}; \
>>> usermod -a -G sudo,dialout ${SAKURA_USER}; \
>>> "
>>>
>>> deleting all of the commented out lines, and I get this in the log file:
>>>
>>>
>>> ..../scribe/1.0-r0/rootfs -p '' sakura]
>>>
>>>
>>> nothing between the single quotes. It's acting like SAKURA_PASS is not
>>> defined.
>>>
>>> This is only happening when I'm trying the MD5 password.
>>>
>>>
>>> Greg
>>> ------------------------------
>>> *From:* Rudolf Streif <rudolf.streif at ibeeto.com>
>>> *Sent:* Tuesday, May 21, 2019 5:37:23 AM
>>> *To:* Greg Wilson-Lindberg
>>> *Cc:* Yocto list discussion
>>> *Subject:* Re: [yocto] problem adding a user
>>>
>>> Greg,
>>>
>>> usermod does not work for the MD5 algorithm with the explicit password
>>> hash as it contains the $ field delimiters which are interpreted by the
>>> shell executing the usermod command. Use single quotes around the password
>>> hash:
>>>
>>> usermod -p '${SAKURA_PASS}' ${SAKURA_USER};
>>>
>>> :rjs
>>>
>>> On Mon, May 20, 2019, 11:55 Greg Wilson-Lindberg <GWilson at sakuraus.com>
>>> wrote:
>>>
>>>> Hi Rudolf,
>>>>
>>>> I've had more time to work with this and I'm still having problems getting
>>>> everything to work properly. I've attached the image recipe recipe that I'm
>>>> using so I don't leave any thing out that may be relevant.
>>>>
>>>> When I build with a password that is no more more than 8 characters long
>>>> and no non-alphabetic characters:
>>>>
>>>> SAKURA_PASSWD = "Distract"
>>>> SAKURA_PASS = "WRsDFfg1BsrDM"
>>>>
>>>> everything works correctly.
>>>>
>>>> I first tried that using the `openssl ...` form, and then I tried the
>>>> -1, MD5 BSD form and had problems, so I changed to doing the openssl
>>>> on the command line and making sure that I don't have any characters
>>>> that display as '.' or '/'. Again, if I don't do more than 8 characters
>>>> and no special characters everything works.
>>>>
>>>> When I changed to using 'Ds$tr at ct' it stopped working. The build finishes
>>>> and the log file shows the usermod being exectued correctly:
>>>>
>>>> NOTE: scribe: Performing usermod with [-R /home/gwilson/Qt/Qt-5.12.3/Yocto-build-RPi3/build-raspberrypi3/tmp/work/raspberrypi3-poky-linux-gnueabi/scribe/1.0-r0/rootfs -p kyNsrvS0elMWU sakura]
>>>> NOTE: scribe: Performing usermod with [-R /home/gwilson/Qt/Qt-5.12.3/Yocto-build-RPi3/build-raspberrypi3/tmp/work/raspberrypi3-poky-linux-gnueabi/scribe/1.0-r0/rootfs -a -G sudo,dialout sakura]
>>>>
>>>> But when I try to sign in it doesn't work.
>>>>
>>>> I then tried the 10 character password 'Distracted', the build fails:
>>>>
>>>> NOTE: scribe: Performing usermod with [-R /home/gwilson/Qt/Qt-5.12.3/Yocto-build-RPi3/build-raspberrypi3/tmp/work/raspberrypi3-poky-linux-gnueabi/scribe/1.0-r0/rootfs -p sakura]
>>>> Usage: usermod [options] LOGIN
>>>>
>>>> Options:
>>>> -c, --comment COMMENT new value of the GECOS field
>>>> -d, --home HOME_DIR new home directory for the user account
>>>> -e, --expiredate EXPIRE_DATE set account expiration date to EXPIRE_DATE
>>>> -f, --inactive INACTIVE set password inactive after expiration
>>>> to INACTIVE
>>>> -g, --gid GROUP force use GROUP as new primary group
>>>> -G, --groups GROUPS new list of supplementary GROUPS
>>>> -a, --append append the user to the supplemental GROUPS
>>>> mentioned by the -G option without removing
>>>> him/her from other groups
>>>> -h, --help display this help message and exit
>>>> -l, --login NEW_LOGIN new value of the login name
>>>> -L, --lock lock the user account
>>>> -m, --move-home move contents of the home directory to the
>>>> new location (use only with -d)
>>>> -o, --non-unique allow using duplicate (non-unique) UID
>>>> -p, --password PASSWORD use encrypted password for the new password
>>>> -P, --clear-password PASSWORD use clear password for the new password
>>>> -R, --root CHROOT_DIR directory to chroot into
>>>> -s, --shell SHELL new login shell for the user account
>>>> -u, --uid UID new UID for the user account
>>>> -U, --unlock unlock the user account
>>>> -v, --add-subuids FIRST-LAST add range of subordinate uids
>>>> -V, --del-subuids FIRST-LAST remove range of subordinate uids
>>>> -w, --add-subgids FIRST-LAST add range of subordinate gids
>>>> -W, --del-subgids FIRST-LAST remove range of subordinate gids
>>>>
>>>> ERROR: scribe: usermod command did not succeed.
>>>>
>>>> So, even though I'm putting in the openssl output:
>>>> openssl passwd -1 "Distracted"
>>>> $1$QVO3K6Ii$fvkoDKnlzz3d5uVoL7KcM0
>>>>
>>>> that I get back from what should be a valid run of openssl, I don't see anything
>>>> from the password on the usermod command line:
>>>> "...linux-gnueabi/scribe/1.0-r0/rootfs -p sakura]"
>>>>
>>>> I don't understand why the short passwords and passing along the proper hash works,
>>>> but not the longer password.
>>>>
>>>> It also doesn't make sense that I can't put in the '$' & '@' characters and
>>>> have them work.
>>>>
>>>> Any suggestions would be greatly appreciated.
>>>>
>>>> Greg
>>>>
>>>> ------------------------------
>>>> *From:* Rudolf Streif <rudolf.streif at ibeeto.com>
>>>> *Sent:* Wednesday, May 15, 2019 4:58:26 PM
>>>> *To:* Greg Wilson-Lindberg
>>>> *Cc:* Yocto list discussion
>>>> *Subject:* Re: [yocto] problem adding a user
>>>>
>>>> Glad to hear that it works now. I am planning on attending the YP
>>>> DevDay.
>>>>
>>>> :rjs
>>>>
>>>> On Wed, May 15, 2019, 13:53 Greg Wilson-Lindberg <GWilson at sakuraus.com>
>>>> wrote:
>>>>
>>>>> Thank you very much, that got me back on the right path.
>>>>>
>>>>> Maybe I'll see you at the Yocto day at the Embedded Linux Conference.
>>>>>
>>>>> Regards,
>>>>>
>>>>> [image: cid:image001.png at 01D35D7D.179A7510]
>>>>>
>>>>> *Greg Wilson-Lindberg *
>>>>>
>>>>> *Principal Firmware Engineer | Sakura Finetek USA, Inc. *
>>>>>
>>>>>
>>>>>
>>>>> 1750 W 214
>>>>> <https://maps.google.com/?q=1750+W+214&entry=gmail&source=g>th Street
>>>>> | Torrance, CA 90501 | U.S.A.
>>>>>
>>>>> T: +1 310 783 5075
>>>>>
>>>>> F: +1 310 618 6902 | E: gwilson at sakuraus.com
>>>>>
>>>>> www.sakuraus.com
>>>>>
>>>>>
>>>>>
>>>>> [image: cid:image002.png at 01D35D7D.179A7510]
>>>>>
>>>>> [image: cid:image003.png at 01D35D7D.179A7510]
>>>>> ------------------------------
>>>>>
>>>>> Confidentiality Notice: This e-mail transmission may contain
>>>>> confidential or legally privileged information that is intended only for
>>>>> the individual or entity named in the e-mail address. If you are not the
>>>>> intended recipient, you are hereby notified that any disclosure, copying,
>>>>> distribution, or reliance upon the contents of this e-mail is strictly
>>>>> prohibited. If you have received this e-mail transmission in error, please
>>>>> reply to the sender, so that Sakura Finetek USA, Inc. can arrange for
>>>>> proper delivery, and then please delete the message from your inbox. Thank
>>>>> you.
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>> *From:* Rudolf J Streif [mailto:rudolf.streif at ibeeto.com]
>>>>> *Sent:* Wednesday, May 15, 2019 01:30 PM
>>>>> *To:* Greg Wilson-Lindberg <GWilson at sakuraus.com>; Yocto list
>>>>> discussion <yocto at yoctoproject.org>
>>>>> *Subject:* Re: [yocto] problem adding a user
>>>>>
>>>>>
>>>>>
>>>>> Instead of
>>>>>
>>>>>
>>>>>
>>>>> useradd -p `openssl passwd test` sakura
>>>>>
>>>>>
>>>>>
>>>>> which attempts to add the user and set the password which fails if the
>>>>> user already exists, use
>>>>>
>>>>>
>>>>>
>>>>> usermod -p `openssl passwd test` sakura
>>>>>
>>>>>
>>>>>
>>>>> which sets the user's password.
>>>>>
>>>>>
>>>>>
>>>>> :rjs
>>>>>
>>>>>
>>>>>
>>>>> On 5/15/19 1:18 PM, Greg Wilson-Lindberg wrote:
>>>>>
>>>>> Ok, I had been using the useradd class in a couple of other recipes to
>>>>> allow me to copy files to the sakura user directory and another location,
>>>>> but owned by sakura. That seems to have been what was causing the problem.
>>>>>
>>>>>
>>>>>
>>>>> I had been using the extrausers class in my top level image recipe.
>>>>>
>>>>>
>>>>> So now how do I get all of this to work together? Do I need to put
>>>>> everything that touches the sakura user in the same recipe? It seems that I
>>>>> need to use only one of the useradd or extrausers classes?
>>>>>
>>>>>
>>>>>
>>>>> Greg
>>>>> ------------------------------
>>>>>
>>>>> *From:* Rudolf J Streif <rudolf.streif at ibeeto.com>
>>>>> <rudolf.streif at ibeeto.com>
>>>>> *Sent:* Wednesday, May 15, 2019 12:31 PM
>>>>> *To:* Greg Wilson-Lindberg; Yocto list discussion
>>>>> *Subject:* Re: [yocto] problem adding a user
>>>>>
>>>>>
>>>>>
>>>>> The ! for the password in /etc/shadow indicates that the account is
>>>>> disabled:
>>>>>
>>>>> sakura:!:18031:0:99999:7:::
>>>>>
>>>>>
>>>>>
>>>>> Either there is something wrong with the password generation or it
>>>>> gets disabled by something else. Maybe it's worth trying with a plain image
>>>>> without Boot2Qt or anything else.
>>>>>
>>>>>
>>>>>
>>>>> :rjs
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>> On 5/15/19 11:46 AM, Greg Wilson-Lindberg wrote:
>>>>>
>>>>> Hi Rudolf,
>>>>>
>>>>> 1st, yes I inherit extrausers. Attached are the passwd & shadow files.
>>>>>
>>>>>
>>>>>
>>>>> It shouldn't make any difference, but I'm building this for an RPi3
>>>>> using the Qt Boot2Qt version of the Yocto environment, distro 2.5.3.
>>>>>
>>>>>
>>>>>
>>>>> Greg
>>>>> ------------------------------
>>>>>
>>>>> *From:* Rudolf J Streif <rudolf.streif at ibeeto.com>
>>>>> <rudolf.streif at ibeeto.com>
>>>>> *Sent:* Wednesday, May 15, 2019 11:26 AM
>>>>> *To:* Greg Wilson-Lindberg; Yocto list discussion
>>>>> *Subject:* Re: [yocto] problem adding a user
>>>>>
>>>>>
>>>>>
>>>>> Hi Greg,
>>>>>
>>>>>
>>>>>
>>>>> > I've also tried both the back-quote and the single-quote, no
>>>>> difference.
>>>>>
>>>>>
>>>>>
>>>>> Help me to understand this. the back-quotes are the right ones. If you
>>>>> use the single ones your password in the /etc/shadow ends up being 'openssl
>>>>> passwd test' (without the quotes), unless the build fails because of a
>>>>> parsing error (I have not tried it). Silly question, you did inherit
>>>>> extrausers class?
>>>>>
>>>>>
>>>>>
>>>>> Can you post your /etc/passwd and /etc/shadow
>>>>>
>>>>>
>>>>>
>>>>> I am surprised that this does not work with your setup. I have been
>>>>> doing this a gazillion times always with success.
>>>>>
>>>>>
>>>>>
>>>>> :rjs
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>> On 5/15/19 11:03 AM, Greg Wilson-Lindberg wrote:
>>>>>
>>>>> Hi Rudolf,
>>>>>
>>>>> Thanks for the reply, and the information on how openssl works.
>>>>>
>>>>>
>>>>>
>>>>> I'm trying to create a user with the same group name so the code that
>>>>> I'm using reduces to:
>>>>>
>>>>> EXTRA_USERS_PARAMS = "\
>>>>>
>>>>> useradd -p `openssl passwd test` sakura; \
>>>>>
>>>>> usermod -a -G sudo ${SAKURA_USER}; \
>>>>>
>>>>> "
>>>>>
>>>>> I also, as you can see, removed the macros to eliminate as much
>>>>> confusion as possible.
>>>>>
>>>>>
>>>>>
>>>>> I still can't login in using the password 'test'.
>>>>>
>>>>>
>>>>>
>>>>> I've also tried both the back-quote and the single-quote, no
>>>>> difference.
>>>>>
>>>>> Regards,
>>>>>
>>>>>
>>>>>
>>>>> Greg
>>>>> ------------------------------
>>>>>
>>>>> *From:* Rudolf J Streif <rudolf.streif at ibeeto.com>
>>>>> <rudolf.streif at ibeeto.com>
>>>>> *Sent:* Wednesday, May 15, 2019 10:07:47 AM
>>>>> *To:* Greg Wilson-Lindberg; Yocto list discussion
>>>>> *Subject:* Re: [yocto] problem adding a user
>>>>>
>>>>>
>>>>>
>>>>> Hi Greg,
>>>>>
>>>>> Well, I suppose I wrote the book you are referring to...
>>>>>
>>>>>
>>>>> Using
>>>>>
>>>>> useradd -p PASSWORD USER
>>>>>
>>>>> takes the password hash for PASSWORD hence the use of openssl in:
>>>>>
>>>>> useadd -p `openssl passwd PASSWORD` USER
>>>>>
>>>>> openssl password creates the password hash using the original crypt
>>>>> hash
>>>>> algorithm if no other options are specified. e.g.
>>>>>
>>>>> $ openssl passwd hello
>>>>> 6hEsTksgRkeiI
>>>>>
>>>>> With this the first two characters of the output is the salt and the
>>>>> rest is the password hash. If you want openssl to create the same
>>>>> result
>>>>> again:
>>>>>
>>>>> $ openssl passwd -salt "6h" hello
>>>>> 6hEsTksgRkeiI
>>>>>
>>>>> You can use newer algorithms like MD5 based BSD password algorithm 1:
>>>>>
>>>>> $ openssl passwd -1 hello
>>>>> $1$4Mu8Fcs.$eIKgPP7RCYrb3lFZjhADA1
>>>>>
>>>>> $1 : password algorithm 1
>>>>> $4Mu8Fcs. : salt
>>>>> $eIKgPP7RCYrb3lFZjhADA1 : password hash
>>>>>
>>>>>
>>>>> If you log into the system you have to use the clear password. The
>>>>> system reads the salt, creates the password hash and compares the
>>>>> results.
>>>>>
>>>>>
>>>>> :rjs
>>>>>
>>>>>
>>>>> On 5/14/19 5:34 PM, Greg Wilson-Lindberg wrote:
>>>>> > I'm trying to use the example in "Embedded Linux Systems with the
>>>>> Yocto Project" to add a user to my Yocto build. In the book the sample code:
>>>>> >
>>>>> > useradd -p `openssl passwd ${DEV_PASSWORD}` developer; \
>>>>> >
>>>>> > uses openssl to generate the encrypted password string to pass to
>>>>> useradd. I have never been able to get this to work. When I run the openssl
>>>>> > command on the cmd line I get a different value every time, this
>>>>> seems wrong, How can the password code compare against it if every encode
>>>>> > produces a different value?
>>>>> >
>>>>> > I am getting the user added to the system, the home directory shows
>>>>> up and the user is in the passwd and group files. I just can't login to the
>>>>> > account.
>>>>> >
>>>>> > I've obviously got something confused, any help would be appreciated.
>>>>> >
>>>>> > Greg Wilson-Lindberg
>>>>> >
>>>>>
>>>>> --
>>>>> -----
>>>>> Rudolf J Streif
>>>>> CEO/CTO ibeeto
>>>>> +1.855.442.3396 x700
>>>>>
>>>>> --
>>>>>
>>>>> -----
>>>>>
>>>>> Rudolf J Streif
>>>>>
>>>>> CEO/CTO ibeeto
>>>>>
>>>>> +1.855.442.3396 x700
>>>>>
>>>>> --
>>>>>
>>>>> -----
>>>>>
>>>>> Rudolf J Streif
>>>>>
>>>>> CEO/CTO ibeeto
>>>>>
>>>>> +1.855.442.3396 x700
>>>>>
>>>>> --
>>>>>
>>>>> -----
>>>>>
>>>>> Rudolf J Streif
>>>>>
>>>>> CEO/CTO ibeeto
>>>>>
>>>>> +1.855.442.3396 x700
>>>>>
>>>>>
>>
>> --
>> Rudolf J Streif
>> CEO/CTO
>> ibeeto, Streif Enterprises Inc.
>>
>
>
> --
> Rudolf J Streif
> CEO/CTO
> ibeeto, Streif Enterprises Inc.
> --
> _______________________________________________
> yocto mailing list
> yocto at yoctoproject.org
> https://lists.yoctoproject.org/listinfo/yocto
>
--
Leon Woestenberg
leon at sidebranch.com
T: +31 40 711 42 76
M: +31 6 472 30 372
Sidebranch
Embedded Systems
Eindhoven, The Netherlands
http://www.sidebranch.com
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.yoctoproject.org/pipermail/yocto/attachments/20190523/10a5d9d2/attachment-0001.html>
More information about the yocto
mailing list